Welcome to MobyThreads.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

dllhost.exe Access Denied

  
   Web Hosting and Web Master Forums (Home) -> IIS RSS
Related Topics:
Access Denied - Okay I'm stumped! I have two WS2003 systems - one has AD and IIS 6 running on it and the other is a member server with IIS 5. The one with AD and IIS 6 will not run any asp.net (get this wonderful error message: Access denied to..

Access denied - Hello, I have IIS running on Win 2k. The IIS has mutiple virtual servers created, each of which uses the same IP but different host headers. Example: In my DNS server I created several computers under

[IIS 6] Access denied with CDO - I'm running an IIS 6 web server. There's an ASP page that needs to send e-mails using CDO. When doing this, it gets an error (id I'm running the website under an account different than the default and I don't..

401 Access denied.... - Hello, I am working with IIS 5.0. I am trying to access a webpage with necessary Through the IIS log I observed that there are totally 3 HTTP happening to server my request. During first 2 the

Access Denied Problem - Server 2003 Domain VS.Net Ver 2003, VB.NET, IIS Ver 6 Trying to do the Visual Studio .Net Walk through - Chapter 2 Created a web service - appears to be OK Created a Win client - tried to add a web reference and..
Next:  IIS: Intranet Kit  
Author Message
user1423

External


Since: Feb 18, 2004
Posts: 2



(Msg. 1) Posted: Wed Feb 18, 2004 3:56 pm
Post subject: dllhost.exe Access Denied
Archived from groups: microsoft>public>inetserver>iis (more info?)
Hi -

I have a client running SUS on Windows 2000 Server SP4 with IIS 5.0
installed. I have confirmed the IIS Lockdown has been run on this server.

After the server was not shutdown cleanly, the SUSAdmin page cannot be
accessed and it appears to be an IIS-related problem. Each time I try to
access the page, the browser shows the following error:

Server Application Error

The server has encountered an error while loading an application during the
processing of your request. Please refer to the event log for more detail
information. Please contact the server administrator for assistance.

The server system log shows the following events each time this page is
requested:

Source: DCOM
Category: None
Event ID: 10001
Description:

Unable to start a DCOM Server: { } as IWAM_Account. The error:
"Access is denied. "
Happened while starting this command:
C:\WINNT\system32\dllhost.exe /Processid:{ }.

Source: W3SVC
Category: None
Event ID: 36
Description:

The server failed to load application '/LM/W3SVC/1/ROOT/SUSAdmin'.
The error was 'General access denied error
'.
For additional information specific to this message please visit the
Microsoft
Online Support site located at:
http://www.microsoft.com/contentredirect.asp.

I have followed recommendations from KB articles, but seem to have the same
permissions defined as other servers serving the same function in other
sites.

271071 - HOW TO: Set Basic NTFS Permissions for IIS 5.0
309051 - HOW TO: Troubleshoot ASP in IIS 5.0

Any suggestions would be appreciated.

 >> Stay informed about: dllhost.exe Access Denied 
Back to top
Login to vote
user1375

External


Since: Feb 03, 2004
Posts: 423



(Msg. 2) Posted: Thu Feb 19, 2004 9:25 am
Post subject: RE: dllhost.exe Access Denied [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Rob,

Please first test to run this site in IIS process to see if it is
able to work, this lauches the site under System account but not IWAM:
In IIS mmc, right-click the Default Web Site->SUSAdmin vdir and open
its properties.
In the Virtual Directory dialog, set Application Protection to Low
(IIS Process).
Run iisreset command in Start->Run to restart IIS. Then please test
the SUS site again and if it still fails, check event log to see if
there is any new error log.

If you hope to deeply troubleshoot the IWAM error, please change the
setting back and download filemon from:
http://www.sysinternals.com/ntw2k/source/filemon.shtml
Only include dllhost.exe in filemon's toolbar->filter. Then browse to
the SUS site to reproduce the error and check if this generates any
access denied events in filemon.
It is also possible that the permission is denied in registry, you
may perform test with regmon in the same way:
http://www.sysinternals.com/ntw2k/source/regmon.shtml.

