WS-Policy and WSE problems!

[Patrick]

Having installed the Web Service Enhancements (WSE) from
http://www.microsoft.com/downloads/...C5-821F-41D3-A4FE-6C7B56423841&displaylang=en
and reviewed the WS-Security Drilldown in WSE2.0 at
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/wssecdrill.asp ,
I am trying implement a secure web-service proxy/client class then consume
an WS-Security Based web-service. (the web-service message is to be
encrypted/signed). I am also trying to use WS-Policy to enforce the
signing/encrypting. My sample code for webServiceProxyClient.dll-
webservice client/proxy class) and test.exe (a Win Form test harness have
been posted to
http://www.geocities.com/drkestrel/...f058a0886240d2257f79f46/WebserviceProblem.zip

I run into the following problems
1) WS-Policy: is causing exception:
Microsoft.Web.Services2.Policy.PolicyEnforcementException: WSE405: A
satisfactory subset of policy assertions that could be enforced for the
outgoing message could not be found.
1.1) The SecurityPolicy.config file defines the signing and encrypting
requirements
1.2) I could use code to do signing/encrypting (the code has been commented
out in Order.cs from lines 77-95 to demonstrate the WS-Policy problem I am
having), but as indicated the certificates' Base64KeyIds in the code matches
that in the Security.config file.
1.3) It appears that both <wssp:Integrity/> and <wssp:Confidentiality/>
section is not matching (I could remove either section and still there is an
exception)
1.4) The Policy Trace is as follows, indicating problems as I remove either
section in 1.3) from Security.config file:
<wset:message action="http://ordering.null/webservices/PlaceOrder"
messageId="uuid:74bbceae-abqf-4428-81e5-76ecd0967a76" appDomain="test.exe"
time="2004-11-02T12:06:49.1770605-00:00">
<wset:compile qname="wspolicy" wsu:Id="#Sign-X.509-Encrypt-X.509"
usage="Required" canEnforce="false">
<wset:compile qname="wsp:MessagePredicate" usage="Required"
canEnforce="true" />
<wset:compile qname="wssp:Confidentiality" usage="Required"
canEnforce="false">

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type. A token
will be loaded from the token manager and cached for subsequent message
enforcement.</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
<wset:annotation>Looking for a satisfactory token in the current
message's token collection...</wset:annotation>
<wset:annotation>Looking for a satisfactory token in policy
enforcement token cache...</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type.
Attempting to use the previously cached token...</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
</wset:compile>
</wset:compile>
</wset:message>
<wset:message action="http://ordering.null/webservices/PlaceOrder"
messageId="uuid:78fad4ff-7d60-4c40-9537-7c36686de046" appDomain="test.exe"
time="2004-11-02T15:42:33.9919292-00:00">
<wset:compile qname="wspolicy" wsu:Id="#Sign-X.509-Encrypt-X.509"
usage="Required" canEnforce="false">
<wset:compile qname="wsp:MessagePredicate" usage="Required"
canEnforce="true" />
<wset:compile qname="wssp:Integrity" usage="Required"
canEnforce="false">

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type. A token
will be loaded from the token manager and cached for subsequent message
enforcement.</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
<wset:annotation>Looking for a satisfactory token in the current
message's token collection...</wset:annotation>
<wset:annotation>Looking for a satisfactory token in policy
enforcement token cache...</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type.
Attempting to use the previously cached token...</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
</wset:compile>
</wset:compile>

2) The WSE property settings (for setting the Policy file, Diagnotics)
doesn't work the way I want it to work:
2.1) It seems to be picking up the settings from test harness (and not the
webServiceProxyClient.dll as I wish). This is not what I wanted because the
webserviceProxyClient is intended to be invoked via .NET/COM Interop from
Microsoft ASP 2.0(Classic) pages. How could I force the reading of the
App.Config from webserviceProxyClient.dll which basically states
<microsoft.web.services2>
<diagnostics>
<trace enabled="true" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
<policyTrace enabled="true" input="ReceivePolicy.webinfo"
output="SendPolicy.webinfo" />
</diagnostics>
<policy>
<cache name="C:\Temp\Webservice
Problem\WebServiceProxyClient\SecurityPolicy.config" />
</policy>
</microsoft.web.services2>

Note, to use my code above
1) A Strong name key needs to be present at
C:\\dev\\general\\DotNET-test-StrongNameKey\\test.snk
2) A Client authentication certificate with Base64KeyID (with private key)
in the Current User's Personal Certificate store- you will need to update
2.1) Line 35 in Order.cs (set the ClientBase64KeyId) variable
2.2) Lines 23, 26 and 27 in SecurityPolicy.config to reflect the cert you've
got
3)a Servier authentication certificate with Base64KeyID (with public key) in
the Current User's Other People certificate store
3.1) Line 36 in Order.cs (se the ServerBase64KeyId) variable
3.2) Lines 39,42 and 43 in SecurityPolicy.config to reflect the cert you've
got
4) All source code extraced to in c:\temp\Webservice Problem\

 

[[MSFT]]

Hello Patrick,

Can you provide the server side code for me test and reproduce the problem?
Cuurently, I successfully compile your client code but failed to reproduce
the issue. (I replaced the certificate with the one in WSE sample.)

