ASPNET_WP could not be started: 80004005.

J

John Naegle

Hello,

I am getting the following event in the application event log when
trying to view a ASP.NET web application. This only happens on 2 of the
8 machines where I've deployed the application. My application is
running as the ASPNET user (<processModel ... userName="machine"
password="AutoGenerate" .. />) and using impersonation (<authentication
mode="Windows" /> <identity impersonate="true" />).

--------------------------------------------------------------------
Source: ASP.NET 1.1.4322.0
Category: None
Type: Error
Event ID: 1084
User: N/A

aspnet_wp.exe could not be started. The error code for the failure is
80004005. This error can be caused when the worker process account has
insufficient rights to read the .NET Framework files. Please ensure that
the .NET Framework is correctly installed and that the ACLs on the
installation directory allow access to the configured account.
--------------------------------------------------------------------

The first time I try to view the page the above event is preceded by:
--------------------------------------------------------------------
Source: Userenv
Category: None
Type: Error
Event ID: 1000
User: NT AUTHORITY\SYSTEM

Description:
Windows cannot log you on because the profile cannot be loaded. Contact
your
network administrator.

DETAIL - Access is denied.
--------------------------------------------------------------------

The error the client gets is:
--------------------------------------------------------------------
The web application you are attempting to access on this web server is
currently unavailable. Please hit the "Refresh" button in your web
browser to retry your request.

Administrator Note: An error message detailing the cause of this
specific request failure can be found in the application event log of
the web server. Please review this log entry to discover what caused
this error to occur.
--------------------------------------------------------------------



I've verified that the ASPNET user is in the USER group, is not locked
out, and has the following permissions (the impersonated user is in the
Administrators group). This is a superset of the permissions described
in "Aspnet_wp.exe could not be started" error message when you view an
ASP.NET page (http://support.microsoft.com/default.aspx?kbid=811320)

..NET Framework root folder
(C:\WINNT\Microsoft.NET\Framework\v1.1.4322\): Read, list

Temporary ASP.NET files
(C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files):
Full control

C:\WINNT\System32: read

AppRoot (c:\Inetpub\wwwroot\<folder>): Read

Website Root (c:\Inetpub\wwwroot): Read

C:\WINNT\Assembly: Read

Access the computer from the network: true
Deny local logon: true
Logon as batch: true
Logon as service: true
Impersonate a client after authentication: true
Verified the IIS settings between machines that work and machines that
do not work (application is installed via a windows installer)


I've also tried to following:
1) aspnet_regiis -ua, aspnet_regiis -i
2) aspnet_regiis -ua, delete ASPNET user, aspnet_regiis -i

Adding the ASPNET user to the administrator account or changing the
process model user name to System causes the application to work, but
neither of these are options in our production environment. So what am
I missing? What security bit(s) should I look at?

Thanks,
John Naegle
 
J

Jim Cheshire

Hello,

I am getting the following event in the application event log when
trying to view a ASP.NET web application. This only happens on 2 of the
8 machines where I've deployed the application. My application is
running as the ASPNET user (<processModel ... userName="machine"
password="AutoGenerate" .. />) and using impersonation (<authentication
mode="Windows" /> <identity impersonate="true" />).

John,

Looks like you've been pretty thorough. I'd recommend a Filemon and
Regmon log so that you can see where it might be failing.

Jim Cheshire
 
J

John Naegle

Jim,

Thanks for the quick reply. I've tried Filemon in the past and wasn't
able to find anything. Including only the processes inetinfo.exe and
aspnet_wp.exe and refreshing the webpage did not cause any failures to
be logged in Filemon. I hadn't tried regmon in the past. Including
the same processes in Regmon resulted in the following errors being
logged during a page request. Are there other processes I should be
including?

I find the first error particularly interesting. This key is reported
as accessed succesfully on one of the other machines where the
application works.

1.18388653 inetinfo.exe:2800 OpenKey HKCU NOT FOUND
1.18392730 inetinfo.exe:2800 OpenKey
HKU\.Default\SOFTWARE\Microsoft\Cryptography\Providers\Type 001 NOT FOUND
1.18451428 inetinfo.exe:2800 OpenKey
HKLM\Software\Microsoft\Cryptography\Offload NOT FOUND
1.19020295 inetinfo.exe:2800 OpenKey HKCU NOT FOUND
1.19080913 inetinfo.exe:2800 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT
FOUND 1.19150114 aspnet_wp.exe:2512 OpenKey
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\aspnet_wp.exe NOT FOUND
1.19152009 aspnet_wp.exe:2512 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
1.19165957 aspnet_wp.exe:2512 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
1.19247973 inetinfo.exe:2800 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
1.19351006 aspnet_wp.exe:2592 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
1.19352996 aspnet_wp.exe:2592 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND
1.19371283 aspnet_wp.exe:2592 OpenKey HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Image File Execution Options\aspnet_wp.exe NOT FOUND

Thanks,
John Naegle
 
J

Jim Cheshire

Jim,

Thanks for the quick reply. I've tried Filemon in the past and wasn't
able to find anything. Including only the processes inetinfo.exe and
aspnet_wp.exe and refreshing the webpage did not cause any failures to
be logged in Filemon. I hadn't tried regmon in the past. Including
the same processes in Regmon resulted in the following errors being
logged during a page request. Are there other processes I should be
including?

