I am trying to create a WIX installer to install my windows service to run under the NetworkService account and getting an Insufficient Priviledges error during the installation.
I found this post where someone seems to be experiencing the same problem but no real solution was offered:
http://n2.nabble.com/Re-WiX-users-Digest-Vol-40-Issue-129-td3782055.html
I'm sure someone must have acheived this previously and wondered if they'd be kind enough to share a code snippet?
NOTE: The answer below is only relevant on the older builds of WIX and Windows at the time the question was raised. The current version of the WIX service credentials will work if you set the native "NT AUTHORITY" domain and "NetworkService" account (no space necessary now).
Original Answer:
The correct identity name is "NT Authority\Network Service" not "NT Authority\NetworkService". A space is required then it works.
Funny that the default "LocalSystem" works directly with WIX 3.5, but for other well known accounts you have to prefix with "NT Authority...", for example "LocalService" does not work either when used directly.
i.e. fix this with:
Account='NT Authority\Network Service'
It seems a few remnants of a previously failed install were preventing me from removing and reinstalling with Account="NT Authority\NetworkService". All is well in the universe again.
I had the following snippet working under Windows 8.1 FR, and Windows 2012R2 ENU. But using NT AUTHORITY\NETWORK SERVICE failed with the insufficied privileges error.
So, at least under recent systems you must use NT AUTHORITY\NETWORKSERVICE as documented in MSDN.
<ServiceInstall Id="xserviceInstall" Name="$(var.xServiceid)"
DisplayName="$(var.xServiceid)"
Description="x service" Start="auto" Type="ownProcess"
ErrorControl="ignore"
Account="NT AUTHORITY\NETWORKSERVICE"
Arguments="-w -N" Vital="yes" />
I used customAction to find the user credentials are correct or not.
If user credentials are matches the account in the machine they want to install,I will allow them to proceed to next dialog(UI) other wise I will show another Dialog indicating the user that account not found.
Related
I am facing a very peculiar issue. I have a .net core windows service (XYZ) whose installer (XYZ.msi) is created using Wix. I am trying to install this service in a container. The service gets installed, then windows tries to register it as a service, the service times out giving me the following "information" in System Eventlogs The XYZ Service (XYZ) service failed to start due to the following error: %%1053 A timeout was reached (30000 milliseconds) while waiting for the XYZ service (XYZ) service to connect., and then the service gets uninstalled which is expected.
Further when I check the Application event logs I get these
Product: XYZ -- Error 1920. Service 'XYZ' (XYZ) failed to start. Verify that you have sufficient privileges to start system services.
Windows Installer installed the product. Product Name: XYZ. Product Version: 0.0.0.0. Product Language: 1033. Manufacturer: .... Installation success or error status: 1603.
So in order to understand these error codes I referred to Error Code 1603 and few other links on Error 1920, but since these are pretty generic, these links were of no use.
The same service is working fine locally and on a different server.
The folder inside the container where XYZ.msi resides has these privileges
Path : Microsoft.PowerShell.Core\FileSystem::C:\app
Owner : NT AUTHORITY\SYSTEM
Group : NT AUTHORITY\SYSTEM
Access : BUILTIN\Administrators Allow FullControl
BUILTIN\Administrators Allow 268435456
NT AUTHORITY\SYSTEM Allow FullControl
NT AUTHORITY\SYSTEM Allow 268435456
NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
NT AUTHORITY\Authenticated Users Allow -536805376
BUILTIN\Users Allow ReadAndExecute, Synchronize
BUILTIN\Users Allow -1610612736
Audit :
Sddl : O:SYG:SYD:(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;0x1301bf;;;AU)(A;OICIIOID;SDGXGWGR;;;AU)(A;ID;0x1200a9;;;BU)(A;OICIIOID;GXGR;;;BU)
Also I am assuming that all the installation happen with ContainerAdministrator account inside the container.
Now I am not able to figure out what the problem is, how to troubleshoot it further and if its a privileges issue what privileges do I need to set. Any help in this regard would be appreciated. Thanks !
