Asp.net| Control installs Microsoft Visual Studio. NET or the Microsoft. NET Framework on a domain controller or backup domain controller, if you try to run a asp.net application, the browser displays the following error message:
Server Application Unavailable
The Web application you are attempting to access on this Web server is currently unavailable.
Please hit the ' Refresh ' button in your Web browser to retry your request.
In addition, the following events are logged in the System application event log:
aspnet_wp.exe could not being launched because the username and/or password supplied in the ProcessModel g file are invalid.
aspnet_wp.exe could not to be started.
HRESULT for the failure:80004005
This issue relates to Internet information Services (IIS) version 5.0 or later.
< reasons >
By default, in order to provide a more secure environment, ASP.net runs its worker process with a weak account (the local computer account named ASPNET). All user accounts on a domain controller or backup domain controller are domain accounts, not local computer accounts. Therefore, Aspnet_wp.exe failed to start because it could not find a local account named "Localmachinename\aspnet". To provide a valid user account on a domain controller, you must specify an explicit account in the <processModel> section of the Machine.config file, or you must use the SYSTEM account.
Note: If you try to debug before you try to browse the page (click the Start button), the exact same problem occurs.
< solutions >
To resolve this issue, use one of the following methods:
Create a weak account with the correct permissions, and then configure the <processModel> portion of the Machine.config file to use the account.
In the <processModel> section of the Machine.config file, set the UserName property to SYSTEM.
Configure the <processModel> section of the Machine.config file to use the Administrator account.
Note: If the ASP.net application is allowed to run as a SYSTEM or administrator account, it poses a serious security issue. If you use any of these workarounds, code that runs in the Aspnet_wp.exe process will have access to domain controllers and domain settings. Executables that are started from the Aspnet_wp.exe process run in the same context, and they also have access to domain controllers.
Therefore, Microsoft recommends the use of the first workaround. To use the first workaround, follow these steps:
1, create a user account named ASPUSER on your computer, and then add this account to the user group.
Note: You can also use this account if you change the password for the ASPNET account created by the. NET Framework. You must know the password for this account because you need to add the password to the <processModel> section later in this step.
2. Grant the "Log on as a batch job" user right to the ASPUSER or ASPNET account. Make sure that this change is displayed in the Local Security policy setting.
Note: To grant this account the user right to log on as a batch job, you must authorize this user right in each of the following security policies (start with Control Panel/Administrative Tools):
Domain Controller Security Policy
Domain Security Policy
Local Security Policy
Note: You must reboot the server for these changes to take effect.
3. Ensure that the ASPUSER or ASPNET account has permissions to access all directories and files necessary to start the Aspnet_wp.exe process and provide services for the ASP.net page.
4, open the Machine.config file. The path to the file is:%systemroot%\microsoft.net\framework\v1.0.3705\config.
5. In the <processModel> section of the Machine.config file, change the UserName and Password properties to the name and password of the account created in step 1th. For example: Username= "DomainName\ASPUSER" password= "ASPUSERpassword"
6, save the changes to the Machine.config file.
