iis| Error | resolution
IIS5 HTTP 500 Internal server error is one of our common errors, its main error is that the ASP program can not browse but HTM static Web page is not affected. In addition, when errors occur, the system event log and the security event log have corresponding records.
Specifically as follows:
(a) performance in IE
The following error occurs when you browse to an ASP page that previously worked correctly:
Web page cannot be displayed
The page you are trying to access has a problem and cannot be displayed.
Please try the following actions:
Open the http://127.0.0.1 home page for a link to the information you want.
Click the Refresh button, or try again later.
HTTP 500-Internal server error
Internet Information Services
Technical information (Personal support)
Detailed information:
Microsoft support
Or is:
Server Application Error
The server has encountered an error while loading a application during the processing of your of request. Please refer to the event log for more detail information. Please contact the server Administrator for assistance.
(ii) security logging (2)
Event Type: Failure Audit
Event Source: Type of Event: Logon/Logoff
Event id:529
Date: 2001-9-9
Event: 11:17:07
User : NT AUTHORITY\SYSTEM
Computer: MyServer
Description:
Logon failed:
Reason: Unknown user name or password error
Username: iwam_myserver
Domain: mydom
Logon Type: 4
Logon process: ADVAPI
Authentication package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: MyServer
Event Type: Failure Audit
Event Source: Security
Event Type: Account logon
Event id:681
Date: 2001-9-9
Event: 11:17:07
User: NT AUTHORITY\SYSTEM
Computer: Myserv ER
Description:
Log on to account: Iwam_myserver
logged-on User: Microsoft_authentication_package_v1_0
from workstation: MyServer
was unsuccessful. The error code is: 3221225578
(iii) records in the System log (2)
Event Type: Error
Event Source: DCOM
Event Type: None
Event id:10004
Date: 2001-9-9
Event: 11:20:26
User: N/a
computer: MyServer
Description:
DCOM encounters error "Unable to update password. The value provided to the new password contains values that are not allowed in the password. "and cannot log on to the. \iwam_myserver to run the server:
3d14228d-fbe1-11d0-995d-00c04fd919c1}
Event Type: Warning
Event Source: W3SVC
Event Type: None
Event id:36
Date: 2001-9-9
Event: 11:20:26
Users: N/A
Computer: MyServer
Describe:
The server failed to transfer to the application '/lm/w3svc/4/root '. Error is ' runas ' format must be < domain >\< username > or just < username > '.
To get more information about this message, please visit the Microsoft Online Support site: http://www.microsoft.com/contentredirect.asp .
Two. Causal analysis
Comprehensive analysis of the above error performance we can see, mainly because the IWAM account (in My computer is the Iwam_myserver account) of the password error caused an HTTP 500 internal error.
In the detailed analysis of the causes of http500 internal errors, first of IWAM account for a brief introduction: IWAM account is installed IIS5 when the system automatically set up a built-in account, mainly for the start of the process outside the application of Internet Information Services. The name of the IWAM account differs depending on the NetBIOS name of each computer, and the common format is iwam_machine, which consists of the "IWAM" prefix, the connector "_" plus the NetBIOS name of the computer. My computer's NetBIOS name is myserver, so the name of the IWAM account on my computer is Iwam_myserver, which is very similar to the way IIS Anonymous account Isur_machine is named.
IWAM account is established by Active Directory, IIS metabase database and COM + application tripartite use, the account password is saved by three parties, and the operating system is responsible for the three-party saved IWAM Password synchronization work. According to common sense, the operating system is responsible for the work we can rest assured that there is no need to worry about mistakes, but I do not know is a bug or other reasons, the system of the IWAM account password synchronization work will sometimes fail, so that the three-party IWAM account password is not uniform. When IIS or COM + applications log on to the system using the wrong IWAM password, the system rejects the request because of a password error when the IIS Out-of-process pooled applications is started, causing IIS out-of-process pooled Applications failed to start, which is what we see in the id10004 Error event "Cannot run server 3d14228d-fbe1-11d0-995d-00c04fd919c1}" (Here 3D14228D-FBE1-11D0-995D-00C04FD919C1} is an IIS Out-of-process pooled applications key) and cannot be transferred to the IIS5 application, and HTTP 500 internal errors are generated.
Three. Solutions
Knowing the cause of the HTTP 500 internal error is easier to solve, which is the password for manually synchronizing IWAM accounts in Active Directory, IIS metabase database, and COM + applications.
The specific operation in three steps, all need to log on to the computer as an administrator to provide sufficient operational rights (IWAM account to Iwam_myserver for example).
(i) Change the password for the Iwam_myserver account in Active Directory
Because IWAM account password by the system control, randomly generated, we do not know what, in order to complete the following two steps of the password synchronization work, we have to IWAM account password set to a value we know.
1. Select Start-> program-> Administrative Tools-> Active Directory Users and Computers to start the Active Directory Users and Computers snap-in.
