ASPNET_WP could not be started: 80004005.

Discussion in 'ASP .Net Security' started by John Naegle, Jan 17, 2006.

  1. John Naegle

    John Naegle Guest

    Hello,

    I am getting the following event in the application event log when
    trying to view a ASP.NET web application. This only happens on 2 of the
    8 machines where I've deployed the application. My application is
    running as the ASPNET user (<processModel ... userName="machine"
    password="AutoGenerate" .. />) and using impersonation (<authentication
    mode="Windows" /> <identity impersonate="true" />).

    --------------------------------------------------------------------
    Source: ASP.NET 1.1.4322.0
    Category: None
    Type: Error
    Event ID: 1084
    User: N/A

    aspnet_wp.exe could not be started. The error code for the failure is
    80004005. This error can be caused when the worker process account has
    insufficient rights to read the .NET Framework files. Please ensure that
    the .NET Framework is correctly installed and that the ACLs on the
    installation directory allow access to the configured account.
    --------------------------------------------------------------------

    The first time I try to view the page the above event is preceded by:
    --------------------------------------------------------------------
    Source: Userenv
    Category: None
    Type: Error
    Event ID: 1000
    User: NT AUTHORITY\SYSTEM

    Description:
    Windows cannot log you on because the profile cannot be loaded. Contact
    your
    network administrator.

    DETAIL - Access is denied.
    --------------------------------------------------------------------

    The error the client gets is:
    --------------------------------------------------------------------
    The web application you are attempting to access on this web server is
    currently unavailable. Please hit the "Refresh" button in your web
    browser to retry your request.

    Administrator Note: An error message detailing the cause of this
    specific request failure can be found in the application event log of
    the web server. Please review this log entry to discover what caused
    this error to occur.
    --------------------------------------------------------------------



    I've verified that the ASPNET user is in the USER group, is not locked
    out, and has the following permissions (the impersonated user is in the
    Administrators group). This is a superset of the permissions described
    in "Aspnet_wp.exe could not be started" error message when you view an
    ASP.NET page (http://support.microsoft.com/default.aspx?kbid=811320)

    ..NET Framework root folder
    (C:\WINNT\Microsoft.NET\Framework\v1.1.4322\): Read, list

    Temporary ASP.NET files
    (C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files):
    Full control

    C:\WINNT\System32: read

    AppRoot (c:\Inetpub\wwwroot\<folder>): Read

    Website Root (c:\Inetpub\wwwroot): Read

    C:\WINNT\Assembly: Read

    Access the computer from the network: true
    Deny local logon: true
    Logon as batch: true
    Logon as service: true
    Impersonate a client after authentication: true
    Verified the IIS settings between machines that work and machines that
    do not work (application is installed via a windows installer)


    I've also tried to following:
    1) aspnet_regiis -ua, aspnet_regiis -i
    2) aspnet_regiis -ua, delete ASPNET user, aspnet_regiis -i

    Adding the ASPNET user to the administrator account or changing the
    process model user name to System causes the application to work, but
    neither of these are options in our production environment. So what am
    I missing? What security bit(s) should I look at?

    Thanks,
    John Naegle
    John Naegle, Jan 17, 2006
    #1
    1. Advertising

  2. John Naegle

    Jim Cheshire Guest

    On Tue, 17 Jan 2006 11:26:51 -0500, John Naegle <>
    wrote:

    >Hello,
    >
    >I am getting the following event in the application event log when
    >trying to view a ASP.NET web application. This only happens on 2 of the
    >8 machines where I've deployed the application. My application is
    >running as the ASPNET user (<processModel ... userName="machine"
    >password="AutoGenerate" .. />) and using impersonation (<authentication
    >mode="Windows" /> <identity impersonate="true" />).
    >


    John,

    Looks like you've been pretty thorough. I'd recommend a Filemon and
    Regmon log so that you can see where it might be failing.

