The Orchardcms Application works fine accept when trying to Install new modules using the module installer within the dashboard. I get this error below.
Install package failed
Package installation failed: There was an error installing the requested package. This can happen if the server does not have write access to the '~/Modules' or '~/Themes' folder of the web site. If the site is running in shared hosted environement, adding write access to these folders sometimes needs to be done manually through the Hoster control panel. Once Themes and Modules have been installed, it is recommended to remove write access to these folders.
It seems that the installed IIS 7 App Pool (Presumably installed with Orchard in Web Platform Installer) using ApplicationPoolIdentity. w3wp.exe runs with username orchardmain (this is what i named my application I could have left it to default orchard) Though the problem with this that I can't update my NTFS permissions for orchardmain as when trying to add a username in permissions it can't find any Users, Groups, or Built-in security principals with the name OrchardMain.
Is it best practise to change the App Pool to run under an User / Service Account that doesn't behave like this, or is there just a little thing i can do to get this working?
Try using IIS APPPOOL\OrchardMain as the object name when editing permissions.
See this blog post for details.
Related
I am facing some issue with Active directory group policies,
The issue is i have many users working from home and all of them are using one SSL to connect to the company domain their file sharing is working fine, their group old group policy updating but i have setup few new group policy and they are not reflecting on remote users system,
For example there is one policy i have setup for deploying an application using GPO to remote users so when they restart the system the policy get applied to them and the MSi package should install to their system,
I tried GPUPDATE /force, /synch, normal mode and admin mode nothing helped
I am not sure why this is happening and how to fix that.
Thanks in advance.
It's normal cause software deployment via GPO is installed before user login, and your VPN connection is established after user login, non of computer installation GPO will work via VPN, there is other option to deploy software on VPN connection, Fog Project it's open source software deployment.
I have a WebApi project that wraps the Dynamics CRM Online web service and provides a REST api. I have a simple controller that gets some contacts from CRM and returns them to the caller.
Everything works fine when I run it in the local emulator. However, when I deploy the project to Azure, I can reach the home page, but the controllers all return http 500 errors. Why would this happen? And how can I troubleshoot to get more details?
UPDATE
The issue is with the absence of Microsoft.IdentityModel.dll on the Server 2012 instance running the web role in Azure. I found this by opening web role instance in RDP, installing Fiddler, and making the request from Fiddler to the local IIS server. It responded with the detailed error.
Now my issue is figuring out how to enable IdentityModel on a Windows Azure Web Role. You're supposed to be able to add it via the Server 2012 Add Roles and Features wizard, but it's totally locked down on the Web Role. You can't check any boxes that aren't already checked. Is this even possible?
The issue is giving the Web Role access to Windows Identity Foundation when it's inherently not there. Marc Schweigert provides clear steps to do this here:
http://blogs.msdn.com/b/devkeydet/archive/2013/01/27/crm-online-amp-windows-azure-configuring-single-sign-on-sso.aspx
Go to the 23:00 mark of the video and you'll see the 4 necessary steps:
Reference Microsoft.IdentityModel.dll (need WIF SDK installed)
a. Set copy local = true
Create RegisterWIFGAC.cmd in your web role project
Create Startup Task in ServiceDefinition.csdef that invokes RegisterWIFGAC.cmd
Add GacUtil to the project (used in the startup task) to put Microsoft.IdentityModel.dll in the GAC every time the web role starts).
I have an ASP.Net MVC3 application that has been running fine in the default Application Pool on my IIS 6 server.
I need to get it running under its own service account, so I created a new Application Pool and moved the application into it. With default settings the application continued to work fine.
I set a custom Identity on the application pool, and the application now just gives me the "Directory Listing Denied" error.
I tried switching the identity back to Network Service, and the application started working again.
What could be preventing the application from running with the custom Identity? It's like ASP.Net is not even starting up.
I've run aspnet_regiis -ga <domain\username> and added the account to the IIS_WPG group, so the identity account should have access to ASP.Net.
More Info
I've been doing some diagnostics with Process Monitor and it shows that aspnet_isapi.dll is not being loaded with the custom identity.
When the identity is "Network Service" I can see aspnet_isapi.dll being loaded followed by webengine4.dll. This happens immediately after the NTLM authentication occurs.
With the custom identity, the NTLM authentication happens and then the w3wp process just starts looking for the default files (Default.aspx, Default.htm, etc).
I've checked, and the account has access to the framework version folder where these DLLs are stored.
you need to give the user that you are specifying in the custom identity explicit read or read/write at the folder level of you application. Right click on the containing folder then "Properties" and add the user with the permissions required by the app to the security tab.
Turns out I needed a wildcard mapping to aspnet.isapi.dll, though I'm not sure why.
