Microsoft KB Archive/927672

= Server activation fails when you use a SOAP WSDL moniker to activate a COM+ SOAP-enabled server on a computer that is running Windows Vista =

Article ID: 927672

Article Last Modified on 4/25/2007

-

APPLIES TO


 * Windows Vista Enterprise
 * Windows Vista Enterprise 64-bit Edition
 * Windows Vista Ultimate
 * Windows Vista Ultimate 64-bit Edition
 * Windows Vista Business
 * Windows Vista Business 64-bit Edition
 * Windows Vista Home Premium
 * Windows Vista Home Premium 64-bit Edition
 * Windows Vista Home Basic
 * Windows Vista Home Basic 64-bit Edition

-



SYMPTOMS
When a client computer uses a SOAP Web Services Description Language (WSDL) moniker to activate a COM+ SOAP-enabled server on a computer that is running Windows Vista, server activation fails. Additionally, you receive an error page that resembles the following:

HTTP Error 404.11 - Not Found

Description: The request filtering module is configured to deny a request that contains a double escape sequence.

Error Code: 0x00000000

Notification: BeginRequest

Module: RequestFilteringModule

Requested URL:

Physical Path:

Logon User: Not yet determined

Logon Method: Not yet determined

Handler: HttpRemotingHandlerFactory-rem-Integrated

Most likely causes:

The request contained a double escape sequence and request filtering is configured on the Web server to deny double escape sequences.

What you can try:

Verify the configuration/system.webServer/security/requestFiltering@allowDoubleEscaping setting in the applicationhost.config or web.confg file.

More Information... This is a security feature. Do not change this feature unless the scope of the change is fully understood. You should take a network trace before changing this value to confirm that the request is not malicious. If double escape sequences are allowed by the server, modify the configuration/system.webServer/security/requestFiltering@allowDoubleEscaping setting. This could be caused by a malformed URL sent to the server by a malicious user.

Server Version Information: Internet Information Services 7.0.



CAUSE
This problem is not a COM+ SOAP service-specific problem. This problem occurs because of a Microsoft Internet Information Services (IIS) 7.0 security enhancement in Windows Vista. When a client computer activates a COM+ SOAP-enabled server, .NET Framework remoting generates a URL. However, the URL that .NET Framework remoting generates contains a double escape sequence. By default, IIS 7.0 rejects URLs that contain a double escape sequence. Therefore, IIS 7.0 denies the request with a 404.11 (not found) error message, and the server activation fails.

Note URLs that contain a double escape sequence work in earlier versions of IIS.



WORKAROUND
To work around this problem, follow these steps:  Locate the following directory:

%windir%\System32\inetsrv\config

 Open the applicationHost.config file in a text editor such as Notepad.  In the applicationHost.config file, locate the following code:    Replace the code that you found in step 3 with the following code:   Locate the following diretory:

%windi%\System32\com

 Double-click the directory of the SOAP-enabled server that you want to activate.</li> Open the web.config file in a text editor such as Notepad.</li>  In the web.config file, locate the following code: </li>  Replace the code that you found in step 8 with the following code: <system.webServer> <requestFiltering allowDoubleEscaping=&quot;True&quot;/> </system.webServer> </li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="references_section">