How to install ASP.NET on a domain controller?

Author: Internet Prodigal Box (formerly known as littlehb)

http://blog.9cbs.net/littlehb/

After installing the Microsoft Visual Studio .NET or Microsoft .NET framework on the domain controller or backup domain controller, if you try to run the ASP.NET application, the browser will display the following error message:

Server Application UNAVAILABLE

The Web Application You Are Attempting to Access On this Web Server IS Currently Unavailable.

Please hit the "refresh" Button in Your Web Browser to Retry Your Request.

In addition, the following events are logged in the system application event log:

ASPNET_WP.EXE COULD NOTBE LAUNCHED BECAUSE The UserName and / or Password Supplied in The ProcessModel Section of The Config File Are Invalid.

ASPNET_WP.EXE COULD NOT BE Started.

HRESULT for the failure: 80004005

This issue involves Internet Information Services (IIS) version 5.0 or higher.

By default, in order to provide a more secure environment, ASP.NET runs its auxiliary process with a weak account (named a local computer account called ASPNET). All user accounts on the domain controller or backup domain controller are domain accounts, not a local computer account. Therefore, ASPNET_WP.EXE failed to start because of the local account named "localmachinename / aspnet". To provide a valid user account on the domain controller, you must specify an explicit account in the section of the Machine.config file, or you must use the System account.

Note: If you try to debug before trying to browse the page (click the Start button), the exact same problem will occur.

To resolve this issue, use one of the following methods:

Create a weak account with the correct permissions, then configure the section of the Machine.config file to use the account.

In the section of the Machine.config file, set the username property to System.

Configure the section of the Machine.config file to use the administrator account.

Note: If the ASP.NET application is allowed to run as a System or administrator account, it will bring serious security issues. If any of the workarounds are used, the code running in the ASPNET_WP.EXE process will be able to access domain controllers and domain settings. The executable starting from the ASPNET_WP.EXE process is run in the same context, which can also access the domain controller.

Therefore, Microsoft recommends using the first variation. To use the first workaround solution, perform the following steps:

1. Create a user account called ASPUSER on your computer and add this account to "User Group". Note: This account can also be used if the password of the ASPNET account created by the .NET framework is changed. You must know the password of this account because you need to add this password to the section in the later step.

2. A user permission to the ASPUSER or ASPNET account to "log in to the batch job". Make sure this change is displayed in the Local Security Policy settings.

Note: To grant this account to user permissions "as a batch job login", you must authorize this user privilege in each of the following security policies (from the Control Panel "/" Administrative Tool ":

Domain controller security policy

Domain security policy

Local security strategy

Note: You must restart the server so that these changes take effect.

3 Make sure that the ASPUSER or ASPNET account has permissions to access the startup ASPNET_WP.EXE process and provide all directories and files necessary for the ASP.NET page.

4, open the Machine.config file. The path of this file is:% systemroot% / Microsoft.Net / Framework / V1.0.3705 / Config.

5, in the section of the Machine.config file, change the username and password properties to the name and password of the account created in step 1. For example: username = "domainname / aspuser" password = "aspuserpassword"

6, save the changes to the Machine.config file.