ASP.NET Application intermittently fails to start

Discussion in 'ASP .Net Security' started by howard39@nospam.nospam, Mar 31, 2005.

  1. Guest

    We have deployed an ASP.NET application on 20 servers in different locations,
    and it is used daily by about 300 users around the country.

    Every couple of weeks at one location or another, users cannot get into the
    application. The Default.htm redirection page displays, but then, instead of
    entering our ASP.NET main page, the unhandled exception message below is
    displayed. Sometimes if the users wait and try again they can get in. The
    most recent time this occured, three users could not get in, and waiting and
    trying again didn't help. We rebooted the server and all was well again.

    The exception message seems to indicate that there is a problem with
    authentication, and this occurs outside of any code we have written. We are
    using integrated Windows authentication.

    Could this be a Kerberos issue or some kind of Active Directory network
    issue? How would we go about finding and fixing the problem?

    The application runs on Windows 2003 servers using IIS in IIS5 mode. The
    clients typically use Windows 2000.
     
    , Mar 31, 2005
    #1
    1. Advertising

  2. Guest

    Here is the exception text:

    Server Error in '/XXXXXXXXXX' Application.
    --------------------------------------------------------------------------------

    The remote procedure call failed.
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information about
    the error and where it originated in the code.

    Exception Details: System.ApplicationException: The remote procedure call
    failed.

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [ApplicationException: The remote procedure call failed.
    ]
    System.Security.Principal.WindowsIdentity._ResolveIdentity(IntPtr
    userToken) +0
    System.Security.Principal.WindowsIdentity.get_Name() +71
    System.Web.Configuration.AuthorizationConfigRule.IsUserAllowed(IPrincipal
    user, String verb) +106
    System.Web.Configuration.AuthorizationConfig.IsUserAllowed(IPrincipal
    user, String verb) +81
    System.Web.Security.UrlAuthorizationModule.OnEnter(Object source,
    EventArgs eventArgs) +181
    System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +60
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +87

    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET
    Version:1.1.4322.2032


    "" wrote:

    > We have deployed an ASP.NET application on 20 servers in different locations,
    > and it is used daily by about 300 users around the country.
    >
    > Every couple of weeks at one location or another, users cannot get into the
    > application. The Default.htm redirection page displays, but then, instead of
    > entering our ASP.NET main page, the unhandled exception message below is
    > displayed. Sometimes if the users wait and try again they can get in. The
    > most recent time this occured, three users could not get in, and waiting and
    > trying again didn't help. We rebooted the server and all was well again.
    >
    > The exception message seems to indicate that there is a problem with
    > authentication, and this occurs outside of any code we have written. We are
    > using integrated Windows authentication.
    >
    > Could this be a Kerberos issue or some kind of Active Directory network
    > issue? How would we go about finding and fixing the problem?
    >
    > The application runs on Windows 2003 servers using IIS in IIS5 mode. The
    > clients typically use Windows 2000.
     
    , Mar 31, 2005
    #2
    1. Advertising

  3. [MSFT] Guest

    Hello,

    From the error message, it seems the error occur when ASPNET query the AD
    for User indetity information. You may begin trouble shooting here. For
    example, you can catch this execption. When it occurred, you can run some
    customized code on the server to query AD, to see if you can get the user
    info or more detail error message.

    Luke
     
    [MSFT], Apr 1, 2005
    #3
  4. Guest

    How would I catch this exception? It doesn't seem to be in the Page_Init or
    Page_Load events.

    "[MSFT]" wrote:

    > Hello,
    >
    > From the error message, it seems the error occur when ASPNET query the AD
    > for User indetity information. You may begin trouble shooting here. For
    > example, you can catch this execption. When it occurred, you can run some
    > customized code on the server to query AD, to see if you can get the user
    > info or more detail error message.
    >
    > Luke
    >
    >
     
    , Apr 1, 2005
    #4
  5. Guest

    Also, what kind of more detailed information would I look for? We already
    know the user name. The exception is being thrown in Microsoft's code
    (System.Security.Principal.WindowsIdentity._ResolveIdentity) -- I don't know
    how to debug it.

