ASP.NET Application intermittently fails to start

H

howard39

We have deployed an ASP.NET application on 20 servers in different locations,
and it is used daily by about 300 users around the country.

Every couple of weeks at one location or another, users cannot get into the
application. The Default.htm redirection page displays, but then, instead of
entering our ASP.NET main page, the unhandled exception message below is
displayed. Sometimes if the users wait and try again they can get in. The
most recent time this occured, three users could not get in, and waiting and
trying again didn't help. We rebooted the server and all was well again.

The exception message seems to indicate that there is a problem with
authentication, and this occurs outside of any code we have written. We are
using integrated Windows authentication.

Could this be a Kerberos issue or some kind of Active Directory network
issue? How would we go about finding and fixing the problem?

The application runs on Windows 2003 servers using IIS in IIS5 mode. The
clients typically use Windows 2000.
 
H

howard39

Here is the exception text:

Server Error in '/XXXXXXXXXX' Application.
--------------------------------------------------------------------------------

The remote procedure call failed.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details: System.ApplicationException: The remote procedure call
failed.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[ApplicationException: The remote procedure call failed.
]
System.Security.Principal.WindowsIdentity._ResolveIdentity(IntPtr
userToken) +0
System.Security.Principal.WindowsIdentity.get_Name() +71
System.Web.Configuration.AuthorizationConfigRule.IsUserAllowed(IPrincipal
user, String verb) +106
System.Web.Configuration.AuthorizationConfig.IsUserAllowed(IPrincipal
user, String verb) +81
System.Web.Security.UrlAuthorizationModule.OnEnter(Object source,
EventArgs eventArgs) +181
System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +60
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87
 
M

[MSFT]

Hello,

From the error message, it seems the error occur when ASPNET query the AD
for User indetity information. You may begin trouble shooting here. For
example, you can catch this execption. When it occurred, you can run some
customized code on the server to query AD, to see if you can get the user
info or more detail error message.

Luke
 
H

howard39

How would I catch this exception? It doesn't seem to be in the Page_Init or
Page_Load events.
 
H

howard39

Also, what kind of more detailed information would I look for? We already
know the user name. The exception is being thrown in Microsoft's code
(System.Security.Principal.WindowsIdentity._ResolveIdentity) -- I don't know
how to debug it.
 
J

Joe Kaplan \(MVP - ADSI\)

I've seen those ApplicationExceptions throw by some of the deep internals of
the WindowsIdentity class (the part that is actually written in C++ that you
can't see with Reflector) and they always seem to be related to issues with
network connectivity to the domain controller. I have no idea why they are
bubbled up as ApplicationExceptions, but that seems to be what happens.

Are you sure you aren't having network connectivity issues? Is Kerberos
traffic (port 88 TCP AND UDP) getting to all the DCs in the server's site?

The good news (or bad news) is that this isn't your code's fault.

Joe K.
 
J

Joe Kaplan \(MVP - ADSI\)

Custom errors won't help here as the error is thrown from unmanaged code so
the stack trace dies at the WindowsIdentity._ResolveIdentity method and the
error isn't very helpful. I think looking in the event logs for errors
related to DC connections or checking for Kerberos problems is what will be
needed here.

Joe K.
 
H

howard39

Thanks, next time it happens we'll check the server event logs, and run the
problem by any networking, DC, and Kerberos experts that we may have here.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,481
Members
44,900
Latest member
Nell636132

Latest Threads

Top