Whenever I run the web application, it is fine and the login screen shows. However, when I run the web application in the Azure emulator things go wrong.
It cannot execute the operation "CreateFile" on a random resource file, as shown below, look at the bottom two entries where the result is "ACCESS DENIED". The language of my system is Dutch (nl-NL) so that doesn't have to do with it.
I have opened the properties of these events and they are posted below:
The process w3wp.exe is run under NT AUTHORITY\NETWORK SERVICE and this account has full rights on the parent directory and the actual files inside the directory.
Two additional notes:
I have fully updated Windows 8, Visual Studio 2012, Azure SDK October 2012 etc.
A colleague of mine has got it all up and running with no seemingly changes on his end.
Do you guys have any idea why this happens? Again, it only happens when run in Azure.
It seems that the following didn't hold when I double-checked it:
The process w3wp.exe is run under NT AUTHORITY\NETWORK SERVICE and this account has full rights on the parent directory and the actual files inside the directory.
Only the parent directories had the combination of NETWORK SERVICE and the rights imposed, the individual files didn't. After explicitly setting the rights on the files, the problem was solved.
Related
I've installed TFS2018 Express. It appears to have completely installed.
When I attempt to access its website component, I get the Win32 0x80004005 Access is Denied error. The stack trace references a csc.exe program in a roslyn sub-sub directory. The failing command mentions a file in another directory.
I've seen other threads that say not to run TFS in 32-bit mode. The installer didn't ask me and I don't know how to tell it to act in 64-bit mode.
Other threads say I need to add read and execute permissions to the directory. Which directory/directories? I've added it to the whole website directory and its children plus the referenced file directory.
It seems pretty darn silly for the product to install itself with inadequate permissions and not tell us which permissions are needed.
The error message tells me what command was failing.
[Win32Exception (0x80004005): Access is denied]
[ExternalException (0x80004005): Cannot execute a program. The command being executed was:
"d:\Program Files\Microsoft Team Foundation Server 2018\Application Tier\Web Services\bin\roslyn\csc.exe" /shared /keepalive:"10" /noconfig /fullpaths #"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tfs\af7cc5\244hjudj.cmdline"
Just for testing, after fighting it for some time, I gave full control over the roslyn directory and to the TFS (and child) directories to domain users where the cmdline file was mentioned. No change in the error message.
I put the above command into the command line and ran it. I get this error message:
error CS2011: Error opening response file 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tfs\af7cc5\244hjudj.cmdline'
warning CS2008: No source files specified
error CS1562: Outputs without source must have the /out option specified.
Any ideas?
See https://developercommunity.visualstudio.com/content/problem/165639/0x80004005-access-is-denied-on-new-install-of-tfs2.html# for an answer that worked for me.
Key elements are that the program was installed via the iso installer and it apparently caused the website to run in 32bit mode, when 64bit mode is needed.
This caused the website to recompile to 64bit mode:
Files under C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary
ASP.NET Files are created by ASP.NET compiler. It is very strange that
error message mentions
C:\Windows\Microsoft.NET\Framework\v4.0.30319 instead of
C:\Windows\Microsoft.NET\Framework64\v4.0.30319
since TFS must be running in 64-bit Application Pool. Could you make
sure that "Microsoft Team Foundation Server Application Pool" and
"Microsoft Team Foundation Server Message Queue Application Pool"
application pools are configured to run in 64 bit processes?
To do this you can do the following:
1) Open IIS Manager (inetmgr.exe)
2) Select Application Pools page
3) Select "Microsoft Team Foundation Server Application Pool" click on
"Advanced Settings..." link on the right pane.
4) Make sure that Enable 32-bit Applications is set to False.
5) Repeat steps 3 and 4 for the "Microsoft Team Foundation Server
Message Queue Application Pool"
Once you verified that application pools are configured to run in 64
bit processes, open Sites page in the IIS manager and find out ID of
the Team Foundation Server site (second column). Usually it is 1 or 2.
After that, execute the following from the elevated command prompt:
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
-errorstack -m /LM/W3SVC/1/root/tfs
Replace bold 1 with ID of your Team Foundation Server site.
Does it report any errors?
In my case, the 32bit settings on the application pools were correct, and the aspnet_compiler.exe command caused the website to switch to 64bit mode. After that, all was well.
Been looking through and trying all guides i found on this topic but no luck. I am running and MVC project with HTTPS and want to access the debug site with some remote mobile devices to test out the website. I followed a guide that almost work and i think I am pretty close to getting it to work. Here are the steps I have done:
Turn off Firewall
Open projectfolder of website go to \vs\config\ and open applicationhost.config
Find your site and line that contains your mapped port like this:
-edit it to get this result:
Tried to run Visual Studio as Admin at this point, Got regular error 400: Bad Request - Invalid Hostname when trying to access site from other computer
Opened CMD as Admin and ran the following command:
netsh http add urlacl url=http://*:44363/ user=everyone
- URL reservation successfully added
-Tried to start Visual studio as admin and non admin. Gets the following error message
"Unable to launch the IIS Express Web Server.
Failed to reister URL "https://localhost:44363" for site "x" Application. Error description: Cannot create file when that file already exists"
-I then have to run cmd again and remove the url with the command:
netsh http delete urlacl url=http://*:44363/
How do i get this to work with Visual Studio 2017 ? I cant be many steps from getting it to work. I have read many guides but none of them works
Amazing how such a simple common need can be so painful to fulfill out of the box in 2017!
Anyway https://github.com/icflorescu/iisexpress-proxy worked nicely for me.
Install it with node:
npm install -g iisexpress-proxy
Then its just something like:
iisexpress-proxy 51123 to 3000
Under 2 mins to get running.
