- Windows 2000 & IIS 5.0
Yet another hpcfactor.com server failure later and we have some new problems. When attempting to parse asp pages, the browser retorts with an error headline “Server Application Error” and populates the event log with Event ID 36:
Note that the 1 in /LM/W3SVC/#/Root can be any number representing the identifier for any virtual web on your server e.g. ‘/LM/W3SVC/2/Root’, ‘/LM/W3SVC/3/Root’, ‘/LM/W3SVC/23/Root’.
HTML pages will display correctly, however anything that is running through the ASP interpreter will fall foul of this error message.
An additional symptom that you may have noticed is that the error will only occur if your Application Protection settings in IIS 5.0 are set to Medium or High.
In the case of hpcfactor.com the problem began quite innocently with Teoma (Ask Jeeves’ crawler) starting a run over the site root, and suddenly stopping seemingly randomly when the server kicked back a 500 error:
From that single request on, for another 6.5 hours before an administrator noticed every single request to the ASP interpreter on the particular server returned another 500 error:
Rendered in MSIE as:
In playing around with the server for a little while, restoring a metabase backup and repairing some lost NLS files, we were able to get the server to perform again without the ISAPI errors, however the server would not output any ASP, returning “Server Application Error” every time and for each page request writing Event ID 36 to the System log.
I quickly discovered that if I lowered the Application Protection settings from Medium, to Low, the site would correctly load ASP pages, however there is an inherent problem in doing this – it does not lead to good stability; in fact you are essentially running IIS 5.0 as if it were IIS 3.0.
Low (IIS Process): This is the way IIS ran prior to IIS 4; all requests are performed in the InetInfo.exe process. This is the fastest option, but it is also the least robust because a rogue application could crash the InetInfo.exe process.
Medium (Pooled): This is a new option in IIS 5 and is the default setting for all new Web applications. In this model, all parts of the Web space marked as Medium (Pooled) run in the same process external to InetInfo.exe. As already mentioned, the process name is DllHost.exe and this process does not run as LocalSystem as InetInfo.exe does. Instead, DllHost.exe runs under the identity of an account controlled by IIS. By default, the identity is IWAM_machinename.
High (Isolated): This option, introduced in IIS 4 and shown in Figure 5-33, executes each Web .application in its own instance of DllHost.exe that runs in the context of the IWAM_machinename account. In doing so, it offers the highest degree of robustness, but it’s not as fast as Medium.
Source: MS Press Book Sample
In case you have read anyone else’s ideas over doing this – this is NOT a solution, it’s madness unless you are hosting your own little photo album for Billy Bob and the rest of the clan.
The common link between the higher process modes is obviously the IWAM_machinename account on the system, there is some excellent advice around the Internet on troubleshooting it already, and unless the next line matches your case, I suggest for follow it – start by re-synching the IWAM account using the AdminScript for IIS 5.0.
The next line: Check to see whether IIS is still registered in the COM+ registration database.
MMC the console applet found at %SystemRoot%\system32\Com\comexp.msc
|If you see this, troubleshoot IWAM|
|If you see this, you know why ASP doesn’t work (It should look like the image above)|
Effectively it is not possible to utilise Application Protection without the COM+ registrations. To fix them:
- Backup your server
- Backup the IIS 5.0 metabase
- Stop IIS Admin and associated services
- Pull up a command prompt
- Enter (Case sensitive):
rundll32 %windir%\system32\inetsrv\wamreg.dll, CreateIISPackage
- Hit OK
- Hit OK
- Restart IIS Admin and associated services
- Return to the comexp.msc view and check whether the three IIS registrations have returned, if they have start returning your web sites to Medium (Pooled). You will need to restart IIS in order for the Application Protection change to take effect.