2, click "User", select the right "Iwam_myserver", right-click Select "Reset Password (t) ...", in the pop-up Reset Password box to iwam_myserver set a new password, here we set to "aboutnt2001" (no quotes), OK, wait for password modification to succeed.
(ii) Synchronization of passwords for Iwam_myserver accounts in IIS metabase
Perhaps because of the sensitivity and importance of this change, Microsoft has not provided an explicit user interface for us to modify the Iwam_myserver account password in IIS metabase, only with IIS5 provided a management script adsutil.vbs, which is located in C:\InetPub\ AdminScripts (location may vary depending on how you install IIS5).
The Adsutil.vbs script is powerful, has a lot of parameters and is complex to use, and only provides a way to modify the Iwam_myserver account password using this script:
adsutil set W3svc/wamuserpass password
The "password" parameter is the new password for the IWAM account you want to set up. Therefore, the command to modify the password for the Iwam_myserver account in IIS metabase to "aboutnt2001" is:
C:\inetpub\adminscripts>adsutil set W3svc/wamuserpass "aboutnt2001"
After a successful modification, the system will have the following prompts:
WAMUserPass: (String) "aboutnt2001"
(iii) iwam_myserver password for synchronizing COM + applications
To synchronize the iwam_myserver password used by COM + applications, there are two options: one is to use the Component Services MMC snap-in and the other is to use the IWAM Account Synchronization script Synciwam.vbs.
1. Use Component Services MMC snap-in
(1) Start Component Services Snap-in: Select Start-> run-> MMC, start the admin console, open the Add/Remove snap-in dialog box, add the Component Services snap-in.
(2) Locate "Component Services"-> "Computer"-> "My Computer"-> "COM + application"-> "Out-of-process Pooled Applications", right-click "Out-of-process Pooled Applications the "->" attribute.
(3) switch to the Flags tab of the Out-of-process Pooled Applications Properties dialog box. This application runs under the following account "This user" in the selection is selected and the username is "Iwam_myserver". These are all defaults and do not have to be changed. Enter the correct password "aboutnt2001" in the "password" and "Confirm password" text boxes below to confirm the exit.
(4) If the system prompts "the application is created by more than one external product." Are you sure you want to be supported by these products? "is OK.
(5) If we set some other Web application protection to high (standalone) in IIS, the IWAM account password for the COM + application used by the web will also need to be synchronized. Repeat (1)-(4) step, synchronize the other corresponding out of process application IWAM account password.
2, use IWAM Account Synchronization script Synciwam.vbs
In fact, Microsoft has found that the IWAM account in the password synchronization problem, so in the IIS5 management script for the IWAM account password Synchronization write a script synciwam.vbs, this script is located in C:\InetPub\ AdminScripts (location may vary depending on how you install IIS5).
Synciwam.vbs script usage is simpler:
cscript Synciwam.vbs [-v|-h]
The "-V" parameter represents the entire process of displaying script execution in detail (recommended), and the "-H" parameter is used to display simple help information.
We want to sync iwam_myserver account password in COM + application, only need to execute "cscript synciwam.vbs-v", as follows:
cscript c:\inetpub\adminscripts\synciwam.vbs-v
Microsoft (r) Windows Script Host version 5.6
Copyright (c) Microsoft Corporation 1996-2000. All rights reserved.
Wamusername:iwam_myserver
wamuserpass:aboutnt2001
IIS Applications defined:
Name, appisolated, package ID
W3SVC, 0, 3D14228C-FBE1-11D0-995D-00C04FD919C1}
Root, 2,
IISHelp, 2,
IISADMIN, 2,
IISSamples, 2,
MSADC, 2,
Root, 2,
IISADMIN, 2,
IISHelp, 2,
Root, 2,
Root, 2,
Out of process applications defined:
Count:1
3D14228D-FBE1-11D0-995D-00C04FD919C1}
Updating applications:
Name:iis out-of-process Pooled Applications key:3d14228d-fbe1-11d0-995d-00c04fd919c1}
As you can see from the execution of the above script, using Synciwam.vbs scripts is more comprehensive and quicker than using Component Services. It first finds the IWAM account "Iwam_myserver" from the IIS Metabase database and takes out the corresponding password "aboutnt2001" and finds all the defined IIS applications and out of process Applications and synchronizes the IWAM account password for each out of the process applications application.
When using the Synciwam.vbs script, be aware that before you run Synciwam.vbs, you must ensure that the IIS metabase database is consistent with the IWAM password in Active Directory. Because the Synciwam.vbs script obtains the password from the IIS metabase database instead of the IWAM account from Active Directory, if the password in the IIS metabase is incorrect, The password obtained by the Synciwam.vbs will also be incorrect, the synchronization operation to the "Updating Applications" system will report 80110414 errors, that is, the application is not found 3D14228D-FBE1-11D0-995D-00C04FD919C1} ".
OK, so far, IWAM account in Active Directory, IIS metabase database and COM + application three passwords have been synchronized successfully, your ASP program can also run!
After a successful modification, the system will have the following prompts:
---------------------------------------------------
After testing, the display should be
WAMUserPass: (String) "*******"