The following error happens during NSSetup: “Server Error in '/Altiris/NS' Application”
search cancel

The following error happens during NSSetup: “Server Error in '/Altiris/NS' Application”

book

Article ID: 151876

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The following errors can occur directly after installation on the first attempt to load NSSetup.aspx, or when loading the console: “Server Error in '/Altiris/NS' Application. Access denied to 'f:\inetpub\wwwroot\web.config'. Failed to start monitoring file changes.” 
 

Description: An unhandled exception occurred during the execution of the current Web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Access denied to “F:\inetpub\wwwroot\web.config”. Failed to start monitoring file changes.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:
[HttpException (0x80070005): Access denied to 'f:\inetpub\wwwroot\web.config'. Failed to start monitoring file changes.]

   System.Web.DirectoryMonitor.AddFileMonitor(String file) +381

   System.Web.DirectoryMonitor.StartMonitoringFile(String file, FileChangeEventHandler callback, String alias) +76

   System.Web.FileChangesMonitor.StartMonitoringFile(String alias, FileChangeEventHandler callback) +322

   System.Web.Configuration.HttpConfigurationSystem.AddFileDependency(String file) +139

   System.Web.Configuration.HttpConfigurationSystem.ComposeConfig(String reqPath, IHttpMapPath configmap) +503

   System.Web.HttpContext.GetCompleteConfigRecord(String reqpath, IHttpMapPath configmap) +434

   System.Web.HttpContext.GetCompleteConfig() +48

   System.Web.HttpContext.GetConfig(String name) +195

   System.Web.CustomErrors.GetSettings(HttpContext context, Boolean canThrow) +20

   System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow) +40
  

System.Web.HttpRuntime.FinishRequest(HttpWorkerRequest wr, HttpContext context, Exception e) +480

or

Server Error in '/Altiris/NS' Application Runtime Error

Description: An application error occurred on the server. The current customer error settings for this application prevent the details of the application error from being viewed.

Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tab within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".

<!--Web.config configuration File -->

<configuration>
<system.web>
<customErrors mode=RemoteOnly"/>
</system.web>
<configuration>

Notes: The current error page you are seeing can be replaced by a customer error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!--Web.config configuration File -->

<configuration>
<system.web>
<customErrors mode=On" defaultRedirect="mycustompage.htm"/>
</system.web>
<configuration>

 

Cause

There are inadequate permissions set for the ASPNET or Network Service account. 

Resolution

Verify that the following locations have adequate permissions based on the information below. They may have permissions because they are a member of a group with permissions but this needs to be verified.

Local Security Policies

Security Policies are set by going to Administrative Tools, Local Security Policy. Browse down into the Local Security, and select User Rights Assignment. The account being used for the Application Identity and the ASPNET account need the following rights:

  • Access this computer from the network
  • Act as Part of the OS
  • Impersonate a client after authentication
  • Logon as a batch job
  • Logon locally

NTFS Permissions

Verify that the security of the Documents and Settings folder as follows:

  • The Network Service user with Full Control permissions

Verify that the Program Files\Common Files folder security as follows:

  • The Network Service user with List, Read, and Execute permissions
  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the Inetpub folder security as follows:

  • The Network Service user with List, Read, and Execute permissions

Verify that the Inetpub\wwwroot folder security:

  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the security of the %windir%\Microsoft.NET\Framework\v1.1.4322 folder:

  • The Network Service user with Full Control permissions

Verify that the %windir%\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll file security as follows: /

  • The IUSR_% user with Read and Execute permissions
  • The IIS_WPG group with Read and Execute permissions

Verify that the security of the %windir%\Help, %windir%\Assembly, and %windir%\Fonts folders as follows: (Use Ctrl key to select all 3 folders at once. Click properties on Help or Fonts, not Assembly.)

  • The Network Service user with List, Read, and Execute permissions

Verify that the security of the %windir%\WinSxS folder:

  • The Network Service and/or the ASPNET user with List, Read, and Execute permissions

Verify that the security of the %windir%\Temp, %systemroot%\temp, %systemroot%\tmp, %windir%\Registration, and %windir%\Debug folders (use the <Ctrl> key to select all folders at once) as follows:

  • The Network Service user with Full Control permissions

Verify that the %windir%\IIS Temporary Compressed Files folder security:

  • The Network Service user with Full Control permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the security of the %windir%\System32 folder as follows:

  • The Network Service user with List, Read, and Execute permissions
  • The Local Service group with List, Read, and Execute permissions 

     Note: Local Service is a hidden group.)

Verify that the %windir%\System32\MsDtc folder as follows

  • The Local Service group with Modify, List, Read, Execute and Write.
  • The Network Service group with Modify, List, Read, Execute and Write.

Verify that the %windir%\System32\Inetsrv folder security:

  • The Network Service user to with Full Control permissions
  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the security of the %windir%\Help\iisHelp\common folder as follows:

  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the security of the %NSinstallpath%\Altiris folder:

  • The Network Service user with List, Read, and Execute permissions

Verify the %NSinstallpath%\Altiris\Altiris Web folder security as follows:

  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify the security of the %NSinstallpath%\Notification Server\Logs folder:

  • The Network Service user with Full Control permission
  • The IUSR_% user with Full Control permissions
  • The IIS_WPG group with Full Control permissions

Verify the security of the %NSinstallpath%\Notification Server\NScap\Bin, and Notification Server\NScap\Help folders as follows (use <Ctrl> key to select both folders at once.):

  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the security of the %NSinstallpath%\Notification Server\NScap\EvtInbox folder:

  •  The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

    Note: The ‘IUSR_%’ user & local ‘Users’ group will require Full Control of this folder if strand alone inventory is to be posted to the Notification Server

Verify that the security of the %NSinstallpath%\Notification Server\NScap\EvtQFast, Notification Server\NScap\EvtQLarge, Notification Server\NScap\EvtQSlow, Notification Server\NScap\EvtQueue, and Notification Server\NScap\Temp folders (use the <Ctrl> key to select all 3 folders at once) as follows:

  • The Network Service user with Full Control permissions
  •  The IUSR_% user with Write and Modify permissions
  • The IIS_WPG group with Write and Modify permissions

Verify that the security of the %NSinstallpath%\Notification Server\Agent folder:

  •  The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions

Verify that the security of the %NSinstallpath%\Notification Server\Bin\Aexloglib.dll, and Notification Server\Bin\AeXNSEventRouter.dll files as follows:

  • The IUSR_% user with Read and Execute permissions
  • The IIS_WPG group with Read and Execute permissions

Verify that the %NSinstallpath%\Notification Server\Bin\Isapi folder security:

  • The IUSR_% user with List, Read, and Execute permissions
  • The IIS_WPG group with List, Read, and Execute permissions
  1. At the command prompt run "C:\Windows\Microsoft.Net\Framework\v1.1.4322\aspnet_regiis.exe –i". At the command prompt run the "iisreset" command.
  2.  

Note:  Items 1 and 2 should be run after any NTFS permissions change.


Applies To

Notification Server

Powered by Wolken Software