IIS 6.0 COM App cant write to event log

IIS 6.0 COM App cant write to event log

Post by Robb Murdo » Sat, 25 Oct 2003 07:01:44


Greetings:

Ever since I moved to IIS 6.0/Win 2003 Server Web, my
ISAPI dll can't write to the event log using the vb
app.logevent method. There is no error, just no data. If
I evoke the ISAPI DLL from a stand-alone app running as a
logged in user, it works fine; and also works fine under
IIS 5.0/Win2K.

I know IIS 6.0 comes totally locked down out of the box;
but I can't figure out how to turn on this kind of access
permissions.

Ironically, I need to see the event log to find out why
other application level things are failing!

Can anybody offer a suggestion ?

Thanks,

Robb
 
 
 

IIS 6.0 COM App cant write to event log

Post by v-wdx » Sat, 25 Oct 2003 12:40:49

Hi Robb,

I'd suggest you check the process mode of your IIS6. The default porocess mode of IIS6 after one clean installation is worker process isolation mode
(WPIM). For compatibility, IIS6 provides another process mode "IIS5 isolation mode" for these web applications. I'd suggest you can test your ISAPI
DLL in the IIS5 isolation mode. You can change the process mode from IIS6 mmc. Please follow the steps:

1. type inetmgr in the start->run windows
2. IIS mmc windows popup
3. right-click web sites and select properties
4. choose service tab
5. in the Isolation mode area, select "Run www service in IIS5.0 isolation mode"
6. press OK to restart your IIS service.

Furthermore, one MSDN article can provide many detailed information for you on this topic. Please go to:
New System Architecture
http://www.yqcomputer.com/

For the ISAPI, I'd also suggest one msdn article will provide some assistance for you on the troubleshooting. Please go to:
ISAPI and the Web Application Architecture
http://www.yqcomputer.com/

Please feel free to let me know if you have any questions.

Does this answer your question? Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
 

IIS 6.0 COM App cant write to event log

Post by Robb Murdo » Sun, 26 Oct 2003 00:37:36

Wei:

Thanks for your quick reply. I tried what you suggested
with no luck.

I also set up a standard user as a member of the admin
group and set the web site's anonymous user to this user
and set the Application Pool's user to this one as well.
Still nothing in the event log.

Can you think of anything else ? Is there some log
somewhere that would have any clues to this ?

Thanks,

Robb

default porocess mode of IIS6 after one clean installation
is worker process isolation mode
mode "IIS5 isolation mode" for these web applications. I'd
suggest you can test your ISAPI
process mode from IIS6 mmc. Please follow the steps:
IIS5.0 isolation mode"
information for you on this topic. Please go to:
us/iisref/htm/newsystemarchitecture.asp?frame=true
provide some assistance for you on the troubleshooting.
Please go to:
us/iisref/htm/isapiandwebapplicationarchitecture.asp?
frame=true
Microsoft NewsGroup!
confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by v-wdx » Tue, 28 Oct 2003 11:05:01

Hi Robb,

Thank you for replying!

It will be appreciated you tell me which kind your ISAPI dll is: ISAPI Filter or ISAPI Extension.

For the filter, there is two kb articles may help you some on this issue. Please go to:
327611 IIS 6.0: ISAPI Filters for Earlier Versions of IIS May Not Load
http://www.yqcomputer.com/

317204 IIS 6.0: ISAPI Filter Loads After First Request to the Web Site
http://www.yqcomputer.com/

If the issue remains, I'd suggest you tell me more about the scenario for this issue.

Please feel free to let me know if you have any questions.

Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by Robb Murdo » Wed, 29 Oct 2003 03:05:46

Wei-Dong:

I really appreciate your help on this issue.

Here's the scenario.

I have written an ActiveX DLL.
I have created a WSDL from it using the SOAP Toolkit.
I have Installed SOAP 3.0 on the web server.
I have registered the WSDL extension to point to the
SOAPIS30.DLL
I have set up the ananomous user for the site to be a
local user with USER privledges.
I have set an Application Pool with the same user (also
adding that user to the IIS_WPG).

When I connect from a SOAP client, my ActiveX DLL starts
and works just fine, except that any writes to the Event
log are ignored.

If I also add the local user to the Administration group,
then it will write.

I tried chaning the web server to IIS 5.0 Isolation mode;
but that made no difference. I don't think I would want
to do that anyway as I would like to take advantage of the
IIS 6.0 features.

The app needs the ability to write to the event log in
order to track should-not-occur conditions. I can't leave
the user as part of the administration group and get
passed a security audit; nor can I wait till an error
occurs and then switch to the administration privledges
and expect the use to re-create the condition so I can get
a trace.

Can you think where I might be able to look next to figure
this out ?

THanks,

Robb Murdock
dll is: ISAPI Filter or ISAPI Extension.
some on this issue. Please go to:
May Not Load
the Web Site
the scenario for this issue.
confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by v-wdx » Wed, 29 Oct 2003 17:40:24

Hi Robb,

Thank you for replying and the detailed information about this issue!

These information is really very helpful for me to know more about your issue. In you scenario, you'd better check whether the user account you
specify to the worker process has the "manage auditing and security right" user permission in your box. You can check this from "start->control
panel->Administrative Tools->Local Security Policy".

Then select "Local policies->User Right assignment". Double click the "manage auditing and security right" and one window will pop up. By default,
only administrators group is added into this user right. You can add your user account into the right.

After that, please restart the IIS service with "IISreset" command. Type "IISreset"(withou quotation) in start->run. When iis restarts, you can start
testing your dll.

Please feel free to let me know if you have any further questions.

Does this answer your question? Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by Robb Murdo » Thu, 30 Oct 2003 04:42:19

Wei-Dong:

Thanks for continuing to help me on this.