    Jim Cheshire
    --
    Blog:
    http://blogs.msdn.com/jamesche
    Jim Cheshire, Jan 17, 2006
    #2
    1. Advertising

  3. John Naegle

    John Naegle Guest

    Jim,

    Thanks for the quick reply. I've tried Filemon in the past and wasn't
    able to find anything. Including only the processes inetinfo.exe and
    aspnet_wp.exe and refreshing the webpage did not cause any failures to
    be logged in Filemon. I hadn't tried regmon in the past. Including
    the same processes in Regmon resulted in the following errors being
    logged during a page request. Are there other processes I should be
    including?

    I find the first error particularly interesting. This key is reported
    as accessed succesfully on one of the other machines where the
    application works.

    1.18388653 inetinfo.exe:2800 OpenKey HKCU NOT FOUND
    1.18392730 inetinfo.exe:2800 OpenKey
    HKU\.Default\SOFTWARE\Microsoft\Cryptography\Providers\Type 001 NOT FOUND
    1.18451428 inetinfo.exe:2800 OpenKey
    HKLM\Software\Microsoft\Cryptography\Offload NOT FOUND
    1.19020295 inetinfo.exe:2800 OpenKey HKCU NOT FOUND
    1.19080913 inetinfo.exe:2800 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT
    FOUND 1.19150114 aspnet_wp.exe:2512 OpenKey
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution
    Options\aspnet_wp.exe NOT FOUND
    1.19152009 aspnet_wp.exe:2512 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
    1.19165957 aspnet_wp.exe:2512 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
    1.19247973 inetinfo.exe:2800 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
    1.19351006 aspnet_wp.exe:2592 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
    1.19352996 aspnet_wp.exe:2592 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
    1.19371283 aspnet_wp.exe:2592 OpenKey HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND

    Thanks,
    John Naegle
    John Naegle, Jan 17, 2006
    #3
  4. John Naegle

    Jim Cheshire Guest

    On Tue, 17 Jan 2006 13:29:36 -0500, John Naegle <>
    wrote:

    >Jim,
    >
    >Thanks for the quick reply. I've tried Filemon in the past and wasn't
    >able to find anything. Including only the processes inetinfo.exe and
    >aspnet_wp.exe and refreshing the webpage did not cause any failures to
    >be logged in Filemon. I hadn't tried regmon in the past. Including
    >the same processes in Regmon resulted in the following errors being
    >logged during a page request. Are there other processes I should be
    >including?
    >


    John,

    You may have an Image File Execution Options key on another machine,
    but there shouldn't be anything there. We use that to attach a
    debugger to the process when the process starts. You wouldn't want
    that to happen normally.

    Look in the Filemon log for the write event to the application log. It
    will AppLog.evt or something like that. That's where the problem is.

    Jim Cheshire
    --
    Blog:
    http://blogs.msdn.com/jamesche
    Jim Cheshire, Jan 17, 2006
    #4
  5. John Naegle

    John Naegle Guest

    Hi Jim,

    I'm not sure what I'm supposed to be getting out of the Filemon log when
    there is an event written to the application log. You said this is
    where the problem lies, but I don't see any new information here. The
    Filemon log with filtering set to include the processes inetinfo.exe,
    aspnet_wp.exe and SERVICES.exe looks like this after trying to access
    the .NET application:

