Hi,
I have an ASP.Net application written with VS.Net 2002 (Net FWK 1.0). This
Web Application uses Exception Management Application Block to log Events to
Windows Event Log. We registered the Exception Management Application Block
using installutil.
Our Application uses impersonation and used to work fine on Windows 2000
Server.
Now we installed it on a Windows Server 2003 and when an exception is
raised, we get an "Access is denied" error when the application tries to log
the Exception to Event Log.
At the bottom you'll find the Stack Trace.
Any idea will be welcome
LucasC
Win32Exception (0x80004005): Access is denied]
[InvalidOperationException: Cannot open log for source {0}. You may not have
write access.]
System.Diagnostics.EventLog.OpenForWrite() +366
System.Diagnostics.EventLog.WriteEvent(Int32 eventID, Int16 category,
EventLogEntryType type, String[] strings, Byte[] rawData) +280
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType
type, Int32 eventID, Int16 category, Byte[] rawData) +463
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +68
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category) +21
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID) +15
System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type) +11
Microsoft.ApplicationBlocks.ExceptionManagement.De faultPublisher.WriteToLog(
String entry, EventLogEntryType type) +33
Microsoft.ApplicationBlocks.ExceptionManagement.De faultPublisher.Publish(Exc
eption exception, NameValueCollection additionalInfo, NameValueCollection
configSettings) +1758
Microsoft.ApplicationBlocks.ExceptionManagement.Ex ceptionManager.PublishInte
rnalException(Exception exception, NameValueCollection additionalInfo) +76
Microsoft.ApplicationBlocks.ExceptionManagement.Ex ceptionManager.Publish(Exc
eption exception, NameValueCollection additionalInfo) +1934
7  3903 
Hi Lucas,
Based on the error message, this issue is a permission issue.
Firstly please check which account is used to run the ASP.NET application.
Is it the Network_Service account? Please check the w3wp.exe process in the
task manager.
Then please grant the account "Full Control" permission to the event log
folder and test this issue again.
I hope it helps.
Best regards,
Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
The w3wp.exe is running with Network_Service account. We set "Full Control"
to the event Log Folder (windows\ system32\config IS OK?) to Network_Service
and to my own user (because we are using Impersonation and Integrated
Security).
We get the same error.
Can it be caused because our Web Application was developed with Net FWK 1.0
and we are using Win 2003 (Net FWK 1.1)?
Can it be a new security policy of Win 2003? (remember it works fine on Win
2000)
Thanks
Lucas
"Jacob Yang [MSFT]" <ji***@online.microsoft.com> escribió en el mensaje
news:Y%****************@cpmsftngxa06.phx.gbl... Hi Lucas,
Based on the error message, this issue is a permission issue.
Firstly please check which account is used to run the ASP.NET application.
Is it the Network_Service account? Please check the w3wp.exe process in
the task manager.
Then please grant the account "Full Control" permission to the event log
folder and test this issue again.
I hope it helps.
Best regards,
Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Hi Lucas,
Thank you for your update.
You are right that the security policy in Windows Server 2003 is very
different with Windows 2000. Based on my research and experience, please
try the following solutions.
1. Grant the NETWORK_SERVICE account and your user account read permissions
to the \VSWebCache folder. To do this, follow these steps:
1) In Windows Explorer, locate C:\Documents and Settings\<Username>.
2) Right-click the "VSWebCache" folder, and then click "Properties".
3) On the "Security" tab, click "Add".
4) In the "Select Users or Groups" box, type "<Servername>\NETWORK_SERVICE"
(without the quotation marks) in the "Select Users or Groups" box.
5) Click "OK".
6) Make sure that the "Read & Execute" check box is selected, and then
click "OK".
Do the same steps for your user account.
2. Please try to add the NETWORK_SERVICE account and your user account to
the administrators group.
3. If the above two solutions do not work, we need to use the Filemon and
Regmon to check what really caused the "Access is denied" error.