EDIT: The dockerFile looks like this
FROM mcr.microsoft.com/windows/servercore:ltsc2019-amd64
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
WORKDIR /app
COPY [".","."]
RUN ["powershell.exe", "./install.cmd"]
WiX .wxs code
<Fragment>
<ComponentGroup Id="ServiceComponents" Directory="APPLICATIONFOLDER">
<Component Id="ServiceComponent" Guid="649E5964-126A-4DF5-95CF-CE7C2474E981">
<File Id="xyz.exe" KeyPath="yes" Vital="yes" DiskId="1" Source="..\xyz\bin\$(var.Platform)\$(var.Configuration)\netcoreapp3.1\win-x64\xyz.exe"/>
<ServiceInstall
Id="ServiceInstaller"
Type="ownProcess"
Vital="yes"
Name="xyz"
DisplayName="$(var.ProductName)"
Description="$(var.Description)"
Start="auto"
Account="NT AUTHORITY\LocalService"
ErrorControl="normal" Interactive="no">
<ServiceConfig DelayedAutoStart="yes" OnInstall="yes" OnReinstall="yes" />
<util:ServiceConfig FirstFailureActionType="restart" SecondFailureActionType="restart" ThirdFailureActionType="none" ResetPeriodInDays="1" RestartServiceDelayInSeconds="0" />
</ServiceInstall>
<ServiceControl
Id="ServiceController"
Name="xyz"
Start="install"
Stop="both"
Remove="both"
Wait="yes" />
</Component>
</ComponentGroup>
</Fragment>
I've personally never attempted to install an MSI inside a container. The containers I've worked with (mostly linux based) the container simple would call the EXE as a console app and it's not actually a service per say. I'll assume from what you write that it's somehow possible to install an MSI inside of a windows container.
With that said, the 1920 error simply means the service didn't start. The 'verify you have admin' has always been a misnomer. To troubleshoot in windows I usually pause the installer right there and try to run the EXE manually to see if I get any errors to the console. Typically this will be a message saying .NET (Core) or some dependency isn't installed. If the EXE actually starts and you have some exception down the road then this will take additional debugging.
I'm not sure how you hijack a windows container but you'll need to do something similar to debug/profile the issue. Basically it works on one machine and not your container because your docker image doesn't have something that the other machine does have and your code doesn't like it.
I would first try and find the root cause of the problem by installing the MSI with verbose logging enabled. Here you can find an example of how to do that. The logfile should give more details regarding what happened (maybe you have some failing custom actions in your installer and the infamous 'value 3' in the log file).
I would also try and modify the wxs file so that installation does not start the service (by removing ServiceControl Start="install" and replacing ServiceInstall Start="auto" with ServiceInstall Start="demand"). With this modification installation of MSI should probably succeed. Are you then able to start the xyz.exe (directly, not as a service)? If no, the problem is not in the installation, but in the executable. Are you able to start the service manually after those changes?
Although I am still investigating the behavior of .net core windows service and has started another thread here to take the SO community's view on this, it appears that the problem was with the way the service was implemented. It's a strange behavior but if I do not use Worker Template that comes with .net core 3 and instead create the service like it was done in .net core 2.1 using ServiceBase and IHostingLifetime it works fine in all the environments.
I am trying to get some automatic deployments up and running using TFS 15 (on-premise). I have a powershell script on the deployment target to call.
The deployments starts fine by downloading the artifact. But when the agent runs the script it wants to create a folder C:\Windows\DtlDownloads (thats not part of my script but part of preparing things for TFS I guess). That fails:
##[debug]System.AggregateException: Failed to install 'VisualStudioRemoteDeployer20597940-38b2-4ba8-9a4d-fcc894308730' from service executable path VisualStudioRemoteDeployer.exe . Consult the logs below:
Access to the path 'DtlDownloads' is denied.
