Problem with Exception Mgt. App Block on W2k Server

[Jim Ross [MVP]]

I'm about at wit's end getting the exception block to operate at all
on our Win 2000 server. All is well on my local workstation, but the
block will not register correctly to operate on the server. Here is
what we have done:

* Xcopied the dll's into our app's bin directory on the server.
* Ran the install util with a bat file located in the bin directory.
the BAT file contains:
===========================
REM *** Batch File to register the ExceptionManagement appblock dll to
allow
REM *** writing to the event log
c:\winnt\microsoft.net\framework\v1.1.4322\installutil.exe
microsoft.applicationblocks.exceptionmanagement.dll
REM Register complete.
pause
=================================

the BAT file returns comforting sounding words, and the actual install
log that gets created also looks "comforting":

==========================================
Installing assembly
'd:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationblocks.exceptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationblocks.exceptionmanagement.dll
logfile =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationblocks.exceptionmanagement.InstallLog
Creating EventLog source ExceptionManagerInternalException in log
Application...
Creating EventLog source ExceptionManagerPublishedException in log
Application...
Committing assembly
'd:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationblocks.exceptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationblocks.exceptionmanagement.dll
logfile =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationblocks.exceptionmanagement.InstallLog
==============================

BUT, when anything tries to throw an exception, we get the "dreaded":
=======================
"The event source ExceptionManagerInternalException does not exist and
cannot be created with the current permissions
======================

WHAT is going on here? I have seen this error reported frequently, but
in most cases running the installutil seems to clear it up. Here, we
ran installutil, with apparent success to judge from the log, but we
still can't log an exception. I'm sure it is a permissions thing
somewhere, but where? As noted, this is a Win2000 sp3.

Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail

 

[MSFT]

Hi Jim,

If you use a more powerful account, for example, the System account, will
the error still occur?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Jim Ross [MVP]]

I don't know. Could you tell me how I might try that? I'm afraid that
is an area of .NET that is foreign territory to me.

Note that the block _appears_ to be correctly registered. Even the
correct Registry entries exist.

If you use a more powerful account, for example, the System account, will
the error still occur?

Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail

 

[MSFT]

Hi Jim,

You can configure the process identity in the <processModel> section of the
Machine.config file in the Config subdirectory of the installation root
directory. The userName and the password attributes control the identity of
the process. The default values for these attributes are as follows:


<processModel userName="machine" password="AutoGenerate" />


The machine and the AutoGenerate values instruct ASP.NET to use the
built-in ASPNET account and to use a cryptographically strong, random
password that is stored in the Local Security Authority (LSA) for that
account.

If you want to use a process that has more access rights, you can set the
userName attribute to System, which causes the ASP.NET worker process to
run with the same identity as the Inetinfo.exe process. The Inetinfo.exe
process runs by default as the System identity. When you configure the
ASP.NET worker process to use the System identity, the ASP.NET worker
process can access almost all of the resources on the local computer. On
computers that are running Windows 2000 or Windows XP, the System account
also has network credentials and can access network resources as the
machine account.


For more information about <processModel> Element:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/ht
ml/gngrfprocessmodelsection.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Jim Ross [MVP]]

Yes, I _could_ take that approach, but since my original post I'be
been reading up on these issues, and according to an MS Press book on
building secure ASP.NET apps, the preferred approach for this specific
sort of issue is to grant the ASPNET account the needed access. The
idea being--just as much access as is needed and not a bit more.
Sounds reasonable.

What is so maddening is that I HAVE granted it Registry access to the
needed keys. I can look at it in RegEdt32, and there it is, ASPNET has
the exact access the books says it needs, but as soon as I try to log
an exception, it gets "Registry access denied". It seems reasonable to
assume, at this point, that the domain security policies are somehow
overriding what I'm trying to do.

You can configure the process identity in the <processModel> section of the
Machine.config file in the Config subdirectory of the installation root
directory. The userName and the password attributes control the identity of
the process. The default values for these attributes are as follows:

Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail

 

[Joe Audette]

I think the reason your batch file doesn't work is
because you have to use the VS.NET command prompt to run
the installutil not just a regular command prompt. The
VS.NET command line set up environment variables that are
needed. I know there is a way to do it with a regular
command prompt but you have to setup the environment
variables that the VS.NET command prompt would do for you.

Best Regards,

Joe Audette

-----Original Message-----
I'm about at wit's end getting the exception block to operate at all
on our Win 2000 server. All is well on my local workstation, but the
block will not register correctly to operate on the server. Here is
what we have done:

* Xcopied the dll's into our app's bin directory on the server.
* Ran the install util with a bat file located in the bin directory.
the BAT file contains:
===========================
REM *** Batch File to register the ExceptionManagement appblock dll to
allow
REM *** writing to the event log
c:\winnt\microsoft.net\framework\v1.1.4322 \installutil.exe
microsoft.applicationblocks.exceptionmanagement.dll
REM Register complete.
pause
=================================

the BAT file returns comforting sounding words, and the actual install
log that gets created also looks "comforting":

==========================================
Installing assembly
'd:\sites\problem- management\wwwroot\cca\bin\microsoft.applicationblocks.exc
eptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem- management\wwwroot\cca\bin\microsoft.applicationblocks.exc
eptionmanagement.dll
logfile =
d:\sites\problem- management\wwwroot\cca\bin\microsoft.applicationblocks.exc
eptionmanagement.InstallLog
Creating EventLog source

ExceptionManagerInternalException in log

Application...
Creating EventLog source

ExceptionManagerPublishedException in log

Application...
Committing assembly
'd:\sites\problem- management\wwwroot\cca\bin\microsoft.applicationblocks.exc
eptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem- management\wwwroot\cca\bin\microsoft.applicationblocks.exc
eptionmanagement.dll
logfile =
d:\sites\problem- management\wwwroot\cca\bin\microsoft.applicationblocks.exc
eptionmanagement.InstallLog
==============================

BUT, when anything tries to throw an exception, we get the "dreaded":
=======================
"The event source ExceptionManagerInternalException does not exist and
cannot be created with the current permissions
======================

WHAT is going on here? I have seen this error reported frequently, but
in most cases running the installutil seems to clear it up. Here, we
ran installutil, with apparent success to judge from the log, but we
still can't log an exception. I'm sure it is a permissions thing
somewhere, but where? As noted, this is a Win2000 sp3.

Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn'

but please ask all questions in the newsgroups, not via
private mail

 

[MSFT]

Hi Jim,

There may be some other registry entries on which we need permission. To
make sure this, you may use a tool "regmon" to trace the access to
registry. It will log all access to registry. When the error occur, you can
check its log to see if there is any permission denied error on the
registry. For more information on this tool, you can browse to:

www.systeminternals.com

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)