Filemon http://www.sysinternals.com/ntw2k/source/filemon.shtml
Regmon http://www.sysinternals.com/ntw2k/source/regmon.shtml
Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.
I hope it helps.
Best regards,
Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Jacob,
1. I couldn't find VSWebCache folder. This is a VS.Net folder, isn't it? My
Win server 2003 is for testing purposes and doesn't has VS.
2. If I add myself to Administrators group of the win server 2003. Event Log
is written correctly. I can't use this solution in Production environments.
:-(
I tried adding myself to Power Users group but nothing happened. I tried
given Full Control to C:\WINDOWS\system32\config (where app log resides) to
Everyone user and my own user but nothing happens.
Summary:
The only way it works (write in event log) is when I was part of
Administrators group, but this is not a valid scenario. This help me to know
that this is just a security issue. As I said before, it works fine in Win
2000 so I suppose it must work fine here too.
Any other idea?
Thanks
LucasC
"Jacob Yang [MSFT]" <ji***@online.microsoft.com> escribió en el mensaje
news:9j**************@cpmsftngxa06.phx.gbl... Hi Lucas,
Thank you for your update.
You are right that the security policy in Windows Server 2003 is very
different with Windows 2000. Based on my research and experience, please
try the following solutions.
1. Grant the NETWORK_SERVICE account and your user account read
permissions to the \VSWebCache folder. To do this, follow these steps:
1) In Windows Explorer, locate C:\Documents and Settings\<Username>.
2) Right-click the "VSWebCache" folder, and then click "Properties".
3) On the "Security" tab, click "Add".
4) In the "Select Users or Groups" box, type
"<Servername>\NETWORK_SERVICE" (without the quotation marks) in the "Select Users or Groups" box.
5) Click "OK".
6) Make sure that the "Read & Execute" check box is selected, and then
click "OK".
Do the same steps for your user account.
2. Please try to add the NETWORK_SERVICE account and your user account to
the administrators group.
3. If the above two solutions do not work, we need to use the Filemon and
Regmon to check what really caused the "Access is denied" error.
Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml
Regmon
http://www.sysinternals.com/ntw2k/source/regmon.shtml
Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.
I hope it helps.
Best regards,
Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
In order to Add something, I found this article
( http://msdn.microsoft.com/library/de...-us/dnnetsec/h
tml/THCMCh19.asp)
If you go to the Event Log section it says:
"Least privileged accounts, such as ASPNET, have sufficient permissions to
be able to write records to the event log using existing event sources."
Thanks
LucasC
"Lucas" <ms**@rmya.com.ar> escribió en el mensaje
news:O0**************@TK2MSFTNGP10.phx.gbl... Jacob,
1. I couldn't find VSWebCache folder. This is a VS.Net folder, isn't it?
My Win server 2003 is for testing purposes and doesn't has VS.
2. If I add myself to Administrators group of the win server 2003. Event
Log is written correctly. I can't use this solution in Production
environments. :-(
I tried adding myself to Power Users group but nothing happened. I tried
given Full Control to C:\WINDOWS\system32\config (where app log resides)
to Everyone user and my own user but nothing happens.
Summary:
The only way it works (write in event log) is when I was part of
Administrators group, but this is not a valid scenario. This help me to
know that this is just a security issue. As I said before, it works fine in Win
2000 so I suppose it must work fine here too.
Any other idea?
Thanks
LucasC
"Jacob Yang [MSFT]" <ji***@online.microsoft.com> escribió en el mensaje
news:9j**************@cpmsftngxa06.phx.gbl... Hi Lucas,
Thank you for your update.
You are right that the security policy in Windows Server 2003 is very
different with Windows 2000. Based on my research and experience, please
try the following solutions.
1. Grant the NETWORK_SERVICE account and your user account read
permissions to the \VSWebCache folder. To do this, follow these steps:
1) In Windows Explorer, locate C:\Documents and Settings\<Username>.
2) Right-click the "VSWebCache" folder, and then click "Properties".
