Support Forum Softcomplex logo
About Us  | Services  | Download  | Order  | Support  | |
| Search | Today's Posts | Stats | Board Rules | Not logged in [ Login | Register ]
go to bottom
Last active: Never

Printable Version | Subscribe | Add to Favourites   Post new thread
Author: Subject: ASPZip Hangs
skylar
Newbie

Posts: 1
Registered: 12/2/2005
Member Is Offline
posted on 12/2/2005 at 11:30 PM Reply With Quote
ASPZip Hangs


Asp Zip works fine on our testing server, but when when we got our web host to install it for us, we noticed it HANGS.

I assumed it was a permissions issue, but here is what they have to say:

"Unlike the AspEmail and whatnot we have installed, there is no .dll file
for this app; for the others, we had persissions issues, and I simply
had to change the security permissions on the .dll files."

Is there anything we can try??

This is a Windows 2003 server BTW
View User's Profile View All Posts By User U2U Member
linuslovholm
Newbie

Posts: 1
Registered: 2/17/2006
Member Is Offline
posted on 2/17/2006 at 03:56 PM Reply With Quote

We have the same problem on our Windows 2003 Server. The installer runs through without problem but when we try to access the demo files the page load hangs and never completes. Same thing when trying to access our own code using the component.

We have tried giving IIS permission to read sczip.dll in /windows/system32 folder but it doesn't seem to be the correct DLL since the problem is still there.

Any help would be appreciated.
View User's Profile View All Posts By User U2U Member
wit
Member

Posts: 23
Registered: 11/19/2004
Member Is Offline
posted on 7/2/2006 at 05:06 AM Reply With Quote

check this. it is copy of Yogita Manghnani message posted to microsoft.public.inetserver.iis.security newsgroup

Hello All,
It looks like you are running into this issue because of a change in
Windows 2003 to enhance security. Here are the details on the issue (this
info will be published in a KB article pretty soon- Q885656)

**Symptoms**
You have a web application running on Windows 2003. This web application
calls a COM+ Application proxy to activate an object on a remote server. If
you have anonymous access enabled within IIS and the anonymous account is
set to run under the IUSR_SERVERNAME then you will may get one of the
following two errors when trying to access the page.

Microsoft VBScript runtime error 800a0046
Permission denied: 'CreateObject'
/virtualdirectory/asppage.asp, line 2
------ OR -----------
ASP Error 0178 (80007005)
Server.CreateObject failed while checking permissions

This exact same design works on a Windows 2000 server environment.

**Analysis**

This problem occurs because of the new default value for LogonMethod
(MD_LOGON_METHOD) metabase propety in Windows 2003. For IIS5 and Windows
2000, the default value for LogonMethod was MD_LOGON_INTERACTIVE (see
references below). For IIS6 and Windows 2003, the default value for
LogonMethod is MD_LOGON_NETWORK_CLEARTEXT (see references below). The
LogonMethod metabase property tells IIS how the anonymous user account
(IUSR_MachineName) will be passed off of the web server to another remote
server.

For IIS5/Win2000 when you have a web site that allows Anonymous Access and
the Anonymous account is configured to run under the IUSR_SERVERNAME
account, when an asp page makes a request to a COM+ application proxy, and
this proxy goes off to a remote server, the identity used is NT
AUTHORITY\ANONYMOUS. The remote server accepts this NT AUTHORITY\ANONYMOUS
account and maps the request to a local guest account giving that account
access to activate the COM+ Server object.
For IIS6/Win2003 when you have a web site that allows Anonymous Access and
the Anonymous account is configured to run under the IUSR_SERVERNAME
account, when an asp page makes a request to a COM+ application proxy, and
this proxy goes off to a remote server, the outbound credentials are left
as the configured anonymous account, meaning
WEBSERVERNAME\IUSR_WEBSERVERNAME. This account of course will not be
authenticated by the remote server and thus throws the permission denied
(800a0046) error.

**Solution**

You have three options to resolve this problem. The first one is the most
secure and is recommended over the other 2.

Option #1:
--------------------
Configure the IIS Anonymous account to be a domain account (or a local
admin account that have the same name and password on both machines)
instead of IUSR_SERVERNAME

- Open up IIS
- Right-click on your web site and come down to properties
- Click on the "Directory Security" tab and then click the "Edita??"
button in the
"Authentication and access control" section
- Put a check in the "Enable anonymous access" checkbox
- Click the "Browse.." button and then enter in a domain user
account and their password.
Note: this domain user account will need to have access to the
Application Server in order
for it to not run into any further Permissions problems.

Option #2:
------------------
Use the LogonMethod = MD_LOGON_NETWORK IIS metabase setting. You would
change this setting to be a value of 2 (MD_LOGON_NETWORK) at the
application level so that IIS6 will emulate the LogonMethod behavior of
Windows 2000. This will change the outbound credentials of the request to
be NT AUTHORITY\ANONYMOUS instead of SERVERNAME\IUSR_SERVERNAME

To set the LogonMethod for the entire web server run this command from
the C:\Inetpub\AdminScripts directory
cscript.exe adsutil.vbs set w3svc/logonmethod 2

To set the LogongMethod for a specific web site running on the server then
you will need to identify the ID of that web site through the metabase. You
can easily find this on the Windows 2003 server by opening up the
C:\Windows\system32\Inetsrv\metabase.xml file. Then run the following
command replacing 709041108 with the id number for your web application:

cscript.exe adsutil.vbs set w3svc/709041108/logonmethod 2

Option #3:
-----------------
Enable Sub-Authentication, so that you emulate the functionality of Windows
2000. This is the least secure option and not recommended. You can do this
by referencing the following link:

Anonymous Authentication : http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentati on/WindowsServ/2003/standard/proddocs/en-us/sec_auth_anonauth.asp

**References**
Chapter 5 Managing a Secure IIS 6.0 Solution: (Attached to this SOX as well)
http://download.microsoft.com/download/7/4/f/74fe970d-4a7d-4034-9f5d-02572567e7f7/18_CHAPTER_5_Managing_a_Secure_IIS_6.0_Solution.do c

IIS6 LogonMethod Values:
http://msdn.microsoft.com/library/default.asp?url=/library/e n-us/iissdk/iis/ref_mb_logonmethod.asp

IIS5 LogonMethod Values:
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/asp/apro1zms.htm

207671 HOW TO: Access Network Files from IIS Applications
http://support.microsoft.com/?id=7671

Good luck,
Yogita Manghnani
Microsoft Developer Support
Internet Information Server
*********************************************************************
View User's Profile View All Posts By User U2U Member
Post new thread

Related Links:
Product Page
Free Download Free Download
Product Documentation Documentation
Documenation Page
Code Samples
Support Forum Technical Support
Support Forum
Customer Care System
Order Now ORDER NOW!
Add to Cart
View Cart
 

Go To Top


Powered by XMB 1.9.1 Nexus
Developed By Aventure Media & The XMB Group © 2002-2004