The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.
IWAM账号建立后被Active Directory、IIS metabase数据库和COM+应用程序三方共同使用,账号密码被三方分别保存,并由操作系统负责这三方保存的IWAM密码的同步工作。按常理说,由操作系统负责的工作我们大可放心,不必担心出错,但不知是BUG还是其它什么原因,系统的对IWAM账号的密码同步工作有时会失败,使三方IWAM账号所用密码不统一。当IIS或COM+应用程序使用错误IWAM的密码登录系统,启动IIS Out-Of-Process Pooled Applications时,系统会因密码错误而拒绝这一请求,导致IIS Out-Of-Process Pooled Applications启动失败,也就是我们在ID10004错误事件中看到的“不能运行服务器{3D14228D-FBE1-11D0-995D-00C04FD919C1} ”(这里{3D14228D-FBE1-11D0-995D-00C04FD919C1} 是IIS Out-Of-Process Pooled Applications的KEY),不能转入IIS5应用程序,HTTP 500内部错误就这样产生了。
(2)找到“组件服务”->“计算机”->“我的电脑”->“COM+应用程序”->“Out-Of-Process Pooled Applications”,右击“Out-Of-Process Pooled Applications”->“属性”。
(3)切换到“Out-Of-Process Pooled Applications”属性对话框的“标志”选项卡。“此应用程序在下列账户下运行”选择中“此用户”会被选中,用户名是“IWAM_MYSERVER”。这些都是缺省的,不必改动。在下面的“密码”和“确认密码”文本框内输入正确的密码“Aboutnt2001”,确定退出。
(4)系统如果提示“应用程序被一个以上的外部产品创建。你确定要被这些产品支持吗?”时确定即可。
(5)如果我们在IIS中将其它一些Web的“应用程序保护”设置为“高(独立的)”,那么这个WEB所使用的COM+应用程序的IWAM账号密码也需要同步。重复(1)-(4)步,同步其它相应Out of process application的IWAM账号密码。
Name: IIS Out-Of-Process Pooled Applications Key: {3D14228D-FBE1-11D0-995D-00C04FD919C1}
从上面脚本的执行情况可以看出,使用synciwam.vbs脚本要比使用组件服务的方法更全面和快捷。它首先从IIS的metabase数据库找到IWAM账号"IWAM_MYSERVER"并取出对应的密码“Aboutnt2001”,然后查找所有已定义的IIS Applications和Out of process applications,并逐一同步每一个Out of process applications应用程序的IWAM账号密码。
Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.
然后在其中查找“processModel Attributes:”字符串。
找到后,从此向下找到这样的设置:
userName="[user]" - Windows user to run the process as.
将它改为:
userName="System" - Windows user to run the process as.
再向下找到这样的设置:
password="[AutoGenerate | password]" - Password of windows user. For special users (SYSTEM and machine), specify "AutoGenerate".
将它改为:
password="AutoGenerate" - Password of windows user. For special users (SYSTEM and machine), specify "AutoGenerate".
你是不是同时在机子上装了active directery和.net
微软的活动目录和.net存在帐号不一致的问题。
FIX: ASP.NET Does Not Work with the Default ASPNET Account on a Domain Controller
The information in this article applies to:
Microsoft ASP.NET (included with the .NET Framework) 1.0
Microsoft Internet Information Services 5.0
Microsoft Mobile Internet Toolkit (MMIT)
This article was previously published under Q315158
SYMPTOMS
After you install Microsoft Visual Studio .NET or the Microsoft .NET Framework on a domain controller or on a backup domain controller, if you try to run an ASP.NET application, the browser displays the following error message:
Server Application Unavailable
The web application you are attempting to access on this web server is currently unavailable.
Please hit the "Refresh" button in your web browser to retry your request.
Furthermore, the following event is logged in the system application event log:
aspnet_wp.exe could not be launched because the username and/or password supplied in the processModel section of the config file are invalid.
aspnet_wp.exe could not be started.
HRESULT for the failure: 80004005
This applies to Internet Information Services (IIS) version 5.0 or later.
CAUSE
By default, ASP.NET runs its worker process (Aspnet_wp.exe) with a weak account (the local machine account, which is named ASPNET) to provide a more secure environment. On a domain controller or on a backup domain controller, all user accounts are domain accounts and are not local machine accounts. Therefore, Aspnet_wp.exe fails to start because it cannot find a local account named "localmachinename\ASPNET". To provide a valid user account on the domain controller, you must specify an explicit account in the <processModel> section of the Machine.config file, or you must use the SYSTEM account.
NOTE: If you try to debug (click the Start button) before you try to browse to the page you can experience the exact same problem.
RESOLUTION
To work around this problem, use one of the following methods:
Create a weak account that has the correct permissions, and then configure the <processModel> section of the Machine.config file to use that account.
Set the userName attribute to SYSTEM in the <processModel> section of the Machine.config file.
Configure the <processModel> section of the Machine.config file to use an administrator account.
NOTE: Allowing ASP.NET applications to run as SYSTEM or an administrator account has serious security implications. If you use either of these workarounds, code that is run in the Aspnet_wp.exe process will have access to the domain controller and the domain settings. Executable files that are started from the Aspnet_wp.exe process run in the same context and also have access to the domain controller.
Therefore, Microsoft recommends that you use the first workaround. To use the first workaround, follow these steps:
Create a user account on the computer named ASPUSER, and then add this account to the Users group.
NOTE: You can also use the ASPNET account that the .NET Framework created if you change the password on this account. You must know the password on this account because you add the password to the <processModel> section later in these steps.
Grant the ASPUSER or the ASPNET account the Log on as a batch job user right. Make sure that this change appears in the Local Security Policy settings.
NOTE: To grant the Log on as a batch job user right on this account, you may have to grant this user right in each of the following security policies (From the Control Panel/Administrative Tools):
Domain Controller Security Policy
Domain Security Policy
Local Security Policy
NOTE: You may have to reboot the server for these changes to take effect.
Make sure that the ASPUSER or the ASPNET account has permission to access all of the necessary directories and files to start the Aspnet_wp.exe process and to serve the ASP.NET pages.For additional information about what permissions you must grant to this account, click the article number below to view the article in the Microsoft Knowledge Base:
317012 INFO: Process and Request Identity in ASP.NET
Open the Machine.config file. The path to the file is: %Systemroot%\Microsoft.NET\Framework\v1.0.3705\CONFIG.
In the <processModel> section of the Machine.config file, change the userName and the password attributes to the name and the password of the account that you created in step 1. For example:
userName="DomainName\ASPUSER" password="ASPUSERpassword"
Save the changes to the Machine.config file.
STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. This bug was corrected in ASP.NET (included with the .NET Framework) 1.1.
REFERENCES
For additional information about ASP.NET security, click the article number below to view the article in the Microsoft Knowledge Base:
306590 INFO: ASP.NET Security Overview