Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeGetting StartedGetting StartedInstalling DNN ...Installing DNN ...First Run Problems - EventQueue Issue ?First Run Problems - EventQueue Issue ?
Previous
 
Next
New Post
7/24/2006 1:14 AM
 
John Mitchell


www.snapsis.com
Joined: 4/18/2003
Posts: 3987

 

I agree Shane.  We have done a lot of work to make sure that DNN will work in as many environments as possible.

Just implementing the EventQueue in a way that it would work in Medium Trust caused a lot of extra work.

More on that can be read here: http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/460/Default.aspx

DotNetNuke Modules from Snapsis.com
 
New Post
7/24/2006 1:41 AM
 
Shawn Mehaffie

Joined: 1/4/2003
Posts: 2313
jmitchell wrote
Shawn,

The part you are missing is that the Website is configured to impersonate.  This is common in shared hosting scenarios to sandbox each website.  The configured identity for the AppPool should not be the identity that the app is running under because that identity is shared by many websites.

As stated earlier in the thread, apparently during startup the app has not switched to the impersonated user yet, and since the AppPool identity does not have permission in the website this error occurs.

It seems like an issue for Microsoft, but maybe they don't have any choice but to wait till later in the application lifecyle to switch to the impersonated user since this is probably when the Worker Process is being spun up.


If that is the case then how is the following a possible workaround

jmitchell wrote
Another option is to give the configured app pool identity special permission of only "delete" for the EventQueue folder.


If this is a workaround, then making sure the app pool identity has the same permissions as NetworkServices account is the fix for the issue.  The only reason you have to give the NetworkServices account List, Read, Execute, Write, Modify under Win2003 is becuase that it the identity the AppPool uses by default (instead of ASP.Net).  If you change this user then whatever you change this user to has to have the same permissions as the NetworkServices identity.  This also means that if this is changed when impersonation is used, then the impersonation account would also have to have the same permissions as the NetworkServices has.

Just so I understand this better.

Default IIS setup

AppPool: NetworkServices
WebSite: IUSR_.......

So in the scenerio that is causing the problem are these the same as above, or is one or both of them setup to be a different identities?  If so, which ones.  I am assuming the user being impersonated is the Website user, is that correct?  So based on the previous post if you use impersonation, then the appPool user is not used and the impersonated identity it used to run the web site and appPool?
 
New Post
7/24/2006 2:43 AM
 
John Mitchell


www.snapsis.com
Joined: 4/18/2003
Posts: 3987

 

Shawn,

I spent two hours today looking into the problem and trying different configurations. Once I was able to get the error to show itself, I added the AppPool Identity user to the NTFS permissions and gave it modify permissions which made the error go away.

I then reduced the permissions needed to the very minimum to allow it to still work.  This is not the best solution, just a work-around.

Why are you wanting to say that more permission should be granted to a user that they obviously don't want to allow access into each individual website?

To answer your last question, yes the AppPool Identity and the Anonymous Website User are different. When you turn on impersonate with anonymous access enabled the impersonated user is supposed to be the Anonymous Website user and in fact it is at some later point in the application life cycle or they wouldn't be able to upload files or modules.

 

DotNetNuke Modules from Snapsis.com
 
New Post
11/5/2006 9:21 AM
 
Ken Lea

www.leahosting.com
Joined: 5/20/2003
Posts: 19
I have been doing some looking into this myself. Basically, I thought why not do this task as a schedule. However, I have discovered that all the Schedule tasks seem to run under the App Pool identity. I believe that this is because when the scheduler is created to manage the tasks that is the account that is running at the time. It is my believe that this could cause more issues with scheduled services. Not sure what can be done about this.
 
New Post
11/5/2006 11:54 AM
 
John Mitchell


www.snapsis.com
Joined: 4/18/2003
Posts: 3987

Tanzy wrote
I have been doing some looking into this myself. Basically, I thought why not do this task as a schedule. However, I have discovered that all the Schedule tasks seem to run under the App Pool identity. I believe that this is because when the scheduler is created to manage the tasks that is the account that is running at the time. It is my believe that this could cause more issues with scheduled services. Not sure what can be done about this.

You are correct, the scheduler background thread is spun up at the same time in application_start so it too would have the same problem.  I have given this more thought as it concerns the EventQueue and have not been able to come up with a better solution that does not affect performance. 
If you do have other ideas, I would be happy to hear them.

Thanks for taking the time to help Tanzy.

Also, in this official IIS configuration document from Microsoft it shows that using unique identies for the application pool is the best practice as Shane pointed out earlier.  If it were configured this way it would not be a problem, and would even be more secure.

Also, it is not very difficult to work around.  Anytime that you install a module or update it's definitions you will get this error if your host is configured not to allow the application pool identity to have access to your website. All you need to do at that point is use FTP or some other method to manually delete the messages in the EventQueue that begin with Application_Start.

 

DotNetNuke Modules from Snapsis.com
 
 Page 3 of 12
Previous1234...12Next 
Previous
 
Next
HomeHomeGetting StartedGetting StartedInstalling DNN ...Installing DNN ...First Run Problems - EventQueue Issue ?First Run Problems - EventQueue Issue ?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out