CategoryInfo :PermissionDenied: (C:\Windows\DtlDownloads:String) [New-Item], UnauthorizedAccessException
FullyQualifiedErrorId :CreateDirectoryUnauthorizedAccessError,Microsoft.PowerShell.Commands.NewItemCommand
The user used to logon is a server-local user named deploy who is also a local administrator on that machine. I also checked the effective access for that user on the windows folder and it should be able to create directories.
Something similar happens with the copy step. Robocopy signals two errors:
2017/03/16 08:57:21 ERROR 5 (0x00000005) Getting File System Type of Destination \\server.domain.com\c$\abc\def\
Access is denied.
and
2017/03/16 08:57:21 ERROR 5 (0x00000005) Creating Destination Directory \\server.domain.com\c$\abc\def\
Access is denied.
The second is a bit unexpected as the folder def already exists but I guess it is a follow up because getting the type failed beforehand.
The user itself must have been recognized because I get different errors when using invalid credentials. I have enabled WinRM using Enable-PSRemoting and ConfigureWinRM.ps1 from WinRM-Http-Https-Without-Makecert.
What could still restrict the permissions?
Update: Using a domain user instead of a local one of that server solves the issue. But I do not understand why. Can someone explain or even provide information how to make it work with a local user?
The username of either a domain or a local administrative account on
the target host(s).
Formats such as username, domain\username, machine-name\username, and .\username are supported.
UPN formats such as username#domain.com and built-in system accounts such as NT Authority\System are not supported.
Source Link
Both the domain account and local admin should be work. Please double check your format and give a try with another format.
One problem could be if that you have the agent as a service, that service has not the proper privileges, like being on Network Account. Try to change that to the user account which has administrative privileges.
Running "winrm quickconfig" fixed this problem for me
winrm quickconfig
https://learn.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management
I have a simple webAPI build by Visual Studio 2013. It works well when I run it from VS13 but when I copy the project in local IIS it gives me the following error.
HTTP Error 500.19 - Internal Server Error The requested page cannot be
accessed because the related configuration data for the page is
invalid.
Detailed Error Information:
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x80070021
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File \?\C:\inetpub\wwwroot\APITeslin\web.config
Config Source:
36: <system.webServer>
37: <handlers>
38: <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
Got precisely the same error and came to this question. As #SpaceBison mentioned in comments, this answer describes the solution - https://stackoverflow.com/a/12867753/404099. I spotted it too late and it misses some steps. This is what worked for me:
Windows Server 2012, IIS 8.5. Should work for other versions too.
Go to server manager, click add roles and features
In the roles section choose: Web Server
Under Security sub-section choose everything (I excluded digest, IP restrictions and URL authorization as we don't use them)
Under Application Development choose .NET Extensibility 4.5, ASP.NET 4.5 and both ISAPI entries
In the features section choose: NET 3.5, .NET 4.5, ASP.NET 4.5
In the web server section choose: Web Server (all), Management Tools (IIS Management Console and Management Service), Windows Authentication - if you are using any of it
I got this error while trying to host a WCF service in an empty ASP.NET application. The whole solution was using .NET 4.5 platform, on IIS 8.5 running on Windows 8.1.
The gotcha was to
Open up "Turn Windows Features on or off"
Go to WCF section under ASP.NET 4.5 advanced services
Check HTTP Activation.
You'll be asked to restart the system.
This should Fix the HTTP 500.19!
EDIT 11-FEB-2016 Just got an issue on Windows 10 Pro, IIS 10, This time, it was an HTTP 404.0. The fix is still the same, turn on "HTTP Activation" under Windows Features -> .NET Framework 4.6 Advanced Services -> WCF Services -> HTTP Activation
I also was getting the same problem but after brain storming with IIS and google for many hours. I found out the solution.
This error is because some settings are disabled in IIS applicationHost.config.
Below are the steps to solution:
Go to C:\Windows\System32\inetsrv\config\applicationHost.config and open in notepad
Change the following key value present in
<section name="handlers" overrideModeDefault="Deny" /> change this value from "Deny" to "Allow"
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
change this value from "Deny" to "Allow"
It worked for me.