    10:00:46 AM inetinfo.exe:2800 OPEN
    C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS Options: Open Sequential
    Access: All
    10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
    10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION
    C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS Length: 4431
    10:00:46 AM inetinfo.exe:2800 READ
    C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS Offset: 0 Length: 4431
    10:00:46 AM inetinfo.exe:2800 CLOSE
    C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS
    10:00:46 AM inetinfo.exe:2800 OPEN
    C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS Options: Open Sequential
    Access: All
    10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
    10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION
    C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS Length: 4033
    10:00:46 AM inetinfo.exe:2800 READ
    C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS Offset: 0 Length: 4033
    10:00:46 AM inetinfo.exe:2800 CLOSE
    C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS
    10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION C:\WINNT\TEMP SUCCESS
    Attributes: DA
    10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION C:\WINNT\TEMP SUCCESS
    Attributes: DA
    10:00:46 AM inetinfo.exe:2800 OPEN
    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
    Options: Open Access: Execute
    10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
    10:00:46 AM inetinfo.exe:2800 CLOSE
    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
    10:00:46 AM aspnet_wp.exe:2660 QUERY INFORMATION
    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
    FileNameInformation
    10:00:46 AM inetinfo.exe:2800 OPEN
    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
    Options: Open Access: Execute
    10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
    10:00:46 AM inetinfo.exe:2800 CLOSE
    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
    10:00:46 AM aspnet_wp.exe:11500 QUERY INFORMATION
    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
    FileNameInformation
    10:00:46 AM SERVICES.EXE:276 WRITE
    C:\WINNT\system32\config\AppEvent.Evt SUCCESS Offset: 3392024 Length: 132
    10:00:46 AM SERVICES.EXE:276 WRITE
    C:\WINNT\system32\config\AppEvent.Evt SUCCESS Offset: 3392156 Length: 40


    The event written in the application log is the one I mentioned in my
    original posting:

    Source: ASP.NET 1.1.4322.0
    Event ID: 1084
    Category: None

    aspnet_wp.exe could not be started. The error code for the failure is
    80004005. This error can be caused when the worker process account has
    insufficient rights to read the .NET Framework files. Please ensure that
    the .NET Framework is correctly installed and that the ACLs on the
    installation directory allow access to the configured account.


    Some more information that may be relevant:

    After IIS restart, the following is written to
    C:\WINNT\Debug\UserMode\userenv.log

    USERENV(af0.a20) 09:54:30:208 RestoreUserProfile: IssueDefaultProfile
    failed with local default.
    USERENV(af0.a20) 09:54:30:208 RestoreUserProfile: Could not load the
    user profile. Error = 5
    USERENV(af0.a20) 09:54:30:223 MyRegUnLoadKey: Failed to unmount hive 57
    USERENV(af0.a20) 09:54:30:223 DeleteProfileEx: Failed to query profile
    guid with error 2
    USERENV(af0.a20) 09:54:30:223 DeleteProfile: Failed to delete the
    appmgmt dir
    C:\WINNT\system32\appmgmt\S-1-5-21-2022260508-1171023081-1102129226-1022,
    error 2
    USERENV(af0.a20) 09:54:30:223 LoadUserProfile: RestoreUserProfile
    returned FALSE

    This is associated with an event in the application log (see original
    posting, Event ID: 1000).

    I also cannot create .NET Web applications on the machine in question
    using Visual Studio .NET 2003. When I try, I get a 500 Internal Service
    error.

    ASP.NET Version: 1.1.4322.0
    Windows Version: 2000 Server, SP4
    IIS Version: 5.0

    Thanks for your help,
    John Naegle
    John Naegle, Jan 18, 2006
    #5
  6. John Naegle

    Jim Cheshire Guest

    On Wed, 18 Jan 2006 10:15:54 -0500, John Naegle <>
    wrote:
    >
    >I also cannot create .NET Web applications on the machine in question
    >using Visual Studio .NET 2003. When I try, I get a 500 Internal Service
    >error.
    >
    >ASP.NET Version: 1.1.4322.0
    >Windows Version: 2000 Server, SP4
    >IIS Version: 5.0
    >


    John,

    You've got quite a few things going on here. I think you're going to
    get this solved a LOT faster by opening a case with us.


    Jim Cheshire
    --
    Blog:
    http://blogs.msdn.com/jamesche
    Jim Cheshire, Jan 18, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alek Davis

    aspnet_wp.exe could not be started

    Alek Davis, Jul 7, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    3,551
  2. Lynn
    Replies:
    4
    Views:
    2,558
  3. Philipp Schumann
    Replies:
    2
    Views:
    5,360
    Philipp Schumann
    Apr 16, 2004
  4. Prodip Saha
    Replies:
    3
    Views:
    20,594
    Prodip Saha
    May 5, 2004
  5. Prodip Saha
    Replies:
    0
    Views:
    2,011
    Prodip Saha
    May 5, 2004
Loading...

Share This Page