|
Home > Archive > IIS Server Security > August 2005 > Permission denied writing to event log from global.asa after night
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Permission denied writing to event log from global.asa after night
|
|
| Jonas Back 2005-08-30, 6:00 pm |
| As a reference to the post "Permission denied when writing to eventlog from
global.asa" posted on 6/27/2005. Nobody seems to monitor that post anymore so
I post a new one.
We have an .asp-application running on a Win2003 SP1 with IIS that the user
access using their IE-browser on their XP-clients member of our AD-domain.
The applcation logs to the Event Log when the user performs specific actions
using the following code:
var WshShell = Server.CreateObject("WScript.Shell");
WshShell.LogEvent(strMsgLvl, strLogMsg);
It seems like it uses the actual user accessing the .asp-pages to write to
the event log. At first we just got an errormessage in the Application log:
Event Type: Warning
Event Source: Active Server Pages
Event Category: None
Event ID: 9
Date: 2005-06-27
Time: 08:34:02
User: N/A
Description:
Warning: IIS log failed to write entry, File
/LM/W3SVC/18856186/Root/global.asa Line 52 Permission denied. .
What we did then was to change the Security Identifier of the Event Log
(HKLM/System/CurrentControlSet/Services/EventLog/Application) to allow
Built-In Guests and the SID for Domain Users to write to the event
logApplication Log. So the total key is:
O:BAG:SYD D;;0xf0007;;;AN)(A;;0xf0002;;
;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x
7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3
;;;S-1-5-3)(A;;0x2;;;S-1-5-21-1235689106-1791386253-4322286387-513)
And that works and it logs whatever we want but only until the night and the
next morning it has stop working and we get the Permission Denied error in
the Application log instead.
But if I check the registry key, it's intact and nothing has changed. If I
just reboot the server, logging starts working again until the next night and
so on. We don't have any changes made to the OS during the night but we do
manage security settings using GPOs and if I check the event log what have
happened during the night I can see a message "Security policy in the Group
policy objects has been applied successfully." But I've tried, after reboot
when logging works again, to do a gpupdate /force but logging continues to
work properly, again until the night when it stops working again. I can't
find any other messages in the event log that has anything to do with this.
Any ideas?
| |
| WenJun Zhang[msft] 2005-08-31, 7:50 am |
| Hi,
I believe the problem is too complicated to be tracked down in the
newsgroup. It's not a pure IIS issue. You need to create an incident
to our product support service for assistance. May an AD engineer
need to be involved into the troubleshooting. Below is the link to
contact PSS:
http://support.microsoft.com/defaul...US;PHONENUMBERS
Best regards,
WenJun Zhang
Microsoft Online Partner Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
|
|
|