Re: IISAPI Filter with IIS 6.0
From: Sreejith (anonymous_at_discussions.microsoft.com)
Date: 01/11/04
- Next message: Karl Levinson [x y] mvp: "Re: Minimum number of ports needed?"
- Previous message: Craig Humphrey: "Re: IIS4 no longer requests client certs issued by our CA!"
- In reply to: Wade A. Hilmo [MS]: "Re: IISAPI Filter with IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 10 Jan 2004 22:35:07 -0800
Thanks Wade,
I will try debugging the Filter.
Sreejith
>-----Original Message-----
>Hi Sreejith,
>
>If the ISAPI works correctly when you run in Worker
Process Isolation Mode,
>but only as local system, and it fails running as network
service, then
>you've pretty much narrowed down the issue to one of two
things.
>Specifically, the ISAPI is doing some operation that
requires the higher
>level of privileges associated with the local system
account; or, possibly,
>it's accessing some resource that allows local system but
not network
>service in an ACL.
>
>Your best course of action is to contact the vendor of
the application and
>see if they even support running on IIS 6. If you wrote
the ISAPI in house,
>then someone should run it under a debugger and find out
specifically where
>it's failing.
>
>You may be able to test for the latter case above by
turning on security
>auditing while running as network service and looking for
failures.
>Depending on what you find, you may be able to adjust the
ACLs, but there is
>no guarantee that this will be either feasible or
possible.
>
>If it turns out that the ISAPI is doing something that
requires local system
>privilege (ie. the SeTcbPrivilege in NT-security-speak),
then there is no
>way to configure around this. The ISAPI will need to be
modified.
>
>I hope that this helps,
>-Wade A. Hilmo,
>-Microsoft
>
>
>"Sreejith P S" <johndoe@nodomain.com> wrote in message
>news:08c701c3d45d$e504cd10$a501280a@phx.gbl...
>> Hi,
>>
>> We have an application which was working fine for
Windows
>> 2000 with IIS 5.0. We
>> deployed the same applicaton on Windows 2003 with IIS
6.0.
>> We get "Service Unavailable"
>> error when we run the application in the default app
pool
>> with Network Service as the user.
>>
>> If we run the same application as "Local System" user or
>> IIS 5.0 Isolation mode, it works fine.
>> We want to run our application as "Network Service" user
>> for DefAppPool.
>>
>> We tried to go through the documentation, mails on many
>> newsgroups. We could not find
>> any suitable solution for the same.
>>
>> We are using ISAPI filters. We presume that it works
fine
>> on IIS 6.0.
>> We are not using the following registers
SF_READ_RAW_DATA
>> or SF_SEND_RAW_DATA in our code.
>>
>> Any help on the same is appreciated.
>>
>>
>> Thanks in advance
>
>
>.
>
- Next message: Karl Levinson [x y] mvp: "Re: Minimum number of ports needed?"
- Previous message: Craig Humphrey: "Re: IIS4 no longer requests client certs issued by our CA!"
- In reply to: Wade A. Hilmo [MS]: "Re: IISAPI Filter with IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
