Microsoft KB Archive/840370

= You receive a “COMException” error message when you browse a Microsoft Content Management Server 2002 Web site =

Article ID: 840370

Article Last Modified on 3/9/2005

-

APPLIES TO


 * Microsoft Content Management Server 2002

-





SYMPTOMS
When you browse a Web site that is configured with Microsoft Content Management Server (MCMS) 2002, you may receive the following error message in Microsoft Internet Explorer:

Unhandled Execution Error Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException:

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80041b58)]

Microsoft.ContentManagement.Interop.Publishing.CmsHttpContextClass.Initialize(String currentUrl, String httpHostName, Int32 serverPort, Boolean isSecureServer, Int32 iisInstanceId, String remoteMachineAddress, String authenticationType, String authenticationToken, Int32 windowsUserHandle, String ClientAccountName) +0 Microsoft.ContentManagement.Publishing.CmsHttpContext.initialize(IntPtr windowsToken, String cmsAuthToken, String clientUserName, String clientAccountType) +297

Microsoft.ContentManagement.Publishing.CmsHttpContext.getCmsHttpContextFromIdentity( HttpContext httpContext) +1088 Microsoft.ContentManagement.Publishing.CmsHttpContext.get_Current +57

[CmsServerException] Microsoft.ContentManagement.Publishing.CmsHttpContext.get_Current +251

Microsoft.ContentManagement.Web.Security.CmsAuthorizationModule.Application_OnAuthor izeRequest(Object source, EventArgs e) +83 System.Web.SyncEventExecutionStep.Execute +60 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87



CAUSE
This issue may occur if MCMS 2002 is installed on a Web server that is running Microsoft Windows 2000 Service Pack 4 (SP4) or later. When Windows 2000 SP4 or later is installed, the local security policy of the server is updated to a new security policy that is named &quot;Impersonate a client after authentication.&quot;

If you browse any MCMS Web site that sends a request to an MCMS Web server, the request requires that the local ASPNET user account have permissions in the &quot;Impersonate a client after authentication&quot; policy to process the request. By default, the ASPNET account does not have permissions in the &quot;Impersonate a client after authentication&quot; policy. You must manually add the ASPNET account to the permissions settings of the &quot;Impersonate a client after authentication&quot; policy.



RESOLUTION
To resolve this issue, you must add the ASPNET user account to the permissions of the &quot;Impersonate a client after authentication&quot; policy, and then you must restart Microsoft Internet Information Services (IIS).

To add the ASPNET user to the permissions of the &quot;Impersonate a client after authentication&quot; policy, follow these steps:
 * 1) Click Start, point to Administrative Tools, and then click Local Security Policy.
 * 2) Expand Local Policies, and then click User Rights Assignment.
 * 3) In the right pane, right-click Impersonate a client after authentication, and then click Properties.
 * 4) In the Impersonate client after authentication Properties dialog box, click Add User or Group.
 * 5) In the Enter the object names to select (examples) box, type ASPNET.
 * 6) Click OK, and then click OK again.

To restart IIS, follow these steps:
 * 1) Click Start, and then click Run.
 * 2) In the Open box, type iisreset, and then click OK.



MORE INFORMATION
The user account that requires rights to the &quot;Impersonate a client after authentication&quot; policy depends on the processModel setting inside the Machine.config file for the Web server. By default, the processModel module sets the userName field to machine. On Windows 2000 Web server computers, this setting causes the process to impersonate the local ASPNET user account. However, in Windows 2000 Domain Controller computers, the same setting impersonates the local IWAM_ account instead. If this problem is observed on a Windows 2000 Web server that is also installed as a Domain Controller, add the IWAM_ user into the &quot;Impersonate a client after authentication&quot; policy instead of the ASPNET user.