Without the custom identity the application works fine without a wildcard mapping. With the custom identity I need the mapping. On another server the custom identity work fine without a mapping. Weird.
Did you already check Directory browse settings?
http://www.iis.net/configreference/system.webserver/directorybrowse
Now that you are using a different user then the default one, make sure that you have set the Anonymous Authentication to use the app pool user. There could also be something related to what #Gabe Thorns mentioned, it might be an issue with wildcard mappings. If you do not have wildcard mappings set to run the asp process then it will try and look for files, avoiding asp processors.
Hope that helps.
Have you explicitly granted permissions to the application pool identity on the application folder?
The account should be something like IIS AppPool\MyAppPoolName
More info on this can be found here:
http://www.iis.net/learn/manage/configuring-security/application-pool-identities
I'm trying to run a simple ASP.NET application with basic authentication on an IIS server. Interestingly, the authentication works fine on almost all servers except my production server. When I deploy the application on that machine, it keeps prompting me over and over for the credentials. Unfortunately, it is a lab machine that I don't have access to and I'm not able to view the logs either.
It's an IIS 7.5 server running on a Windows 2008 VM server I guess, and the content folder (where the default app is pointing to) is on shared with us (we have write access to that folder and that's how we are deploying our applications).
Outside authentication settings on the server, what other things could be causing the issue? Please advise.
Most probably this is a access permission to resources used by the web application.
The reason you see this repeatedly login prompt is that the account doesn't have the needed permissions.
First you have to determine if you are using impersonation or not.
If you do impersonate, the authenticated accounts need the necessary permissions.
If you don't impersonate, the application pool account needs the necessary permissions.
So what's the needed permissions?
Well, that could be a lot of things, and we don't know the details of your application.
Do you connect to a database?
Then you have to make sure that current account context has the right permissions to connect to the DB.
Do you read images/files from disk?
Then you have to make sure that current account context has the right permissions to access those resources.
If it is file resources that you are accessing, I would recommend you to use Fiddler and determine which path(s) you'll need to address. It will tell you by those 404 errors.
EDIT: Make sure that your app pool account has the needed permissions for this DLL you mention. Where does it fetch this list from? Is it static in the DLL? Where's this DLL located?
Please also check the event logs on the server for any related errors at the time you try to logon.
I'm wishing to use Visual Studio Load Tests to perform some load testing.
I was hoping to be able to use the counter monitoring that the Load Test provide in order to collect performance statistics from the web server I'm loading.
However there only seems to be support for connecting to machines you wish to monitor via your domain credentials. From http://msdn.microsoft.com/en-us/library/ms182594.aspx, section "To specify computers to monitor with counter sets during load test run"
On each server that you monitor, you must have sufficient user permissions to run performance monitors. Otherwise, errors are generated.
There seems to be no way to provide specific credentials to use to connect to machines you wish to monitor. As the web server I wish to monitor does not belong to a domain, I don't see any way to monitor it using VS Load Tests.
Is there some way to monitor it using VS Load Tests that I've missed?
There seems to be no way to provide specific credentials to use to connect to machines you wish to monitor
There is a way to do this. On Windows 7 it is called Credential Manager and you can access it either by searching for Manage Network Passwords on your Start Menu or via Control Panel > User Accounts. On older versions it was called Stored User Names and Passwords, also accessible via Control Panel > User Accounts.
In a nutshell, it allows you to specify alternative credentials for remote systems. Once you have set up credentials, it works completely invisibly and automatically for remote connection attempts from any application applications that support it, including Visual Studio collecting remote Perfmon data.
NOTE that you have to set up the credentials on the account that actually runs your load tests. If you are only running local load tests with no Controller then that's your own account. However if you run a Controller/Agent rig, the Controller may be configured to run under a service account (i.e. check the account running "Visual Studio Test Controller" service or QTController.exe). You have to login as that account and add the credentials.
I've found the following which is working for me. I'm just running the net use commands by hand because I don't want the user name and password in source control.
To get this working you will need to manually open an IPC channel to
the SQL and IIS machines with an account that has permissions in that
domain. This allows the account running the load tests to "piggyback"
across that IPC channel.
i have found this site to be a great help getting this going myself.
http://blogs.catapultsystems.com/tlingenfelder/archive/2009/06/18/performance-counters-timeouts-and-load-testing-with-visual-studio-2008.aspx
what you can do is create a small bat file and set it up to run in the
.testrunconfig file as a setup script.
net use \\SQLSERVER\IPC$ password1 /user:DOMAIN1\USER /persistent:yes
net use \\IISSERVER\IPC$ password2 /user:DOMAIN2\USER /persistent:yes