|
Abstract
MACHINE.CONFIG FILE PERMISSIONS ARE CORRUPTED WHEN THE .NET PROV
IDER FEATURE IS INSTALLED
Error Description
** Last updated 08 24 2009 **
When a customer installs or uninstalls System i Access for
Windows V6R1M0, or performs an upgrade, using an install image
from the GA, service pack SI31251, or service pack SI31390
levels, the file permissions of the machine.config file may
be adversely modified. This can happen when the .NET
Provider feature is installed or uninstalled, or when a
Complete install or uninstall is performed.
This modification of the machine.config file may cause
problems with applications such as Microsoft Internet
Information Services (IIS) and other functions that read the
contents of machine.config. This document includes
information about how to avoid the problem, and how to fix the
problem if you have already experienced a failure.
Problem:
--------
In System i Access for Windows V6R1M0, entries are added into
the machine.config file on behalf of the .NET Provider. In
early versions of V6R1M0, the method used to modify the
machine.config file caused the file permissions to be
overwritten. As a result, some applications fail because the
caller does not have sufficient permissions to read the
contents of the machine.config file. Many applications that
use the .NET Framework read from machine.config, including IIS
and Visual Studio. A symptom of this problem when using a
website hosted through IIS might result in the following error
message:
'HTTP Error 503. The service is unavailable'
On Windows Vista, you may see an entry in the Event Viewer
under Administrative Events which identifies a problem with
machine.config:
'Cannot read configuration file due to insufficient permissions'
With other applications, an error may be displayed which
indicates that access to machine.config is denied, or the
application may not work correctly.
How to examine machine.config file permissions
----------------------------------------------
First, use Windows Explorer to locate the .NET Framework 2.0
version of machine.config. This is usually located in this
path:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG.
Right-click on the machine.config file and select 'Properties.'
Click on the 'Security' tab. You will see the file permissions
listed for each user or set of users that have any permissions
to the file.
Note: If you do not see the 'Security' tab, go to your folder
options and clear the 'Use simple file sharing [Recommended]'
check box. This check box can be reset after following the
recommendations in this document.
Resolution:
-----------
The resolution for this problem depends on whether you have
already installed an early version of System i Access for
Windows V6R1M0 and experienced the machine.config file
authority problem, or if you are starting with a machine that
has not experienced this problem.
Scenario 1 - Your PC file permissions are intact
------------------------------------------------
Starting with service pack SI32504, System i Access for Windows
changed the way it modifies the machine.config file, so the
file permissions are no longer altered. Installs that are
performed using an installation image containing this service
pack or later will preserve existing machine.config authorities.
To perform an install using an image that does preserves the
machine.config authorities, you can choose one of the following
options:
1. Create an Administrative image, and apply the latest V6R1M0
service pack to it. Then, use the updated Administrative
image to install System i Access for Windows V6R1M0.
2. Apply service pack SI32504 or later to the System i Server,
and then install from the licensed program by mapping a
drive to the IBM i, for example: \\mySystem\QIBM
Scenario 2 - Your PC file permissions were not preserved
---------------------------------------------------------
Once your machine.config file permissions are incorrectly
modified, the authorities must be added back in. Simply
installing a newer System i Access for Windows service pack
onto a PC whose machine.config authorities have already been
altered will not fix the authority problem.
If you are experiencing problems with a particular application,
you can try uninstalling and reinstalling that application.
If that application needs particular machine.config authorities,
it may add the correct authorities, and thus enable the
application to run correctly. Alternatively, you can manually
add authorities to machine.config.
To manually add authorities to machine.config:
- First, determine which user(s) need access to the file
- Next, display the machine.config file permissions (see above)
- If your user or users are not listed there, click the 'Add '
button, and add each user
- Be sure the user has at least 'Read'authority to the
machine.config file
Example - IIS authority
-----------------------
In this example, a PC running Windows Server 2003 is using IIS.
To determine which user account IIS runs under, bring up
Internet Information Services (IIS) Manager, right-click on the
web site and select 'Properties.' Click on the 'Home Directory'
tab and note the Application Pool. In this example, the
'DefaultAppPool' is used.
Next, locate the 'DefaultAppPool' in IIS Manager, under
'Application Pools.' Right-click and select 'Propertie' for
that AppPool. Click on the 'Identity' tab and note which
account is used for the selected application pool. In this
example, the 'Network Service' account is used for the
DefaultAppPool.
Next, go back to the file permissions for machine.config.
While viewing the permissions, click the 'Add ' button. To see
the list of available users or groups, click 'Advanced'and
then 'Find Now.' Scroll down the list until you find the
appropriate userid, in this example 'NETWORK SERVICE.' Select
the item, and click 'OK' twice to add the selected item to the
permissions list. Make sure the selected user name has at
least 'Read' authority to the machine.config file.
Click 'OK'to dismiss the dialog and apply the file permission
change.
Problem Summary
Problem Conclusion
Temporary Fix
Comments
Information APAR
Circumvention
PTFs Available
Affected Modules
Affected Publications
Summary Information
| Status............................................
|
CLOSED CAN
|
| HIPER...........................................
|
No
|
| Component..................................
|
|
| Failing Module..........................
|
|
| Reported Release...................
|
R610
|
| Duplicate Of..............................
|
|
System i Support
IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright
© 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the
Terms of use
link for trademark information.
|