Furthermore, in Administrative Tools->Local Security Policy->Local
Policies->User Rights Assisgnment, check if IWAM account has been
granted with the 'Bypass traverse checking' right. By default, the
local Everyone group has this permission.

Please update here on any results or progress.
Have a nice day,

WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! - www.microsoft.com/security

 >> Stay informed about: dllhost.exe Access Denied 
Back to top
Login to vote
user1423

External


Since: Feb 18, 2004
Posts: 2



(Msg. 3) Posted: Thu Feb 19, 2004 5:37 pm
Post subject: Re: dllhost.exe Access Denied [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
WenJun -

Thanks for your prompt response.

I found that this issue was caused by a GPO that was applied to this server
late last week which defined the "Bypass traverse checking" right to a
Domain level server admin group and local administrators only. This GPO was
assigned to all my servers. When I removed the recently added GPO for the
server having the problem and the SUSAdmin page could be viewed, so I knew
it was related to the GPO.

The reason my other servers continued to function was an ACE defined on the
WINNT\Temp folder which granted "Traverse Folder/Execute File", "Create
Files/Write Data" and "Create Folders/Append Data" to the local Users group
on all the servers that continued to function. This ACE did not exist on
the server with the issue, so I added the ACE and re-applied the GPO. The
SUSAdmin page continued to function normally.

Your final suggestion about double-checking the 'Bypass traverse checking'
right did the trick.

Thanks for your help!

-Rob

""WenJun Zhang[msft]"" <v-wzhang.DeleteThis@online.microsoft.com> wrote in message
news:3vzbsEr9DHA.3736@cpmsftngxa07.phx.gbl...
 > Hi Rob,
 >
 > Please first test to run this site in IIS process to see if it is
 > able to work, this lauches the site under System account but not IWAM:
 > In IIS mmc, right-click the Default Web Site->SUSAdmin vdir and open
 > its properties.
 > In the Virtual Directory dialog, set Application Protection to Low
 > (IIS Process).
 > Run iisreset command in Start->Run to restart IIS. Then please test
 > the SUS site again and if it still fails, check event log to see if
 > there is any new error log.
 >
 > If you hope to deeply troubleshoot the IWAM error, please change the
 > setting back and download filemon from:
<font color=purple> > <a style='text-decoration: underline;' href="http://www.sysinternals.com/ntw2k/source/filemon.shtml</font" target="_blank">http://www.sysinternals.com/ntw2k/source/filemon.shtml</font</a>>
 > Only include dllhost.exe in filemon's toolbar->filter. Then browse to
 > the SUS site to reproduce the error and check if this generates any
 > access denied events in filemon.
 > It is also possible that the permission is denied in registry, you
 > may perform test with regmon in the same way:
<font color=purple> > <a style='text-decoration: underline;' href="http://www.sysinternals.com/ntw2k/source/regmon.shtml.</font" target="_blank">http://www.sysinternals.com/ntw2k/source/regmon.shtml.</font</a>>
 >
 > Furthermore, in Administrative Tools->Local Security Policy->Local
 > Policies->User Rights Assisgnment, check if IWAM account has been
 > granted with the 'Bypass traverse checking' right. By default, the
 > local Everyone group has this permission.
 >
 > Please update here on any results or progress.
 > Have a nice day,
 >
 > WenJun Zhang
 > Microsoft Online Support
 > This posting is provided "AS IS" with no warranties, and confers no
 > rights.
<font color=purple> > Get Secure! - <a style='text-decoration: underline;' href="http://www.microsoft.com/security</font" target="_blank">www.microsoft.com/security</font</a>>
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: dllhost.exe Access Denied 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting and Web Master Forums (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]