.NET Questions and Solutions

Symptoms
If the last two or more components in a path match MS-DOS device names, you may receive an error message on a blue screen similar to the following example:

A fatal exception 0E has occurred at (address) in VXD (FSD) + (address). The current application will be terminated.
* Press any key to terminate the current application. * Press CTRL+ALT+DEL to restart your computer. You will lose any unsaved information in all applications.
Press any key to continue NOTE: The VXD in question is a File System Driver (FSD) from the list in the “More Information” section of this article.
If you do not restart your computer at this point, subsequent blue screen error messages occur and the computer does not shut down properly. It may be necessary to interrupt power to the computer to reset it successfully.
Alternatively, if your computer has a large amount of memory (for example, 192 MB), the mouse pointer may be displayed as an hourglass over the taskbar and you may be unable to run additional programs. The computer eventually becomes unresponsive to mouse and keyboard input.
Resolution
MS-DOS device names are reserved words and cannot be used as folder or file names. When parsing a reference to a file or folder, Windows correctly checks for the case in which a single MS-DOS device name is used in the path, and treats it as invalid. However, Windows does not check for the case in which the path includes multiple MS-DOS device names. When Windows attempts to interpret the device name as a file resource, it performs an illegal resource access operation that usually results in the computer becoming unresponsive.
Because you cannot create files or folders that contain MS-DOS device names, it is unusual for a user to try to gain access to one under normal circumstances. The chief threat posed by this vulnerability is that a malicious user can entice a user to attempt such an access. For example, if a Web site operator hosts a hyperlink that references such a path, when the user clicks the link, the computer may hang. Likewise, a Web page or HTML e-mail message that specifies a local file as the source of rendering information can cause the user’s computer to hang when it is displayed. If this happens, you can put the computer back into normal service by restarting it.

Symptoms
After you create a rule in Microsoft Outlook to move received e-mail messages to afolder, if the rule contains an exception that prevents the message from moving to thefolder if the message is from a specified user, the message is still transferred to the specified folder.
Resolution
This problem occurs because the user that you specified as an exception is contained in the Global Address List (GAL).

Symptoms
Consider the following scenario. A server is running Microsoft SQL Server 2005 Integration Services (SSIS). From a client computer, you use SQL Server Management Studio to connect to Integration Services on the server. To connect to Integration Services on the server, you use auser account that is not a member of the Administrators group on the server. In this scenario, you receive the following error message:

Cannot connect to SSISServer
Additional information:Failed to retrieve data for this request (Microsoft.SqlServer.SmoEnum)
Connect to SSIS Service on machine “SSISServer” failed: Access is denied.Note In this error message, SSISServer is a placeholder for the name of the server or for the IP address of the server.
However, you can successfully connect to Integration Services on the server locally by using the same user account that you used to connect to Integration Services from the client computer.
Resolution
To work around this problem, follow these steps:On the client computer, enable Windows Management Instrumentation (WMI) for remote administration. To do this, follow these steps:Click Start, click Run, type gpedit.msc, and then click OK.In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, and then expand Network.Expand Network Connections, expand Windows Firewall, and then click Domain Profile.Right-click Windows Firewall: Allow remote administration exception, and then click Properties.
Note In Windows Vista, right-click Windows Firewall: Allow inbound remote administration exception.In the Windows Firewall: Allow remote administration exception Properties dialog box, click Enabled, and then click OK.
Note In Windows Vista, the dialog box is the Windows Firewall: Allow inbound remote administration exception dialog box.On the server and on the client computer, specify that DCOM is available for all Microsoft COM applications. To do this, follow these steps:Click Start, click Run, type dcomcnfg, and then click OK.In the Component Services dialog box, expand Component Services, expand Computers, right-click My Computer, and then click Properties.In the My Computer Properties dialog box, click the Default Properties tab.On the Default Properties tab, click to select the Enable Distributed COM on this computer check box, and then click OK.On the server, add the user account to the Distributed COM Users group. To do this, follow these steps:Click Start, click Run, type lusrmgr.msc, and then click OK.In the Local Users and Groups dialog box, click Groups, and then double-click Distributed COM Users.In the Distributed COM Users Properties dialog box, click Add.In the Select Users dialog box, type the user name under Enter the object names to select, and then click OK two times.On the server, grant theappropriate permissions for the MsDtsServer DCOM application. To do this, follow these steps:Click Start, click Run, type dcomcnfg, and then click OK.In the Component Services dialog box, expand Component Services, expand Computers, and then expand My Computer.Expand DCOM Config, right-click the MsDtsServer object, and then click Properties.In the MsDtsServer Properties dialog box, click the Security tab.Under Launch and Activation Permissions, click Customize, and then click Edit.In the Launch Permission dialog box, click Add.In the Select Users or Groups dialog box, type the user name under Enter the object names to select, and then click OK.In the Launch Permission dialog box, click the user name under Group or user names.Under Permissions for UserName, click to select the Allow check box for the following permissions:Local LaunchRemote LaunchLocal ActivationRemote ActivationNote UserName is a placeholder for the user name that you clicked in step h.Click OK.In the MsDtsServer Properties dialog box, click Customize under Access Permissions, and then click Edit.In the Access Permission dialog box, click Add.In the Select Users or Groups dialog box, type the user name under Enter the object names to select, and then click OK.In the Access Permission dialog box, click the user name under Group or user names.Under Permissions for UserName, click to select the Allow check box for the following permissions:Local AccessRemote AccessClick OK two times.Restart the SQL Server Integration Services service.