If you're running IIS on that computer for the first time, you should try running the ASP.NET IIS registration tool (aspnet_regiis.exe).
Here's how to do that:
If you're using .net framework v4, open command prompt as an administrator, and change directory to your .net framework base folder using:
CD C:\Windows\Microsoft.NET\Framework\v4.0.30319
or, if you're using a 64 bit computer, use:
CD C:\Windows\Microsoft.NET\Framework64\v4.0.30319
when you've successfully navigated to the appropriate directory, execute the ASP.NET IIS registration tool using:
aspnet_regiis -i
If you're using a different .NET framework version, simply replace v4.0.30319 with the appropriate folder name.
Hope this helps.
I solved this by doing the following:
WebServer(ISS)->WebServer->Application Development
add .NET Extensibility 3.5
add .NET Extensibility 4.5
add ASP.NET 4.5
add ISAPI Extensions
add ISAPI Filters
On Windows 8.1, IIS 8.5 the solution for me was to register 4.5 from the control panel:
Programs and Features > Turn Windows features on or off > Information Information Services > World Wide Web Services > Application Development Features > Select ASP.NET 4.5
Click OK.
As the error idnicates - "This happens when the section is locked at a parent level". To unlock the section you can use appcmd.exe and execute the following command:
%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/handlers -commitpath:apphost
For more information on about section locking and what a parent configuration context is refer to IIS documentation.
If it is windows 10 then open the powershell as admin and run the following command:
dism /online /enable-feature /all /featurename:IIS-ASPNET45
On Windows 8.1 or 10 include the .Net framework 4.5 or above as shown below
In our case, we struggled with this error for quite some days. It turns out that in control panel, programs, turn windows features on or off.
We selected Internet Information Services, world wide web services, Application development features and there we check the set of features associated with our development environment. For example: ASP.NET 4.6. .NET Extensibility 4.6, etc.
It works!
Try unlocking the relevant IIS (7.5) configuration settings at server level, as follows:
Open IIS Manager
Select the server in the Connections pane
Open Configuration Editor in the main pane
In the Sections drop down, select the section to unlock, e.g. system.webServer > defaultPath
Click Unlock Attribute in the right pane
Repeat for any other settings which you need to unlock
Restart IIS (optional) - Select the server in the Conncetions pane, click Restart in the Actions pane
In my case, there were rules for IIS URL Rewrite module but I didn't have that module installed. You should check your web.config if there are any modules included but not installed.
Your web.config describes that you're using forms authentication - make sure you enable forms authentication and disable anonymous authentication in IIS under the Authentication menu, for the website that is running in IIS.
I got Error Code 0x80070021 when migration IIS7 to IIS 10 in win 2016 box . .
Below steps helped me to fix it .
source
manually change value from "Deny" to "Allow" for below settings in
%windir%\system32\inetsrv\config\ applicationHost.config
under section:system.webServer
<section name="handlers" overrideModeDefault="Deny" />
Please <staticContent /> line and erased it from the web.config.
Well, we're using Amazon Web Services and so we are looking to use scripts and programs to get through this problem. So I have been on the hunt for a command line tool. So first I tried the trick of running
c:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
but because I'm running a cloud based Windows Server 2012 it complained
This option is not supported on this version of the operating system. Administrators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Windows Features On/Off" dialog, the Server Manager management tool, or the dism.exe command line tool. For more details please see http://go.microsoft.com/fwlink/?LinkID=216771.
and I Googled and found the official Microsoft Support Page KB2736284. So there is a command line tool dism.exe. So I tried the following
dism /online /enable-feature /featurename:IIS-ASPNET45
but it complained and gave a list of featurenames to try, so I tried them one by one and I tested my WebAPI webpage after each and it worked after the bottom one in the list.
dism /online /enable-feature /featurename:IIS-ApplicationDevelopment
dism /online /enable-feature /featurename:IIS-ISAPIFilter
dism /online /enable-feature /featurename:IIS-ISAPIExtensions
dism /online /enable-feature /featurename:IIS-NetFxExtensibility45
And so now I can browse to my WebAPI site and see the API information. That should help a few people. [However, I am not out of the woods totally myself yet and I cannot reach the website from outside the box. Still working on it.]
