473,225 Members | 1,277 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,225 software developers and data experts.

Exception manegement application block can't write to Windows server 2003

Hi,
I have an ASP.Net application written with VS.Net 2002 (Net FWK 1.0). This
Web Application uses Exception Management Application Block to log Events to
Windows Event Log. We registered the Exception Management Application Block
using installutil.
Our Application uses impersonation and used to work fine on Windows 2000
Server.

Now we installed it on a Windows Server 2003 and when an exception is
raised, we get an "Access is denied" error when the application tries to log
the Exception to Event Log.

At the bottom you'll find the Stack Trace.

Any idea will be welcome

LucasC
Win32Exception (0x80004005): Access is denied]

[InvalidOperationException: Cannot open log for source {0}. You may not have
write access.]
System.Diagnostics.EventLog.OpenForWrite() +366
System.Diagnostics.EventLog.WriteEvent(Int32 eventID, Int16 category,
EventLogEntryType type, String[] strings, Byte[] rawData) +280
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
type, Int32 eventID, Int16 category, Byte[] rawData) +463
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +68
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category) +21
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID) +15
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type) +11

Microsoft.ApplicationBlocks.ExceptionManagement.De faultPublisher.WriteToLog(
String entry, EventLogEntryType type) +33

Microsoft.ApplicationBlocks.ExceptionManagement.De faultPublisher.Publish(Exc
eption exception, NameValueCollection additionalInfo, NameValueCollection
configSettings) +1758

Microsoft.ApplicationBlocks.ExceptionManagement.Ex ceptionManager.PublishInte
rnalException(Exception exception, NameValueCollection additionalInfo) +76

Microsoft.ApplicationBlocks.ExceptionManagement.Ex ceptionManager.Publish(Exc
eption exception, NameValueCollection additionalInfo) +1934

Nov 18 '05 #1
7 3892
Hi Lucas,

Based on the error message, this issue is a permission issue.

Firstly please check which account is used to run the ASP.NET application.
Is it the Network_Service account? Please check the w3wp.exe process in the
task manager.

Then please grant the account "Full Control" permission to the event log
folder and test this issue again.

I hope it helps.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #2
The w3wp.exe is running with Network_Service account. We set "Full Control"
to the event Log Folder (windows\ system32\config IS OK?) to Network_Service
and to my own user (because we are using Impersonation and Integrated
Security).
We get the same error.
Can it be caused because our Web Application was developed with Net FWK 1.0
and we are using Win 2003 (Net FWK 1.1)?
Can it be a new security policy of Win 2003? (remember it works fine on Win
2000)

Thanks

Lucas

"Jacob Yang [MSFT]" <ji***@online.microsoft.com> escribió en el mensaje
news:Y%****************@cpmsftngxa06.phx.gbl...
Hi Lucas,

Based on the error message, this issue is a permission issue.

Firstly please check which account is used to run the ASP.NET application.
Is it the Network_Service account? Please check the w3wp.exe process in the task manager.

Then please grant the account "Full Control" permission to the event log
folder and test this issue again.

I hope it helps.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #3
Hi Lucas,

Thank you for your update.

You are right that the security policy in Windows Server 2003 is very
different with Windows 2000. Based on my research and experience, please
try the following solutions.

1. Grant the NETWORK_SERVICE account and your user account read permissions
to the \VSWebCache folder. To do this, follow these steps:

1) In Windows Explorer, locate C:\Documents and Settings\<Username>.
2) Right-click the "VSWebCache" folder, and then click "Properties".
3) On the "Security" tab, click "Add".
4) In the "Select Users or Groups" box, type "<Servername>\NETWORK_SERVICE"
(without the quotation marks) in the "Select Users or Groups" box.
5) Click "OK".
6) Make sure that the "Read & Execute" check box is selected, and then
click "OK".

Do the same steps for your user account.

2. Please try to add the NETWORK_SERVICE account and your user account to
the administrators group.

3. If the above two solutions do not work, we need to use the Filemon and
Regmon to check what really caused the "Access is denied" error.

Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml

Regmon
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.

I hope it helps.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #4
Jacob,
1. I couldn't find VSWebCache folder. This is a VS.Net folder, isn't it? My
Win server 2003 is for testing purposes and doesn't has VS.
2. If I add myself to Administrators group of the win server 2003. Event Log
is written correctly. I can't use this solution in Production environments.
:-(

I tried adding myself to Power Users group but nothing happened. I tried
given Full Control to C:\WINDOWS\system32\config (where app log resides) to
Everyone user and my own user but nothing happens.

Summary:
The only way it works (write in event log) is when I was part of
Administrators group, but this is not a valid scenario. This help me to know
that this is just a security issue. As I said before, it works fine in Win
2000 so I suppose it must work fine here too.

Any other idea?

Thanks

LucasC

"Jacob Yang [MSFT]" <ji***@online.microsoft.com> escribió en el mensaje
news:9j**************@cpmsftngxa06.phx.gbl...
Hi Lucas,

Thank you for your update.

You are right that the security policy in Windows Server 2003 is very
different with Windows 2000. Based on my research and experience, please
try the following solutions.

1. Grant the NETWORK_SERVICE account and your user account read permissions to the \VSWebCache folder. To do this, follow these steps:

1) In Windows Explorer, locate C:\Documents and Settings\<Username>.
2) Right-click the "VSWebCache" folder, and then click "Properties".
3) On the "Security" tab, click "Add".
4) In the "Select Users or Groups" box, type "<Servername>\NETWORK_SERVICE" (without the quotation marks) in the "Select Users or Groups" box.
5) Click "OK".
6) Make sure that the "Read & Execute" check box is selected, and then
click "OK".