3) On the "Security" tab, click "Add".
4) In the "Select Users or Groups" box, type
"<Servername>\NETWORK_SERVICE" (without the quotation marks) in the "Select Users or Groups" box.
5) Click "OK".
6) Make sure that the "Read & Execute" check box is selected, and then
click "OK".
Do the same steps for your user account.
2. Please try to add the NETWORK_SERVICE account and your user account
to the administrators group.
3. If the above two solutions do not work, we need to use the Filemon
and Regmon to check what really caused the "Access is denied" error.
Filemon
http://www.sysinternals.com/ntw2k/source/filemon.shtml
Regmon
http://www.sysinternals.com/ntw2k/source/regmon.shtml
Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.
I hope it helps.
Best regards,
Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no
rights.
Hi Lucas,
Thank you for your update.
You are right that the VSWebCache folder is a VS.Net folder.
As I have mentioned before, this issue is a permission issue. I am not sure
about what the exact permissions are needed for this issue so I suggest
using the administrator. Thank you for your understanding.
Since you cannot accept the administrator solution, we need to use the
Filemon and Regmon to check what really caused the "Access is denied"
error. Have you tried them?
Filemon http://www.sysinternals.com/ntw2k/source/filemon.shtml
Regmon http://www.sysinternals.com/ntw2k/source/regmon.shtml
Note:
The third-party products that are discussed in this article are
manufactured by companies that are independent of Microsoft. Microsoft
makes no warranty, implied or otherwise, regarding the performance or
reliability of these products.
I hope it helps.
Best regards,
Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Hi Lucas,
I am encountering the exact same scenario in my app: Impersonating a
user from a lower-privileged group does not writing to the Event Log.
Have you had any luck since your last post? I went ahead and tried the
FileMon and RegMon, but didn't see anything that indicated specifically
what was going wrong.
I know that there are numerous articles out there that address similar
situations and they seem to recommend wrapping the code that needs the
permissions with some combination of Assert/Demand. However, I keep
holding out for an easier solution before embarking on that path.
mattsmith321
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message118170.html This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: PCC |
last post by:
I am using the Exception Managment Application Block on Windows Server 2003
Enterprise and .NET v1.1.
If I use the block with an ASP.NET web wervice or in a web application I get
the following...
|
by: Nick Flandry |
last post by:
I'm running into an Invalid Cast Exception on an ASP.NET application that runs fine in my
development environment (Win2K server running IIS 5) and a test environment (also Win2K server
running IIS...
|
by: Diego F. |
last post by:
I think I'll never come across that error. It happens when running code from
a DLL that tries to write to disk. I added permissions in the project
folder, the wwwroot and in IIS to NETWORK_SERVICE...
|
by: Rachel |
last post by:
Hi,
I am using the data access application block successfully in our development
environment, however when I deploy to our testing server as Private
Assemblies I keep getting the following
...
|
by: Stanav |
last post by:
Hello all,
I'm developing a web application using VB.Net 2003 and Framework 1.1. This
application queries an AS/400 database. I'm using the IBM OleDb provider
that came with IBM Client Access for...
|
by: Claudio Di Flumeri |
last post by:
Hello all,
I've added a global exception handler to my application in this way:
Sub Main()
AddHandler Application.ThreadException, AddressOf ThreadException
AddHandler...
|
by: Rob Richardson |
last post by:
Greetings!
I am working on an application that targets a Pocket PC running Windows CE
and SQL Server CE. Almost all functions in the application use a Try block
with a Catch block that looks...
|
by: John Kotuby |
last post by:
Hello all,
Note: This is the full version of a Post that I inadvertently sent before it
was complete.
About a year ago I wrote a VB.NET 2003 solution that consists of a number
of assemblies...
|
by: sriram347 |
last post by:
Hi
I am a newbie to ASP.NET. I developed a web page (project type is web application) and I keep getting this error.
B]Error message :
"System.AccessViolation Exception attempted to read or...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
