Patches & Updates The .NET Framework 2.0 Problem Solution for Winbox



18 Nov 2005

The recent .NET Framework 2.0 update (KB829019) discloses a Winbox problem for those who had performed any H-Sphere upgrades between 2.4 and 2.4.2 patch 3 versions on Windows 2000 servers.

Symptoms:

Metabase becomes inaccessible for IIS manager MMC console, Metaedit tool, H-Sphere and other applicatons which request IIS metabase. It appears as "Access denied" error in IIS manager MMC console for wev virtual hosts. FTP and SMTP are not affected.

Who affected:

Customers who had performed any H-Sphere upgrades between 2.4 and 2.4.2 patch 3 versions on Windows 2000 servers.

Cause:

Versions of H-Sphere Winbox between 2.4 and 2.4.2 patch 3 launched the SharedSSL patch which consequently set the AdminAcl property of the /LM/W3SVC metabase key to grant access for local Adminitrators group and LocalSystem account to this key. The AdminAcl property was being set without METADATA_REFERENCE attribute by these versions. The recent Microsoft .NET Framework 2.0 update works incorrectly with this property and as a result, the metabase /LM/W3SVC key becomes inaccessible.

The verions since 2.4.2 patch 4 stoped setting this property without removing it from the metabase in case it had been set by 2.4 through 2.4.2 patch 3 versions.

Solution:

  • If you have not installed the .NET Framework 2.0 update yet, remove the AdminAcl property from the /LM/W3SVC metabase key before updating.
  • If you have installed it, perform the following steps:
    1. Create metabase backup and place it in some safe location where it cannot be affected by the IIS resinstall procedure.
    2. Donwload MBExplorer tool which can be obtained either from IIS 6.0 Resource Kit or from Psoft.
    3. Reinstall IIS.
    4. Launch MBExplorer tool. The clear metabase should be reflected there.
    5. In the Metabase menu select the Import key ... item.
    6. In the Import Key from File select IIS 4 & 5 Binary Backup (*.MD) file format and import the backup stored in step 1.
    7. Accept the message that secure records will be ignored. The imported metabase should be reflected above the original one.
    8. Rename the W3SVC key in the original hive and drag W3SVC from the imported hive to the original one.
    9. Rename the Logging key in the original hive and drag Logging from the imported hive to the original one.
    10. Rename the MSFTPSVC key in the original hive and drag MSFTPSVC from the imported hive to the original one.
    11. Rename the SMTPSVC key in the original hive if any and drag SMTPSVC from the imported hive to original one.
    12. Close MBExplorer and restart IIS.
    13. Synchronize the IWAM user password for all High isolated applications.
      Note: If you are using Serv-U for FTP hosting, it is also necessary to reset NTFS permission for all users folders:
      • Go to user folder properties [:\hshome\username]->Security tab
      • Delete dead SID for IUSR_ComputerName account
      • Add IUSR_ComputerName account
      • Set modify permissions.
    14. Restart H-Sphere services on WinBox.


Copyright 1998-2008. Positive Software Corporation.
All rights reserved.