Do the same steps for your user account.

2. Please try to add the NETWORK_SERVICE account and your user account to
the administrators group.

3. If the above two solutions do not work, we need to use the Filemon and
Regmon to check what really caused the "Access is denied" error.

Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml

Regmon
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.

I hope it helps.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #5
In order to Add something, I found this article
(http://msdn.microsoft.com/library/de...-us/dnnetsec/h
tml/THCMCh19.asp)
If you go to the Event Log section it says:

"Least privileged accounts, such as ASPNET, have sufficient permissions to
be able to write records to the event log using existing event sources."

Thanks

LucasC

"Lucas" <ms**@rmya.com.ar> escribió en el mensaje
news:O0**************@TK2MSFTNGP10.phx.gbl...
Jacob,
1. I couldn't find VSWebCache folder. This is a VS.Net folder, isn't it? My Win server 2003 is for testing purposes and doesn't has VS.
2. If I add myself to Administrators group of the win server 2003. Event Log is written correctly. I can't use this solution in Production environments. :-(

I tried adding myself to Power Users group but nothing happened. I tried
given Full Control to C:\WINDOWS\system32\config (where app log resides) to Everyone user and my own user but nothing happens.

Summary:
The only way it works (write in event log) is when I was part of
Administrators group, but this is not a valid scenario. This help me to know that this is just a security issue. As I said before, it works fine in Win
2000 so I suppose it must work fine here too.

Any other idea?

Thanks

LucasC

"Jacob Yang [MSFT]" <ji***@online.microsoft.com> escribió en el mensaje
news:9j**************@cpmsftngxa06.phx.gbl...
Hi Lucas,

Thank you for your update.

You are right that the security policy in Windows Server 2003 is very
different with Windows 2000. Based on my research and experience, please
try the following solutions.

1. Grant the NETWORK_SERVICE account and your user account read

permissions
to the \VSWebCache folder. To do this, follow these steps:

1) In Windows Explorer, locate C:\Documents and Settings\<Username>.
2) Right-click the "VSWebCache" folder, and then click "Properties".
3) On the "Security" tab, click "Add".
4) In the "Select Users or Groups" box, type

"<Servername>\NETWORK_SERVICE"
(without the quotation marks) in the "Select Users or Groups" box.
5) Click "OK".
6) Make sure that the "Read & Execute" check box is selected, and then
click "OK".

Do the same steps for your user account.

2. Please try to add the NETWORK_SERVICE account and your user account to the administrators group.

3. If the above two solutions do not work, we need to use the Filemon and Regmon to check what really caused the "Access is denied" error.

Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml

Regmon
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.

I hope it helps.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.


Nov 18 '05 #6
Hi Lucas,

Thank you for your update.

You are right that the VSWebCache folder is a VS.Net folder.

As I have mentioned before, this issue is a permission issue. I am not sure
about what the exact permissions are needed for this issue so I suggest
using the administrator. Thank you for your understanding.

Since you cannot accept the administrator solution, we need to use the
Filemon and Regmon to check what really caused the "Access is denied"
error. Have you tried them?

Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml

Regmon
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.

I hope it helps.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Nov 18 '05 #7

Hi Lucas,

I am encountering the exact same scenario in my app: Impersonating a
user from a lower-privileged group does not writing to the Event Log.
Have you had any luck since your last post? I went ahead and tried the
FileMon and RegMon, but didn't see anything that indicated specifically
what was going wrong.

I know that there are numerous articles out there that address similar
situations and they seem to recommend wrapping the code that needs the
permissions with some combination of Assert/Demand. However, I keep
holding out for an easier solution before embarking on that path.
mattsmith321
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message118170.html

Nov 18 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: PCC | last post by:
I am using the Exception Managment Application Block on Windows Server 2003 Enterprise and .NET v1.1. If I use the block with an ASP.NET web wervice or in a web application I get the following...
5
by: Nick Flandry | last post by:
I'm running into an Invalid Cast Exception on an ASP.NET application that runs fine in my development environment (Win2K server running IIS 5) and a test environment (also Win2K server running IIS...
19
by: Diego F. | last post by:
I think I'll never come across that error. It happens when running code from a DLL that tries to write to disk. I added permissions in the project folder, the wwwroot and in IIS to NETWORK_SERVICE...
3
by: Rachel | last post by:
Hi, I am using the data access application block successfully in our development environment, however when I deploy to our testing server as Private Assemblies I keep getting the following ...
2
by: Stanav | last post by:
Hello all, I'm developing a web application using VB.Net 2003 and Framework 1.1. This application queries an AS/400 database. I'm using the IBM OleDb provider that came with IBM Client Access for...
9
by: Claudio Di Flumeri | last post by:
Hello all, I've added a global exception handler to my application in this way: Sub Main() AddHandler Application.ThreadException, AddressOf ThreadException AddHandler...
4
by: Rob Richardson | last post by:
Greetings! I am working on an application that targets a Pocket PC running Windows CE and SQL Server CE. Almost all functions in the application use a Try block with a Catch block that looks...
2
by: John Kotuby | last post by:
Hello all, Note: This is the full version of a Post that I inadvertently sent before it was complete. About a year ago I wrote a VB.NET 2003 solution that consists of a number of assemblies...
3
by: sriram347 | last post by:
Hi I am a newbie to ASP.NET. I developed a web page (project type is web application) and I keep getting this error. B]Error message : "System.AccessViolation Exception attempted to read or...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.