Also, I did some earlier steps following other people responses. I can confirm that the following Feature Delegation needs to be change (though I'd like to find a command line tool for these).
In Feature delegation
Change
'Handler Mappings' from Read Only to Read/Write
Change
'Modules' from Read Only to Read/Write
Change
'SSL Settings' from Read Only to Read/Write
Check if IIS server installed the URL rewrite feature.
If it is not installed then make sure your web.config file don't have the URL rewrite related configuration
<!-- Make sure don't have below config, if server have not installed url rewrite feature. -->
<rewrite>
<rules>
<rule name="Fail bad requests">
<match url=".*"/> ...
Some time we copied the config from legacy server and straight away deploy to brand new server, then we may encounter such kind of 500 issue.
Had this today on a Windows 2016 Core server I resolved the issue by ensuring the components were installed as mentioned by GIOESCOM and then I repaired the SDK's in my case for .NET Core 3.1, .NET 5 and .NET 6 which resolved the issue and the ASP.NET 4.7.2 MVC web app worked.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault=”Deny”)
Hello guys
From older IIS and server
We may encounter the following error when we want to run our application on IIS 10 built on the new Microsoft Windows Server 2016.
HTTP Error 500.19 – Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault=”Deny”), or set explicitly by a location tag with overrideMode=”Deny” or the legacy allowOverride=”false
The solution is very simple.
Follow the C:\Windows\System32\inetsrv\config file path from your computer. Change the overrideModeDefault=”Deny” part in the applicationHost config file to “Allow”. Then when you restart IIS, the problem will be fixed.
It works and save my time. Try it HTTP Error 500.19 – Internal Server Error – 0x80070021 (IIS 8.5)
The solution that worked for me was to delete my current Web.config and add a new one. That solved the problem for me
I am configuring an MVC 3 project to work on a local install of IIS and came across the following 500 error:
Handler "PageHandlerFactory-Integrated" has a bad module
"ManagedPipelineHandler" in its module list.
It turns out that this is because ASP.Net was not completely installed with IIS even though I checked that box in the "Add Feature" dialog. To fix this, I simply ran the following command at the command prompt
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
If I had been on a 32 bit system, it would have looked like the following:
%windir%\Microsoft.NET\Framework\v4.0.21006\aspnet_regiis.exe -i
My question is, is there a way to install IIS on a windows 7 box to use .NET 4.0 (MVC 3) without taking this extra step?
It turns out that this is because ASP.Net was not completely installed with IIS even though I checked that box in the "Add Feature" dialog. To fix this, I simply ran the following command at the command prompt
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
If I had been on a 32 bit system, it would have looked like the following:
%windir%\Microsoft.NET\Framework\v4.0.21006\aspnet_regiis.exe -i
Remeber to run the command prompt as administrator (CTRL+SHIFT+ENTER)
The accepted answer is correct, however sometimes you would get the "Aspnet_regiis.exe is not recognized as an internal or external command, operable program or batch file." error message.
To resolve it try the following:
Make sure that your .NET 4.0 installation is not corrupted (run the installer and 'Repair' it). There's also a chance it is not installed on your machine at all.
If you're sure you don't have .NET 4.0 installed and want to run it as .NET 2.0, try this:
If you see the message "Aspnet_regiis.exe is not recognized as an
internal or external command, operable program or batch file.", switch
to the
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Aspnet_regiis.exe -i
at the command prompt.