Thanks,

Luke

 

[Patrick]

I don't have the server-side code, I'm afraid (I am consuming a WS-Security
based public web service, which I need to "subscribe" to). I got a big
suspicion, however, that it is something wrong with the Security.config
itself (as quite clearly, if the signing/encrypting by code is working as in
Order.cs, there isn't anything wrong with the server), also the policy trace
file indicates there is something wrong!

One point worth pointing out though- when I was trying out the WS-Policy
sample within the WSE Sample, I *Thought* I got the example working with the
WSE certificate but if I use mine, the policy trace is saying it didn't find
a matching rule, or something along that line....

I wonder could it be do with the following??
1) WSE Sample cert's TokenIssuer's CN name is very simple, mine has 1 CN
attribute an 3 DC attributes (for my client cert), (are they in the right
spacing, etc. format??)
2) Similarly, my "real" certificates's subject name are more complex (It has
got C, S, L, O, OU, CN and E attributes)
3) My client cert has been generated by an internal enterprise Test
Certificate authority running Windows Server 2003

 

[Patrick]

I can confirm that with the WS-Policy example at
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/wssecdrill.asp
1) If I update the SecurityPolicyClient\PolicyX509.config to the following
(to use the X.509 cert my Windows 2003 Test certificate authority generate)
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<!--The SecurityToken element within the TokenInfo element
describes which token type must be used for Signing.-->
<wssp:SecurityToken>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509
-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>CN=TestServer, DC=test, DC=null,
DC=uk</wssp:TokenIssuer>
<wssp:Claims>
<!--By specifying the SubjectName claim, the policy system can
look for a certificate with this subject name in the certificate store
indicated in the application's configuration, such as LocalMachine or
CurrentUser. The WSE X.509 Certificate Tool is useful for finding the
correct values for this field.-->
<wssp:SubjectName MatchType="wssp:Exact">C=GB, S=Test,
L=Location, O=TEST, OU=ICT, CN=DEVELOPMENT USE ONLY,
[email protected]</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">W4p1d4CRBh3Kti95k2wbkkZBDxw=</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>
2) I get an exception, as logged in the SendPolicy trace file:
<wset:message
action="http://blogs.dev4net.com/wse/samples/2004/08/AddEntry"
messageId="uuid:3b21997f-3b01-42a2-ae35-860fe4aff00a"
appDomain="WeblogClientSample.exe" time="2004-11-03T11:21:38.8829013-00:00">
<wset:compile qname="wspolicy" wsu:Id="#Sign-X.509-Encrypt-X.509"
usage="Required" canEnforce="false">
<wset:compile qname="wsp:MessagePredicate" usage="Required"
canEnforce="true" />
<wset:compile qname="wssp:Integrity" usage="Required"
canEnforce="false">

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type. A token
will be loaded from the token manager and cached for subsequent message
enforcement.</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
<wset:annotation>Looking for a satisfactory token in the current
message's token collection...</wset:annotation>
<wset:annotation>Looking for a satisfactory token in policy
enforcement token cache...</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type.
Attempting to use the previously cached token...</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
</wset:compile>
</wset:compile>
</wset:message>

***Also, question in regards to where to put the config file (as I asked in
my original post):
1) With my code (containing the web-service proxy client class library and a
windows forms test harness) at
http://www.geocities.com/drkestrel/...f058a0886240d2257f79f46/WebserviceProblem.zip
1.1) How could I get WSE to pickup the Security Policy from the web-service
proxy client (rather than having to set a policy file from the test harness)
?
1.2) Asking 1.1, because the intended use is invoking the Web service proxy
client class library via .NET interop from ASP (so there will be no where to
put any app.config!!). I am a bit rusty in terms of how/where .NET pickup
the app.config? Am I right thinking that it would always pickup the one
from the current application domain, whicch
1.2.1) If I am invoking my .net win forms test harness, would be my
test.exe win form app
1.2.2) If invoked from .NET interop from ASP, it would be picking up
app.config from the .NET class library itself??

