i having difficulty setting permissions apppoolidentity correctly.
the error shown in failed request logs is:
modulename="iis web core", notification="begin_request", httpstatus="500", httpreason="internal server error", httpsubstatus="0", errorcode="the i/o operation has been aborted because of either thread exit or application request. (0x800703e3)", configexceptioninfo="" i believe permissions issue because changing apppoolidentity localsystem application pool makes in website work. when apppoolidentity set applicationpoolidentity error shown above receive. have named application pool identity using following syntax:
iis apppool\<app_pool_name> i have confirmed that:
- i using correct app_pool_name when setting permissions. (using check names when setting permission works means windows finding user.)
- the wwwroot , oracle client directory have permissions allow application pool identity read , execute files.
- anonymous authentication enabled in iis , set use application pool identity.
do permissions need granted other directories have missed? or other problem missing?
for background using windows server 2008 r2 iis 7.5.
thanks in advance!
edit: have done tracing, advice peter gave , found missing permissions. permissions missing were:
- full control hklm\software\microsoft\systemcertificates\
- full control hku{guid}\software\policies\microsoft\systemcertificates\
- full control hklm\software\microsoft\enterprisecertificates\
- read hklm\system\currentcontrolset\services\eventlog\security\
- full control c:\windows\syswow64\config\systemprofile\appdata\
after modifying these permissions application logging windows event log custom application errors. (basically custom application error telling me not able establish connection database.). keep in mind if run localsystem , not apppoolidentity user in iis works. using process monitor again found oracle client logging sqlnet.log file. in file showing:
fatal ni connect error 12631, connecting to: (description=(address=(protocol=tcp)(host=[db ip address])(port=1521))(connect_data=(server=dedicated)(service_name=[service name])(cid=(program=c:\windows\syswow64\inetsrv\w3wp.exe)(host=[web application server name])(user=[app pool identity user])))) version information: tns 32-bit windows: version 11.2.0.1.0 - production windows nt tcp/ip nt protocol adapter 32-bit windows: version 11.2.0.1.0 - production time: 21-jul-2015 16:28:00 tracing not turned on. tns error struct: ns main err code: 12631 tns-12631: username retrieval failed ns secondary err code: 0 nt main err code: 0 nt secondary err code: 0 nt os err code: 0 any idea on why using apppoolidentity user trying connect with?
i have solved issue.
in edit made above added necessary permissions solved issue number one.
in order working modified sqlnet.ora file following:
# sqlnet.ora network configuration file: e:\oracle_client\product\11.2.0.1\client_x32\network\admin\sqlnet.ora # generated oracle configuration tools. #sqlnet.authentication_services= (none, nts) sqlnet.authentication_services= (none) names.directory_path= (tnsnames, ezconnect) note original sqlnet.authentication_services set none only.
(i believe change did not take affect immediately, after couple of minutes did. restarting machine might overkill, sufficient).
i had switched apppoolidentity localservice , apppoolidentity. after doing worked, don't think switching apppoolidentity back-and-forth had influence on getting work.
Comments
Post a Comment