Re: Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE
From: Jon Cosby (jcosby_at_mindspring.com)
Date: 08/25/03
- Previous message: ooo: "Security permissions..."
- In reply to: Ken Cox [Microsoft MVP]: "Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE"
- Next in thread: Ken Cox [Microsoft MVP]: "Re: Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE"
- Reply: Ken Cox [Microsoft MVP]: "Re: Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Aug 2003 15:17:48 GMT
I've run the batch file, and now the login is failing for aspnet. Tried
reinstalling it, but that doesn't work.
Jon Cosby
"Ken Cox [Microsoft MVP]" <BANSPAMken_cox@sympatico.ca> wrote in message
news:#zBAB#XaDHA.1384@TK2MSFTNGP10.phx.gbl...
> MS has posted this here:
>
> http://www.asp.net/faq/ms03-32-issue.aspx
>
>
> Fix for: 'Server Application Unavailable' Error after Applying Security
Update
> for IE
> --------------------------------------------------------------------------
-----
> -
>
> We have identified an issue with the recent MS03-32 Security Update for
> Internet Explorer security patch and ASP.NET V1.0 running on Windows XP.
This
> patch can be installed manually or by obtaining recent critical updates
from
> the Windows Update site.
>
> The symptom of this issue is that after installing the patch on a Windows
XP
> machine, all requests to ASP.NET applications running on the local IIS 5.1
web
> server result in an error message saying "Server Application Unavailable".
> Requests to remote web servers are unaffected.
>
> This issue only impacts installations running ASP.NET V1.0 on Windows XP.
It
> does not impact machines running Windows 2000 or Windows Server 2003. It
also
> does not impact machines running Windows XP with ASP.NET v1.1 installed.
>
> Please note that this issue is not a security bug with ASP.NET. It does
not
> open up or allow any malicious attacks against an ASP.NET application or
> server. Instead, it is purely a functional bug caused by the patch itself.
>
> We are working hard on a permanent solution for this issue. In the
meantime,
> you can execute the following batch file as a workaround for the issue.
The
> batch file does the following:
> Stops the IIS and ASP.NET state services
> Deletes and recreates the ASPNET account with a known temporary password
> Uses the Windows runas command to launch an executable that creates an
ASPNET
> user profile
> Re-registers ASP.NET. This creates a new random password for the account
and
> applies default ASP.NET access control settings for it
> Restarts the IIS service
>
>
>
>
> The batch file contains a hardcoded temporary password of "1pass@word"
which
> you will be prompted to enter for the runas command when the batch file is
run.
> After the runas command completes, the ASPNET account password is
recreated
> with a strong random value. Note that the batch file may fail if the
hardcoded
> password does not meet the password complexity requirements in your
> environment. If that's the case, you can change it to another value that
is
> appropriate for your environment.
>
> Important note: If you have added custom access control settings or
database
> account permissions for the ASPNET account, they will need to be recreated
> after this batch file completes. This is because when the account is
> recreated, it will get a new security identifier (SID).
>
> Important note: If you are running the ASP.NET worker process with a
custom
> account other than the ASPNET account, then you should not run this batch
file.
> Instead, you should log in interactively or use the runas command with
that
> account which will create a user profile for that account.
>
> The batch file is included in the self-extracting archive below. To use
it:
>
> You must be running as an account with Administrator privileges
> Download and open the self-extracting executable file
> Extract the contents to c:\
> Select Run... from the start menu, and enter cmd.exe
> In the open command windows, type c:\fixup.cmd.
> When prompted, enter 1pass@word as the password.
> If you have previously custom access control settings or database account
> permissions for the ASPNET account, you'll need to re-apply these settings
now.
> Ask questions and get answers in the Issues with 'Server Application
> Unavailable' error on Windows XP forum.
> Many apologies for the inconvenience that this has caused. We'll post
> additional information as it becomes available.
>
> The matrix below details platforms and versions impacted by this issue.
>
> .NET Framework Version # Platform Affected
> Version 1.0 Windows 2000 Professional No
> Version 1.0 Windows 2000 Server No
> Version 1.0 Windows XP Professional Yes
> Version 1.0 Windows Server 2003 No
> Version 1.0 Windows XP Home with Cassini No
> Version 1.1 Windows 2000 Professional No
> Version 1.1 Windows 2000 Server No
> Version 1.1 Windows XP Professional No
> Version 1.1 Windows Server 2003 No
> Version 1.1 Windows XP Home with Cassini No
>
>
> Thanks,
> The ASP.NET Team
>
>
>
>
>
- Previous message: ooo: "Security permissions..."
- In reply to: Ken Cox [Microsoft MVP]: "Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE"
- Next in thread: Ken Cox [Microsoft MVP]: "Re: Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE"
- Reply: Ken Cox [Microsoft MVP]: "Re: Fix for: 'Server Application Unavailable' Error after Applying Security Update for IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