Error: Handler “PageHandlerFactory-Integrated” has a bad module “ManagedPipelineHandler” in its module list
I found the articles to fix this issue by simply run the following commands at the command prompt:
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
If the system is 32 bit, it would have looked like this:
%windir%\Microsoft.NET\Framework\v4.0.21006\aspnet_regiis.exe -i
But, when I tried to execute these commands using a command prompt, I got the following error/warning message:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i Microsoft (R) ASP.NET RegIIS version 4.0.30319.33440 Administration utility to install and uninstall ASP.NET on the local machine. Copyright (C) Microsoft Corporation. All rights reserved. Start installing ASP.NET (4.0.30319.33440). This option is not supported on this version of the operating system. Administr ators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Win dows Features On/Off" dialog, the Server Manager management tool, or the dism.exe command line tool. For more details please see http://go.microsoft.com/fwlin k/?LinkID=216771. Finished installing ASP.NET (4.0.30319.33440).**
To fix this on a Windows 8.1, I would suggest to do the following thing.
Solution:
Goto: Turn Windows features on or off -> Internet Information Services -> World Wide Web Services -> Application Development Features -> Enable ASP.NET 4.5
This should resolve the issue.
To solve the issue try to repair the .net framework 4 and then run the command
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
I would also check the obvious first: that the application pool is set to the correct framework and that your IIS application actually points to the folder where you put your files
If you want to deploy an MVC application without installing MVC, you can deploy the MVC DLL's with your application. This gets around installing MVC 3. You can use features in some .Net 4.0 namespaces without installing .Net using a similar approach.
I added the ISAPI/CGI paths for .Net 4. Which didn't fix the issue.
So I then ran a repair on the .Net V4 (Client and Extended) installation. Which asked for a reboot. This fixed it for me.
To fix this on a Windows 8.1 Professional machine do the following.
Install the Web Platform Installer. http://www.microsoft.com/web/downloads/platform.aspx
In Web Platform Installer install ASP.NET 4.5 (This feature has one dependency).
If you simply try the aforementioned cmd prompt command from the most popular answer you will get the following error/warning message:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i
Microsoft (R) ASP.NET RegIIS version 4.0.30319.33440
Administration utility to install and uninstall ASP.NET on the local machine.
Copyright (C) Microsoft Corporation. All rights reserved.
Start installing ASP.NET (4.0.30319.33440).
This option is not supported on this version of the operating system. Administr
ators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Win
dows Features On/Off" dialog, the Server Manager management tool, or the dism.e
xe command line tool. For more details please see http://go.microsoft.com/fwlin
k/?LinkID=216771.
Finished installing ASP.NET (4.0.30319.33440).
I have tried to do aspnet_regiis in command prompt but I got answer that I don't have admin rights.
Then, after some more googling and looking for a solution I tried to right click cmd and run it as an admin. Confirmed yes when dialog appeared, ran aspnet_iis again ant worked like a charm.
In short:
1. check .NET framework in app_pool
2. run cmd as an admin
3. run aspnet_regiis -i
I had the same problem and my solution was:
Go to "Turn Windows features on or off" > Internet Information Services > World Wide Web Services > Application Development Features >Enable ASP.NET 4.5
I had a similar issue with Windows server 2012, installing the feature "Application Server" in the server manager fixed the issue.
-Using application initalization feature
-requesting wrong pages (.asp) because of config inheritance
500.21 will occur on the first user connection only. Subsequent connections work.
Resolved by correcting the applicationInitialization url collection on the .NET website.
run cmd
drag and drop Aspnet_regiis.exe into the command prompt from:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\
type -i (for example Aspnet_regiis.exe -i)
hit enter
wait until the process completes
Good luck!
I had this problem and found that removing the following folder helped, even with the non-Express edition.Express:
C:\Users\<user>\Documents\IISExpress
None of these worked for me. So as I compared various app pools with one that worked vs one that didn't, I had to go into Advanced Settings for the App Pool, and set
Enable 32-Bit Applications = true
Then it worked fine!
I had the same problem, in my case handler was in two places:
<system.web>
...