Let me share my experience with Visual Studio and IIS Express that should help you. I am not using HTTPS and my project type is Web site with WCF but you should be able to accomplish your goal.
Here are prerequisites:
IIS Express installed
Visual Studio installed
Added url reservation for public port (netsh http add url=http://*:50001/ User=Everyone) from elevated command prompt.
Added firewall inbound rule for 50001 TCP port (Control Panel-->Windows Firewall-->Advances Settings-->Inbound Rules-->New Rule...)
Now let us setup a project in VS. I am using one of predefined templates with C#. Compile it and try to run it from VS. At that moment VS is starting developer instance of IISExpress that helps your site to run.
You should be able to see IIS Express icon in Notification area. With right click you will see that your site is running and a port (we will call it VSPORT) that is assigned by VS. This port must be different than reserved port (50001).
If you managed to accomplish this without problems then you have almost everything ready for running your site without VS.
Go to your project folder
Go to .vs folder
Go to config folder
Open applicationhost.config
Locate sites/your_site section
Copy everything between your_site and /your_site
Now we need to add this info in "global" IIS Express config.
Go to IIS Express folder (something like c:\Users\USERNAME\Documents\IISExpress)
Go to config folder
Open applicationhost.config
Locate sites section.
Paste information about your site.
Change binding from
binding protocol="http" bindingInformation="*:VSPORT:localhost"
to
binding protocol="http" bindingInformation=":50001:"
Save changes
With this change you may start IISExpress.exe directly and you can continue to use VS to work on you project at the same time.
If you want to access it from other computers do it as http://YOURIP:50001/.
Do have in mind that you need to ensure that your javascript code is NOT using address and port number directly.
You can solve the problem by downloading the 'conveyor' library from extensions and update in Visual Studio.
You can access it from other devices.
Open Visual Studio
Tools > Extensions and Updates
Online > Visual Studio Marketplace
Search 'Conveyor'
Download and install this extension
When you launch the API, you can access it from other devices. This plugin creates a link from your own ip address.
Example:
https://youripadress:5000/api/values
I'm not sure if this is proper place for such question (maybe should be placed on SuperUser?), but I'll try.
I have one C# console application and one Windows service. Both does the same, but console app was created before and is kept for backward compatibility. Each of these is running WCF service, whose methods operates on files in C:\ProgramData\MyApp. Console app is run as limited user (non-admin), Windows service runs as NT AUTHORITY\NETWORK SERVICE. When app creates some dirs/files, service cannot delete it and vice versa.
I would like to have it secured. My question is: should I grant full permissions on C:\ProgramData\MyApp to NETWORK SERVICE and current user? Or should I create dedicated user for running service/app?
Assuming your application does not set explicit security permission on newly created files, granting Network Service account Delete permissions on the folder would solve your immediate problem.
This command will do the work:
icacls c:\ProgramData\MyApp /t /grant "NETWORK SERVICE":(OI)(CI)(IO)D
Repeat the same for your other user service account.
I'm trying to install Team Build (2008) on a different Build Server (BS) to the Application Tier (AT). BS is a 32-bit Windows 2008 server (as is the AT). They are on a corporate domain.
The EXE in question is
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies>
TFSBuildService.exe
The service on BS cannot start - the error is "Windows could not start the Visual Studio Team Foundation Build service on Local Computer\r\nError 5: Access is denied.". There is NO additional information in the Event Log. It is set to run as DOMAIN\TFSSERVICE account, which is also added to the Local Administrators group. It fails very quickly.
When I try to run it 'interactively' - the error on the command line is "Program too big to fit in memory".
It seems to me like this should be a fairly simple thing to set-up and use. What am I missing?
Notes:
I got my .config from Buck. I'm pretty sure I've correct set the ports, Windows Firewall rules
I can access the web services on AT from BS via Internet Explorer (using the DOMAIN\TFSERVICE login)
I've added DOMAIN\TFSSERVICE user to a TFS project's Build Services group
I have checked DOMAIN\TFSSERVICE has full permissions on pretty much everything on the Build server.
Try this:
Associate the default port to the new build service account using the wcfhttpconfig.exe command-line tool located in the following folder:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies
Execute (from the folder above):
wcfhttpconfig.exe reserve DOMAIN\UserAccount 9191
Full credit from the following post:
http://wesmacdonald.spaces.live.com/Blog/cns!25108A9ADA96C9D7!1553.entry
I suggest you should set up a dedicated TFSBUILD account and not use the TFS Service account for this task as a best practice.
OK, the fact that you can access web services using the TFSSERVICE account from BS through to AT is a good thing, I am making the assumption you have created a LOCAL account on the BS machine for the TFSSERVICE account?
If not, please:
add a LOCAL account with the same name as DOMAIN\TFSSERVICE.
ensure that the password matches that of the DOMAIN\TFSSERVICE account.
ensure that account has "log on as a service" right under Local Security Policy.
Please read article: http://social.msdn.microsoft.com/Forums/en-US/tfsbuild/thread/d519b8e3-451a-4f07-97b1-e2943c2756c2
My issue was that my passwords for the AT and BS machine had to MATCH on the same domain. Please double-check that the TFSSERVICE account password matches on both the AT and BS machine, as the service will use impersonation when on the same domain.
I have an application that runs as a service, and dynamically creates and publishes windows performance (perfmon) counters.
When I run the application under my own account (as a service) which has administrative privileges, I get the following error:
714: The specified registry key is referenced by a predefined handle.
When I run the application from the command line, no error is produced.
I believe that this is a result of UAC, but I don't particularly want to disable UAC altogether.
Any ideas?
It is not enough just to be logged in as an administrator. The service needs to have an embedded manifest that sets the requestedExecutionLevel to requireAdministrator.