    "" wrote:

    > How would I catch this exception? It doesn't seem to be in the Page_Init or
    > Page_Load events.
    >
    > "[MSFT]" wrote:
    >
    > > Hello,
    > >
    > > From the error message, it seems the error occur when ASPNET query the AD
    > > for User indetity information. You may begin trouble shooting here. For
    > > example, you can catch this execption. When it occurred, you can run some
    > > customized code on the server to query AD, to see if you can get the user
    > > info or more detail error message.
    > >
    > > Luke
    > >
    > >
     
    , Apr 1, 2005
    #5
  6. I've seen those ApplicationExceptions throw by some of the deep internals of
    the WindowsIdentity class (the part that is actually written in C++ that you
    can't see with Reflector) and they always seem to be related to issues with
    network connectivity to the domain controller. I have no idea why they are
    bubbled up as ApplicationExceptions, but that seems to be what happens.

    Are you sure you aren't having network connectivity issues? Is Kerberos
    traffic (port 88 TCP AND UDP) getting to all the DCs in the server's site?

    The good news (or bad news) is that this isn't your code's fault.

    Joe K.

    <> wrote in message
    news:...
    > Also, what kind of more detailed information would I look for? We already
    > know the user name. The exception is being thrown in Microsoft's code
    > (System.Security.Principal.WindowsIdentity._ResolveIdentity) -- I don't
    > know
    > how to debug it.
    >
    > "" wrote:
    >
    >> How would I catch this exception? It doesn't seem to be in the Page_Init
    >> or
    >> Page_Load events.
    >>
    >> "[MSFT]" wrote:
    >>
    >> > Hello,
    >> >
    >> > From the error message, it seems the error occur when ASPNET query the
    >> > AD
    >> > for User indetity information. You may begin trouble shooting here. For
    >> > example, you can catch this execption. When it occurred, you can run
    >> > some
    >> > customized code on the server to query AD, to see if you can get the
    >> > user
    >> > info or more detail error message.
    >> >
    >> > Luke
    >> >
    >> >
     
    Joe Kaplan \(MVP - ADSI\), Apr 3, 2005
    #6
  7. [MSFT] Guest

    [MSFT], Apr 4, 2005
    #7
  8. Custom errors won't help here as the error is thrown from unmanaged code so
    the stack trace dies at the WindowsIdentity._ResolveIdentity method and the
    error isn't very helpful. I think looking in the event logs for errors
    related to DC connections or checking for Kerberos problems is what will be
    needed here.

    Joe K.

    "[MSFT]" <> wrote in message
    news:...
    > To trace such an security exception, you can use Custom Errors:
    >
    > http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q815166
    >
    > After find the exception, you may run some code to detect the network or
    > query AD. This may return more detail information than you see in ASP.NET.
    >
    > Luke
    >
     
    Joe Kaplan \(MVP - ADSI\), Apr 4, 2005
    #8
  9. Guest

    Thanks, next time it happens we'll check the server event logs, and run the
    problem by any networking, DC, and Kerberos experts that we may have here.
     
    , Apr 4, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. uni

    IIS down intermittently

    uni, Oct 23, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    419
  2. Rubble
    Replies:
    3
    Views:
    734
    Alvin Bruney [MVP]
    Mar 5, 2004
  3. niju

    Intermittently problem

    niju, Feb 14, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    387
    Darren Kopp
    Feb 15, 2006
  4. Ajay Bakhshi
    Replies:
    0
    Views:
    427
    Ajay Bakhshi
    May 3, 2004
  5. Dave
    Replies:
    3
    Views:
    155
    Anthony Jones
    Sep 6, 2007
Loading...

Share This Page