 

[Patrick]

Partially good news-
1) I got the WS-Policy WSE Drill down example working with my client
certificate. It was not matching up the optional <wssp:TokenIssuer/> and
<wssp:SubjectName/> attributes. I believe the CN, etc. are the wrong way
around (i.e. DC=com ,DC=microsoft, CN=test and not CN=test, DC=microsoft,
DC=com). Anyway, I commented out these two optional elements and I got the
WSE client signing using my certificate.

2) However, if I took the same policy with my example code at
http://www.geocities.com/drkestrel/...f058a0886240d2257f79f46/WebserviceProblem.zip
2.1) If I update the WSE properties of the test client and the Web Service
Proxy client .NET class library, such that the corresponding app.config
becomes:
<microsoft.web.services2>
<policy>
<cache
name="C:\dev\MsdnWse2SecuritySourceCode\SecurityPolicy\Client\PolicyX509.con
fig" />
</policy>
</microsoft.web.services2>
2.2) I still get the original exception (I would expect the server not to
accept the encryption because it's a WSE certificate, but it's failing even
for the signing), from the trace I get:
<wset:message action="http://twoten.press.net/webservices/PlaceOrder"
messageId="uuid:e5e895c9-2667-4ffd-83a0-7faaf0f6a499" appDomain="test.exe"
time="2004-11-03T12:10:29.1309685-00:00">
<wset:compile qname="wspolicy" wsu:Id="#Sign-X.509-Encrypt-X.509"
usage="Required" canEnforce="false">
<wset:compile qname="wsp:MessagePredicate" usage="Required"
canEnforce="true" />
<wset:compile qname="wssp:Integrity" usage="Required"
canEnforce="false">

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type. A token
will be loaded from the token manager and cached for subsequent message
enforcement.</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
<wset:annotation>Looking for a satisfactory token in the current
message's token collection...</wset:annotation>
<wset:annotation>Looking for a satisfactory token in policy
enforcement token cache...</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching
is set to true in the token manager registered for this token type.
Attempting to use the previously cached token...</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security token.</wset:annotation>
</wset:compile>
</wset:compile>
</wset:message>

Also, if someone could shed some lights in terms of how/where .NET pick up
which app.config, that would be excellent!!!!!

I can confirm that with the WS-Policy example at
http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwse/html/wssecdrill.asp
1) If I update the SecurityPolicyClient\PolicyX509.config to the following
(to use the X.509 cert my Windows 2003 Test certificate authority generate)
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<!--The SecurityToken element within the TokenInfo element
describes which token type must be used for Signing.-->
<wssp:SecurityToken>

-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>CN=TestServer, DC=test, DC=null,
DC=uk</wssp:TokenIssuer>
<wssp:Claims>
<!--By specifying the SubjectName claim, the policy system can
look for a certificate with this subject name in the certificate store
indicated in the application's configuration, such as LocalMachine or
CurrentUser. The WSE X.509 Certificate Tool is useful for finding the
correct values for this field.-->
<wssp:SubjectName MatchType="wssp:Exact">C=GB, S=Test,
L=Location, O=TEST, OU=ICT, CN=DEVELOPMENT USE ONLY,
[email protected]</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">W4p1d4CRBh3Kti95k2wbkkZBDxw=</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>
2) I get an exception, as logged in the SendPolicy trace file:
<wset:message
action="http://blogs.dev4net.com/wse/samples/2004/08/AddEntry"
messageId="uuid:3b21997f-3b01-42a2-ae35-860fe4aff00a"
appDomain="WeblogClientSample.exe" time="2004-11-03T11:21:38.8829013-00:00">
<wset:compile qname="wspolicy" wsu:Id="#Sign-X.509-Encrypt-X.509"
usage="Required" canEnforce="false">
<wset:compile qname="wsp:MessagePredicate" usage="Required"
canEnforce="true" />
<wset:compile qname="wssp:Integrity" usage="Required"
canEnforce="false">

is set to true in the token manager registered for this token type. A token
will be loaded from the token manager and cached for subsequent message
enforcement.</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security

<wset:annotation>Looking for a satisfactory token in the current
message's token collection...</wset:annotation>
<wset:annotation>Looking for a satisfactory token in policy
enforcement token cache...</wset:annotation>

is set to true in the token manager registered for this token type.
Attempting to use the previously cached token...</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security

 

[Patrick]

Solved half of the problem-
WS-Policy not reading from reading config file because Config file tries to
read from Local Machine certificate store and not the Current User
certificate Store.

Can someone help with the app.config problem (i.e., ensure it reads from the
app.config for the web service proxy client class library).

