From: Lee, B. <bt...@um...> - 2011-08-26 16:53:40
|
Hah! I see that Jarod sent me a corrected URL right afyterward... LOL http://technet.microsoft.com/en-us/sysinternals/bb896647 --Brian Lee Office of New Student Programs Web Admin From: Yadin Flammer [mailto:yx...@ps...] Sent: Friday, August 26, 2011 12:36 PM To: Yadin Flammer; cos...@li... Subject: Re: [Cosign-discuss] 503 and stopped app pool Well unfortunately 3.1 doesn't change anything, it still doesn't work. I also tried the 32bit module on a whim and same issue. I'm totally lost as to why it "fails to load" when you hit the website and shuts down the default app pool causing a 503. Is there any log that will tell me something more useful than "the data is in the error"? On 8/26/11 12:09 PM, "Yadin Flammer" <yx...@ps...> wrote: Am I to gather that the main release 3.03 simply does not work in 2008 R2? I'm seeing there are significant configuration and behavioral differences in IIS from 2008, and when I try to make things match up they invariably revert themselves. The DefaultAppPool for example is set to Classic and ApplicationPoolIdentity instead of Integrated and NetworkService like in 2008. Trying to change those only sticks for a short while, then it reverts itself back. I've also at one person's recommendation tried to disable 32bit applications in the pool, but invariably that re-enables itself as well. This does of course lead me to question if there are huge bugs in IIS in R2, or if there are other forces at work reverting these that I'm not aware of. I also find that having the <validation> key under the <cosign> section added to the applicationHost.config causes the 503 to go away because it causes the module to become unregistered and therefore not used. If I have this line in place but leave it as the example instead of setting it for our location, then it doesn't unload the module, but the app pool shutdown and 503 issue continues. So yea... Any other ideas or do I need to just move to the beta 3.1 because it's more stable than the release 3.03? The rapid fail doesn't do anything unfortunately, other than make the failure take longer and fill the event viewer. Thanks, Yadin On 8/26/11 9:31 AM, "Stucky, David" <dy...@ps...> wrote: Yadin, Sounds like you are having the same issues on Win 2008 R2 that we were seeing. One temporary quick fix is to increase the specific Application Pool's Rapid-Fail Protection settings under Advanced Settings. We ended up with 100 Maximum Failures in a 5min Failure Interval. You could just disable Rapid-Fail, but that would be a bad idea. The better long term fix is to get your hands on Cosign Module 3.1.0 RC2. This release candidate has seemed to fixed our problems with Cosign crashing the IIS 7.5 application pool. It is my understanding that an official updated production release is coming. Thanks... David Stucky, CISSP, GSEC Systems Security Analyst Office of Human Resources Information Systems 503 James M. Elliott Building 814-865-4049 dy...@ps... From: Yadin Flammer [mailto:yx...@ps...] Sent: Thursday, August 25, 2011 6:47 PM To: cos...@li... Subject: [Cosign-discuss] 503 and stopped app pool I'm at a loss what is happening as I set this server up in the same method as another that works fine. The only difference is this is 2008 R2 and the other is 2008, so 64bit vs 32bit. When I hit the site, it eventually spits back a 503. I then go to IIS and find the defaultapppool is stopped. The event log says cosignmodule.dll failed to load the data is in the error, whatever that is supposed to mean. I'm trying to figure out why the module is failing to load and causing the apppool to die. The system log mentions it reported a listener channel failure, again whatever that means. Any thoughts where I can get more detail what is failing? Thanks, Yadin ------------------------------------------------------------------- Yadin Flammer - Systems Administrator College of Arts & Architecture, Penn State University 228 Borland Building Office Phone: 814-865-0990 University Park, PA 16802 Dept. Phone: 814-865-1571 Email: yx...@ps... Dept. Fax: 814-863-6227 ------------------------------------------------------------------- Yadin Flammer - Systems Administrator College of Arts & Architecture, Penn State University 228 Borland Building Office Phone: 814-865-0990 University Park, PA 16802 Dept. Phone: 814-865-1571 Email: yx...@ps... Dept. Fax: 814-863-6227 ________________________________ ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ________________________________ _______________________________________________ Cosign-discuss mailing list Cos...@li... https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------- Yadin Flammer - Systems Administrator College of Arts & Architecture, Penn State University 228 Borland Building Office Phone: 814-865-0990 University Park, PA 16802 Dept. Phone: 814-865-1571 Email: yx...@ps... Dept. Fax: 814-863-6227 |