John,

You may have an Image File Execution Options key on another machine,
but there shouldn't be anything there. We use that to attach a
debugger to the process when the process starts. You wouldn't want
that to happen normally.

Look in the Filemon log for the write event to the application log. It
will AppLog.evt or something like that. That's where the problem is.

Jim Cheshire
 
J

John Naegle

Hi Jim,

I'm not sure what I'm supposed to be getting out of the Filemon log when
there is an event written to the application log. You said this is
where the problem lies, but I don't see any new information here. The
Filemon log with filtering set to include the processes inetinfo.exe,
aspnet_wp.exe and SERVICES.exe looks like this after trying to access
the .NET application:

10:00:46 AM inetinfo.exe:2800 OPEN
C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS Options: Open Sequential
Access: All
10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION
C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS Length: 4431
10:00:46 AM inetinfo.exe:2800 READ
C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS Offset: 0 Length: 4431
10:00:46 AM inetinfo.exe:2800 CLOSE
C:\WINNT\help\iisHelp\common\401-2.htm SUCCESS
10:00:46 AM inetinfo.exe:2800 OPEN
C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS Options: Open Sequential
Access: All
10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION
C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS Length: 4033
10:00:46 AM inetinfo.exe:2800 READ
C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS Offset: 0 Length: 4033
10:00:46 AM inetinfo.exe:2800 CLOSE
C:\WINNT\help\iisHelp\common\401-1.htm SUCCESS
10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION C:\WINNT\TEMP SUCCESS
Attributes: DA
10:00:46 AM inetinfo.exe:2800 QUERY INFORMATION C:\WINNT\TEMP SUCCESS
Attributes: DA
10:00:46 AM inetinfo.exe:2800 OPEN
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
Options: Open Access: Execute
10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
10:00:46 AM inetinfo.exe:2800 CLOSE
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
10:00:46 AM aspnet_wp.exe:2660 QUERY INFORMATION
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
FileNameInformation
10:00:46 AM inetinfo.exe:2800 OPEN
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
Options: Open Access: Execute
10:00:46 AM inetinfo.exe:2800 CLOSE C: SUCCESS
10:00:46 AM inetinfo.exe:2800 CLOSE
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
10:00:46 AM aspnet_wp.exe:11500 QUERY INFORMATION
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe SUCCESS
FileNameInformation
10:00:46 AM SERVICES.EXE:276 WRITE
C:\WINNT\system32\config\AppEvent.Evt SUCCESS Offset: 3392024 Length: 132
10:00:46 AM SERVICES.EXE:276 WRITE
C:\WINNT\system32\config\AppEvent.Evt SUCCESS Offset: 3392156 Length: 40


The event written in the application log is the one I mentioned in my
original posting:

Source: ASP.NET 1.1.4322.0
Event ID: 1084
Category: None

aspnet_wp.exe could not be started. The error code for the failure is
80004005. This error can be caused when the worker process account has
insufficient rights to read the .NET Framework files. Please ensure that
the .NET Framework is correctly installed and that the ACLs on the
installation directory allow access to the configured account.


Some more information that may be relevant:

After IIS restart, the following is written to
C:\WINNT\Debug\UserMode\userenv.log

USERENV(af0.a20) 09:54:30:208 RestoreUserProfile: IssueDefaultProfile
failed with local default.
USERENV(af0.a20) 09:54:30:208 RestoreUserProfile: Could not load the
user profile. Error = 5
USERENV(af0.a20) 09:54:30:223 MyRegUnLoadKey: Failed to unmount hive 57
USERENV(af0.a20) 09:54:30:223 DeleteProfileEx: Failed to query profile
guid with error 2
USERENV(af0.a20) 09:54:30:223 DeleteProfile: Failed to delete the
appmgmt dir
C:\WINNT\system32\appmgmt\S-1-5-21-2022260508-1171023081-1102129226-1022,
error 2
USERENV(af0.a20) 09:54:30:223 LoadUserProfile: RestoreUserProfile
returned FALSE

This is associated with an event in the application log (see original
posting, Event ID: 1000).

I also cannot create .NET Web applications on the machine in question
using Visual Studio .NET 2003. When I try, I get a 500 Internal Service
error.

ASP.NET Version: 1.1.4322.0
Windows Version: 2000 Server, SP4
IIS Version: 5.0

Thanks for your help,
John Naegle
 
J

Jim Cheshire

I also cannot create .NET Web applications on the machine in question
using Visual Studio .NET 2003. When I try, I get a 500 Internal Service
error.

ASP.NET Version: 1.1.4322.0
Windows Version: 2000 Server, SP4
IIS Version: 5.0

John,

You've got quite a few things going on here. I think you're going to
get this solved a LOT faster by opening a case with us.


Jim Cheshire
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top