Partially good news-
1) I got the WS-Policy WSE Drill down example working with my client
certificate. It was not matching up the optional <wssp:TokenIssuer/> and
<wssp:SubjectName/> attributes. I believe the CN, etc. are the wrong way
around (i.e. DC=com ,DC=microsoft, CN=test and not CN=test, DC=microsoft,
DC=com). Anyway, I commented out these two optional elements and I got the
WSE client signing using my certificate.

2) However, if I took the same policy with my example code at
http://www.geocities.com/drkestrel/...f058a0886240d2257f79f46/WebserviceProblem.zip
2.1) If I update the WSE properties of the test client and the Web Service
Proxy client .NET class library, such that the corresponding app.config
becomes:
<microsoft.web.services2>
<policy>
<cache
name="C:\dev\MsdnWse2SecuritySourceCode\SecurityPolicy\Client\PolicyX509.con
fig" />
</policy>
</microsoft.web.services2>
2.2) I still get the original exception (I would expect the server not to
accept the encryption because it's a WSE certificate, but it's failing even
for the signing), from the trace I get:
<wset:message action="http://twoten.press.net/webservices/PlaceOrder"
messageId="uuid:e5e895c9-2667-4ffd-83a0-7faaf0f6a499" appDomain="test.exe"
time="2004-11-03T12:10:29.1309685-00:00">
<wset:compile qname="wspolicy" wsu:Id="#Sign-X.509-Encrypt-X.509"
usage="Required" canEnforce="false">
<wset:compile qname="wsp:MessagePredicate" usage="Required"
canEnforce="true" />
<wset:compile qname="wssp:Integrity" usage="Required"
canEnforce="false">

is set to true in the token manager registered for this token type. A token
will be loaded from the token manager and cached for subsequent message
enforcement.</wset:annotation>
<wset:annotation>Invoking
ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token
manager registered for this token type.</wset:annotation>
<wset:annotation>Could not find a security

<wset:annotation>Looking for a satisfactory token in the current
message's token collection...</wset:annotation>
<wset:annotation>Looking for a satisfactory token in policy
enforcement token cache...</wset:annotation>

 

[Patrick]

Also, as I am going to invoke the web-service proxy client class library
from ASP2.0 via .NET/COM Interop, I have
1) installed the class library in GAC
2) used regasm with a /tlb switch to generate and register type libraries
for the .net assembly

Could someone shed some lights on
1) Specifically where/how is it reading an app.config file (it does not
appear to be reading the app.config associated with the class library)
2) Where would the WSE Policy and Message Diagnostic Trace files go?

 

[[MSFT]]

When calling a .NET dll in asp, they won't use the app.config at DLL's
location, but the executable file's. For different OS and IIS version in
the executable for ASP is different:

- inetinfo.exe
- dllhost.exe
- mtx.exe
- w3wp.exe
- aspnet_wp.exe

The Message Diagnostic Trace files also should be in same folder.

Luke

 

[[MSFT]]

Any progress on this issue?

Luke

 

[Patrick]

I have figured out that with Windows XP Professional SP1, IIS5.1, to get
..NET class library reading an app.config when invoked from ASP 2.0
(Classic), I have to
1) installed a .NET Class library into GAC
2) register class library (regasm /tlb)
3) Created an inetinfo.exe.config under %SYSTEMROOT%\system32\intersrv
containing the config settings

With Windows Server 2003, IIS6, I have
1) installed a .NET Class library into GAC
2) register class library (regasm /tlb)
3) created an inetinfo.exe.config under %SYSTEMROOT%\system32\intersrv
containing the config settings
4) created an w3wp.exe.config under %SYSTEMROOT%\system32\intersrv
containing the config settings

However, when the class library is invoked from ASP 2.0 (Classic) on IIS6
with an Application Pool that is set to either Local System or a Domain user
account that is a local administrator, with the correct WSE settings, no
trace files were generated! It probably isn't reading my other config
settings either (e.g. the URL for the web-service the class library is meant
to be invoking), as netstat /n suggests that the class library is not even
connecting to the URL (and ASP timeouts on the call to the public method
within the web-service client proxy class library)

Any clue how I can get this working?

 

[[MSFT]]

Hello Patrick,

When you use a application pool, the executable file will be w3wp.exe. The
config file should be w3wp.exe.config. To narrow down the problem, you may
try to call the .NET component in a winform executable file, not in ASP. To
see if can get the correct return vale and if the log is generated. If this
can be successful, your code and the config file should be OK. We can
perform more research on if this is a permission issue or related to the
config file's name/location.

