Odd security problem

[MarkMurphy]

We had a problem with our .NET applications on
one of our application servers (it is not setup to be a domain
controller). For some reason the local ASPNET account got
locked out resulting in the following error message in the event log:

"aspnet_wp.exe could not be launched because the username and/or
password supplied in the processModel section of the config file are
invalid."

We unlocked the account and did an iisreset and everything returned to normal.

What could cause this? About the only thing of note is that
I copied some new asp.net application files to the server
at 'about' the same time. This has worked without incident before.

Thanks!

 

[Steven Cheng[MSFT]]

Hi Mark,

From your description, you got the following error message
==================
"aspnet_wp.exe could not be launched because the username and/or
password supplied in the processModel section of the config file are
invalid."
==================

on one of yoru application server wihch has .net installed, yes?

As you mentioned that the problem is resolved after unlock the aspnet
account. So there must be something which cause the ASPNET local account be
locked. In ASP.NET the default process account is MACHINE\ASPNET (on w2k3
server is NetworkService accoutn). So if the machine\aspnet account is
locked, all the asp.net application( web application or webservcire or
other service require the asp.net runtime ) will fail to be launched. And
this process account can be set in the .net framework's machine.config
which is under the .net framework's installed folder, for example:
{driver}:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG

find the machine.config file, and the account is set in the <processModel>
element. The default value is
userName="MACHINE" password="AutoGenerate"
We can change the userName as "SYSTEM" so as to let the process running
under the system account.

In addition , we can also create custom account to run the asp.net process.
here is the related reference in MSDN:

#How To Create a Custom Account to Run ASP.NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html
/secmod15.asp



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 

[Steven Cheng[MSFT]]

Hi Mark,

Have you had a chance to check out the things in my last reply or have you
got any further ideas on this issue? If you need any further assistance,
please feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 

[MarkMurphy]

Actually we remedied the problem by reenabling the aspnet account.
What we can't figure out is what disabled it and why. Any ideas?

Thanks for getting back!

Mark

 

[Steven Cheng[MSFT]]

Hi Mark,

Thanks for the followup. Since you found that the aspnet local account is
auto disabled , I think it maybe a lit difficult to monitor it. Is there
anything helpful in the machine's eventlog ? I think you can do more tests
to repro the behavior so as to do some further troubleshooting.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx