I am trying to upgrade from HAP+ v8.4 to v8.7. I have an existing 8.4 that is working. I've tried both a migration (using the old hapconfig.xml file from the 8.4) as well as a clean install and end up with this error once the setup process is complete:
Server Error in '/HAP' Application.
Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.] System.Diagnostics.EventLog.FindSourceRegistration (String source, String machineName, Boolean readOnly, Boolean wantToCreate) +714 System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate) +460 System.Diagnostics.EventLog.SourceExists(String source) +22 HAP.Web.Global.Application_Start(Object sender, EventArgs e) +93
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
I have already tried increasing the trust level in web.config, and I have edited permission in the registry to grant "NETWORK SERVICE" read access to HKLM\System\CurrentControlSet\services\eventlog\Se curity
This system is Windows Server 2008 R2 Enterprise SP1 with all updates. Nothing else runs on this box; it was set up specifically for testing out HAP+.
AFAIK, it looks like there's a security violation, but the error here is actually only telling me that it can't tell me any more than that (thus, "unhandled" exception).
Select Start - Run, then enter: regedt32
Navigate/expand to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
Right click on this entry and select Permissions
Add the IIS AppPool\HAP User
Give it Read permission
I had found other forum posts which indicated that the "NETWORK SERVICE" user accounted for the IIS application pools. I didn't need to make any changes to the registry entries, or add permissions to the Application log; adding the "IIS AppPool\HAP" account with read permission to the "security" key in the registry fixed it.
Good to hear. HAP+ uses it's own application pool to avoid cross contamination and to reduce the surface area of a possible attack, it's best practice in IIS7 to use separate app pools and customize the folder permissions to reduce the surface area
Okay, the fix above worked so thanks guys. I did then have the issue of Access to the path 'c:\inetpub\wwwroot\hap\app_data\hapconfig.xml' is denied for some reason and I upgraded in the usual way. Added the HAP pool back in for the App_data folder and it's happy again.
Great work as always!
Last edited by MrBrow; 17th January 2013 at 12:40 PM.
Adding IIS AppPool\HAP into the permission list for the 'Security' folder within REGEDIT didn't work for me. Now receiving a new error in the form of:
Exception Details: System Runtime.InteropServices.COMException: Unknown error (0x80005000)