Luke

 

[Patrick]

I have tried the following
1) Create a VBScript file that
1.1) use CreateObject to instantiate a .NET Class library (a web service
client proxy class), which would read config file using
ConfigurationSettings.AppSettings["WebserviceURL"];
1.2) Invoke a method within such a .NET Class library (which reads from
config file again, e.g. ConfigurationSettings.AppSettings["TestOrder"])

The VBScripts works as expected and the web-service returns with no errors,
and the diagnostic trace files were generated when invoked from VBScript on
Windows Professional SP1 with .NET Framework 1.1

On Windows server 2003, I have
1) Created a replica of the wscript.exe.config from the WinXP Pro SP1 and
saved it as followings on Windows server 2003
1.1) %SYSTEMROOT%\system32\wscript.exe.config
1.2) %SYSTEMROOT%\system32\cscript.exe.config

When I then invoke the VBScript, I don't get any runtime scripting error,
but the public method does not behave as expected, returning the value it
should be returning. Using FileMon.exe from
http://www.sysinternals.com/ntw2k/utilities.shtml, I note the following
errors. Note, these are the exact errors which I get on the Windows XP Pro
SP1 with .NET Framework 1.1 machine if I were to delete the
wscript.exe.config file! (But from filemon, we could see Windows 2003
server is using CScript.exe to execute the VBScript, but I have already
created cscript.exe.config, why is there a problem??). I am logged on to
the windows 2003 server as a user that is a member of the Administrators
group on the windows 2003 server!


----------------------------Start of Errors from
FileMon.exe----------------------------
cscript.exe:4724 QUERY INFORMATION
C:\windows\microsoft.net\framework\v1.1.4322\Kernel32.dll FILE NOT FOUND
Attributes: Error
cscript.exe:4724 QUERY INFORMATION
C:\windows\microsoft.net\framework\v1.1.4322\Kernel32.dll FILE NOT FOUND
Attributes: Error
cscript.exe:4724 OPEN
C:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\System.pdb FILE
NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\symbols\dll\System.pdb FILE NOT FOUND
Options: Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\System.pdb FILE NOT FOUND Options: Open
Access: All
cscript.exe:4724 OPEN
C:\windows\assembly\gac\microsoft.web.services2\2.0.1.0__31bf3856ad364e35\Mi
crosoft.Web.Services2.pdb FILE NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\symbols\dll\Microsoft.Web.Services2.pdb
FILE NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\Microsoft.Web.Services2.pdb FILE NOT FOUND
Options: Open Access: All
cscript.exe:4724 OPEN
C:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\Sys
tem.Web.Services.pdb FILE NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\symbols\dll\System.Web.Services.pdb FILE
NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\System.Web.Services.pdb FILE NOT FOUND
Options: Open Access: All
cscript.exe:4724 QUERY INFORMATION
C:\windows\microsoft.net\framework\v1.1.4322\ole32.dll FILE NOT FOUND
Attributes: Error
cscript.exe:4724 QUERY INFORMATION
C:\windows\microsoft.net\framework\v1.1.4322\ole32.dll FILE NOT FOUND
Attributes: Error
cscript.exe:4724 OPEN
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\config\security.config.cch.4724
..83370046 FILE NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\config\enterprisesec.config.cch
..4724.83370046 FILE NOT FOUND Options: Open Access: All
cscript.exe:4724 OPEN C:\Documents and Settings\admin\Application
Data\Microsoft\CLR Security
Config\v1.1.4322\security.config.cch.4724.83370046 FILE NOT FOUND Options:
Open Access: All
cscript.exe:4724 OPEN C:\WINDOWS\dll\System.pdb PATH NOT FOUND
cscript.exe:4724 OPEN C:\WINDOWS\dll\Microsoft.Web.Services2.pdb PATH NOT
FOUND
cscript.exe:4724 OPEN C:\WINDOWS\dll\System.Web.Services.pdb PATH NOT FOUND
----------------------------End of Errors from
FileMon.exe----------------------------

 

[Steven Cheng[MSFT]]

Hi Patrick,

Thanks for your followup. Since Luke is OOF these days, I'll help him
assist you on this issue. I've got the info from your former messages and
will do some further test based on your latest progress. And I'll update
you as soon as I got some new findings. Thanks for your understanding.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Steven Cheng[MSFT]]

Hi Patrick,

Since you've mentioned that when using the interoped .net assembly in
script code on a win2003 , the COM object can't find the app.config file.
I've done a simple test on the win2003 server with framework1.1. It seems
that the wscript.exe can find the wscript.exe.config file and retrieve the
AppSettings from it. So I'm wondering whether there is any other
enviormental differernce which cause the problem?
Have you tried just create a simple .NET assembly which contain a class
read info from application config file and call it from script code to see
whether it works?


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)