<httpHandlers>
<add verb="*" path="*.ashx" type="ApplicArt.Extranet2.Controller.FrontController, ApplicArt.Extranet2.Web.UI" />
</httpHandlers>
</system.web>
<system.webServer>
<handlers>
...
<add name="FrontController" verb="*" path="*.ashx" type="ApplicArt.Extranet2.Controller.FrontController, ApplicArt.Extranet2.Web.UI"/>
</handlers>
</system.webServer>
And when I removed my handler from [system.webServer] my problem disappeared.
in some scenario this error occurs because the Microsoft .NET Framework 4.0 configuration for ASP .NET has been damaged, which can occur if Microsoft Visual Studio 2012 was installed before Visual Studio 2010 or Microsoft SQL Server 2008.
After trying different things i reached the conclusion, repair you .Net installation by running following command. For more information follow the link.
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe /repair /x86 /x64 /ia64 /norestart
https://msdn.microsoft.com/en-us/library/hh168535(v=nav.80).aspx
To solve the issue try to repair the .net framework 4 and then run the command
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
enter image description here
I was having this issue on one of my webservers when trying to switch an apppool from classic to integrated. It worked fine on two of my other webservers, not just this one. It's Server 2012, so you can't do the aspnet_regiis and there was no setupcache folder to try that repair. Everything was set correctly under features.
After going through %windir%\system32\inetsrv\config\applicationHost.config I found one critical missing bit. Under my non-working one was missing the following two lines:
<add name="ManagedEngineV4.0_32bit" image="C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness32" />
<add name="ManagedEngineV4.0_64bit" image="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll" preCondition="integratedMode,runtimeVersionv4.0,bitness64" />
Once I added them, everything worked great.
I'm trying to install Team Build (2008) on a different Build Server (BS) to the Application Tier (AT). BS is a 32-bit Windows 2008 server (as is the AT). They are on a corporate domain.
The EXE in question is
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies>
TFSBuildService.exe
The service on BS cannot start - the error is "Windows could not start the Visual Studio Team Foundation Build service on Local Computer\r\nError 5: Access is denied.". There is NO additional information in the Event Log. It is set to run as DOMAIN\TFSSERVICE account, which is also added to the Local Administrators group. It fails very quickly.
When I try to run it 'interactively' - the error on the command line is "Program too big to fit in memory".
It seems to me like this should be a fairly simple thing to set-up and use. What am I missing?
Notes:
I got my .config from Buck. I'm pretty sure I've correct set the ports, Windows Firewall rules
I can access the web services on AT from BS via Internet Explorer (using the DOMAIN\TFSERVICE login)
I've added DOMAIN\TFSSERVICE user to a TFS project's Build Services group
I have checked DOMAIN\TFSSERVICE has full permissions on pretty much everything on the Build server.
Try this:
Associate the default port to the new build service account using the wcfhttpconfig.exe command-line tool located in the following folder:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies
Execute (from the folder above):
wcfhttpconfig.exe reserve DOMAIN\UserAccount 9191
Full credit from the following post:
http://wesmacdonald.spaces.live.com/Blog/cns!25108A9ADA96C9D7!1553.entry
I suggest you should set up a dedicated TFSBUILD account and not use the TFS Service account for this task as a best practice.
OK, the fact that you can access web services using the TFSSERVICE account from BS through to AT is a good thing, I am making the assumption you have created a LOCAL account on the BS machine for the TFSSERVICE account?
If not, please:
add a LOCAL account with the same name as DOMAIN\TFSSERVICE.
ensure that the password matches that of the DOMAIN\TFSSERVICE account.
ensure that account has "log on as a service" right under Local Security Policy.
Please read article: http://social.msdn.microsoft.com/Forums/en-US/tfsbuild/thread/d519b8e3-451a-4f07-97b1-e2943c2756c2
My issue was that my passwords for the AT and BS machine had to MATCH on the same domain. Please double-check that the TFSSERVICE account password matches on both the AT and BS machine, as the service will use impersonation when on the same domain.