Symptoms
When you try to start theSearch service in Microsoft Office SharePoint Server 2007, you receive the following error message:

An unhandled exception occurred in the user interface. Exception Information: OSearch (AccountName) In this error message, AccountName is the account name that is used as the Farm Search Service account.
Resolution
This behavior occurs ifyou do not use the “domain_name\user_name” format when enter an account namein the User name field.This field isnext to Farm Search Service Account on the Configure Office SharePoint Server Search Service Settings on server ServerName page.

Symptoms
When you install ASP.NET 1.1 on a computer running on a Windows 2000 Server domain controller with Service Pack 4 (SP4) installed, the IWAM account is not granted impersonate user rights for ASP.NET 1.1. When you request an ASP.NET 1.1 page, you may receive the following error message:

Server Error in ‘/iwamtest’ Application.
Access is denied.
Description An unhandled exception occurred during the execution of the current Web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details System.ApplicationException: Access is denied.
Source Error
An unhandled exception was generated during the execution of the current Web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace
[ApplicationException: Access is denied. ]

System.Security.Principal.WindowsIdentity._ResolveIdentity(IntPtr userToken) +0 System.Security.Principal.WindowsIdentity.get_Name() +71 System.Web.Configuration.AuthorizationConfigRule.IsUserAllowed(IPrincipal user, String verb) +100 System.Web.Configuration.AuthorizationConfig.IsUserAllowed(IPrincipal user, String verb) +81 System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +178 System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +60 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87
Resolution
You may experience the behavior when the user account that you use to run the program does not have the Impersonate a client after authentication user right(the SeImpersonatePrivilege function). When you upgrade Windows 2000 Server Domain Controller to SP4, the user account (IWAM) is not grantedSeImpersonatePrivilege, and then programs that use impersonation may not work correctly.

Symptoms
In a Microsoft ASP.NET Web application, when you try to impersonate a user from a secondary thread, a System.Security.SecurityException exception may occur. When the System.Security.SecurityException exception occurs, you receive the following error message:

An unhandled exception of type ‘System.Security.SecurityException’ occurred in Unknown Module.
Additional information: Unable to impersonate user.This behavior occurs if all the following conditions are true: You enable impersonation in the Web.config file of your application.In the <processModel> element of the Machine.config file, the value of the userName attribute is specified as Machine to run the ASP.NET worker process in the security context of the ASPNET local user account.You use Integrated Windows authentication for your application.This behavior does not occur in Microsoft Windows Server 2003 or in Microsoft Windows 2000 Service Pack 4 (SP4).
Resolution
If you enable impersonation in the Web.config file of your ASP.NET Web application, only the primary thread of the application impersonates the user who you have specified. The secondary thread and the other threads that you start in your application use the security context of the ASPNET local user account. However, only the impersonated user account can access the Thread object for the secondary thread. Because the ASPNET user account lacks the rights to access this Thread object, you cannot impersonate a user from the secondary thread.