I tried your suggestion; but it made no difference. It
seems that the only thing that will enable the write to
the event log to actually work is adding the user to the
administrator group.

Any other ideas ?

Thanks,

Robb Murdock
this issue!
more about your issue. In you scenario, you'd better check
whether the user account you
and security right" user permission in your box. You can
check this from "start->control
Double click the "manage auditing and security right" and
one window will pop up. By default,
You can add your user account into the right.
with "IISreset" command. Type "IISreset"(withou quotation)
in start->run. When iis restarts, you can start
questions.
Microsoft NewsGroup!
confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by v-wdx » Thu, 30 Oct 2003 11:43:34

Hi Robb,

Thank you for replying!

In fact, event log is used for the system administrator to maintain the box so that from your test, only the administrators account group can write to
event log. For more information about the right and privilege for event logging, I'd suggest you can find detailed event log security informaton from
the article from Msdn.microsoft.com. Please go to:
http://www.yqcomputer.com/

Please feel free to let me know if you have any further questions.

Does this answer your question? Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by Robb Murdo » Thu, 30 Oct 2003 12:34:37

Wei-Dong:

I am not sure what you are suggesting here. The event log
is used for more than just system administrators. If I
write a simple VB test app that uses App.LogEvent, I can
log in as the user that I am assigning to IIS and log an
event entry.

The issue is that IIS, using the same login account can't
write to the event log in IIS 6.0/Win2003 Server Web
Edition.

All of this works fine on IIS 5.0/Win2K.

Am I at a dead end; or is there somewhere else I can look ?

Thanks,

Robb Murdock


to maintain the box so that from your test, only the
administrators account group can write to
privilege for event logging, I'd suggest you can find
detailed event log security informaton from
us/debug/base/event_logging_security.asp?frame=true
questions.
Microsoft NewsGroup!
confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by v-wdx » Thu, 30 Oct 2003 18:58:00

Hi Robb,

Thank you for replying!

I'd suggest you can enable the security auditting for this issue which may help you to find the culprit. You can follow the steps:

1. go to start->Administrative->Local Security Policy
2. press Local polices->Audit Policy
3. double click "Autid object access" which is set to "No auditting" by default.
4. select successful and failure and Ok to exit.

This security setting determines whether to audit the event of a user accessing an object that has its own system access control list specified. You
can obtain more help from the audit help.

After that, try to test your application and IIS, then check the security event log to find the related security message.

Please feel free to let me know if you have any questions.

Thank you for using Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
 
 

IIS 6.0 COM App cant write to event log

Post by John Alder » Fri, 31 Oct 2003 12:52:58

Robb,

Have a look at the CustomSD attribute for the Application Event Log. This
should allow you to modify the default Security Descriptor applied for
access to the individual default Event Logs. See this KB for more info:

http://www.yqcomputer.com/ ;en-us;323076

Note I have not tried to modify this as yet but it's on my short list of
things to do to document how our app developers can continue to log to the
Event Log. If you are still having issues, drop me a note and I'll try to
follow up with you when I do test.

John Alderson
 
 
 

IIS 6.0 COM App cant write to event log

Post by Robb Murdo » Fri, 31 Oct 2003 14:55:31

John:

Thanks for the heads-up.

I saw that article; but it's absoutely Greek to me. I
don't get the whole SDDL thing.

Any guidance on how to set this would be awesome.

Thanks,

Robb Murdock
XXXX@XXXXX.COM

Event Log. This
Descriptor applied for
for more info:
us;323076
my short list of
continue to log to the
note and I'll try to


log
can't
look ?
and
 
 
 

IIS 6.0 COM App cant write to event log

Post by John Alder » Fri, 31 Oct 2003 21:15:15

obb,

SDDL isn't too bad once you've gone through it a couple of times. It
actually takes on a certain elegance almost. Take the example string:

O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;;
0x5;;;BA)(A;; 0x7;;;SO)(A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;;
0x2;;;NS)

The ACEs are the things in parens. The first letter, D or A, is Denied or
Allowed AceType. The value, 0xf0007, 0x3, 0x2, etc indicates a permissions
mask. The last set of letters indicates a built-in group or user. For
instance, SY is SYSTEM, BA is Builtin\Administrators, etc. To add an ACE
for a custom user, you put the SID there in place of the two letter
designation. Just add the ACE to the end of this string and go. I don't
know if the change is dynamic. Many system services register callbacks for
change events to their config so that when a registry entry defining their
configuration changes, they can react and load the change. This is
something I'll be testing.

When I get a chance to look at this further, I'll post back. It won't be
for a few weeks though. Give this a go and see if it helps...

John Alderson


"Robb Murdock" < XXXX@XXXXX.COM > wrote in message
news:075901c39eaa$6d5f0ac0$ XXXX@XXXXX.COM ...

 
 
 

IIS 6.0 COM App cant write to event log

Post by Q2hyaXMgVm » Wed, 17 Dec 2003 03:26:13

I have been having the same problem and have not found a solution. I have a VB6 COM Object running on server 2003 with IIS6. The command App.LogEvent will not log to the Application Log. This makes it very difficult to debug the COM object

I have tried the following with no succes
1). adding both IUSER and IWAM to the Administrators accoun
2). adding both IUSER and IWAM to the "Manage auditing and security log" in
Local Sucurty Settings\User Rights Assignment

This seems strange that windows 2003 would not allow com objects to write to the application log. Any other help besides having to modify the SDDL string

Cheer

Christopher
 
 
 

IIS 6.0 COM App cant write to event log

Post by amF5IG1hY2 » Sun, 29 Feb 2004 04:51:06

you may want to look at this article. maybe the account does not have priviledges to write to the app lo

http://www.yqcomputer.com/ %3Ben-us%3B32307