WSE 2.0 Requested registry access is not allowed.

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Matt Dolan - 16 Nov 2005 19:04 GMT

Hello,
I started getting this message yesterday after installing the latest
security patches to my Win2003 Standard server. Anyone know which registry
entry I need to fix?
Thanks,
Matt

Event Type: Error
Event Source: Microsoft WSE 2.0
Event Category: None
Event ID: 0
Date: 11/16/2005
Time: 10:30:53 AM
User: N/A
Computer: MDOLAN2003
Description:
WSE050: The following exception was encountered:
System.Security.SecurityException: Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at System.Diagnostics.EventLog.CreateEventSource(String source, String
logName, String machineName, Boolean useMutex)
at System.Diagnostics.EventLog.WriteEntry(String message,
EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type)
at WSETracingUtility.EventReporting.Log(String message)
at WSETracingFilter.GenericFilter.ProcessMessage(FilterDirection
direction, SoapEnvelope envelope)
at WSETracingFilter.WSEInputFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
message).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Reply to this Message

Matt Dolan - 16 Nov 2005 21:22 GMT

I got things working by turning off tracing. Not really what I want to do,
but it works. I'm now using the "WSE 2.0 Trace" tool externally.
Matt

> Hello,
> I started getting this message yesterday after installing the latest
[quoted text clipped - 40 lines]
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.

Reply to this Message

Steven Cheng[MSFT] - 17 Nov 2005 07:15 GMT

Hi Matt,

Welcome to Webservice newsgroup.
From your description, after you installed the latest security patch on
your windows 2003 server box, you webservice application which use WSE2.0
component(turn on tracing ...) failed with some security exception related
to registry access, yes?

From the callstack you provided, the error is raised when the WSE component
try using .NET's win32 registry API to open Eventlog registry entries and
performing some event loging or eventsource creating operation. Since the
ASP.NET/WSE 2.0
run unde the asp.net's process identity (if not turn on impersonate), it
is likely that the ASP.NET webservice applicatino's process idenitity
dosn't have sufficient permission to access the EventLog registry or its
sub keys... Anyway, I suggest you try using RegMon to trace the
registry accessing when running you asp.net webservice( with WSE 2.0 and
tracing turn on....) , that'll help you got the accurate registry accessing
failure info.

Thanks,

Steven Cheng
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
From: "Matt Dolan" <mdolan@t-tape.com>
References: <uQU#MCu6FHA.2092@TK2MSFTNGP12.phx.gbl>
Subject: Re: WSE 2.0 Requested registry access is not allowed.
Date: Wed, 16 Nov 2005 13:22:03 -0800
Lines: 55
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
X-RFC2646: Format=Flowed; Response
Message-ID: <OmxbOPv6FHA.2616@TK2MSFTNGP15.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
NNTP-Posting-Host: tsd01-srv02.t-tape.com 12.119.248.62
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices.enhancements:7645
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements

I got things working by turning off tracing. Not really what I want to do,
but it works. I'm now using the "WSE 2.0 Trace" tool externally.
Matt

"Matt Dolan" <mdolan@t-tape.com> wrote in message
news:uQU%23MCu6FHA.2092@TK2MSFTNGP12.phx.gbl...

> Hello,
> I started getting this message yesterday after installing the latest
[quoted text clipped - 35 lines]
> envelope)
> at

Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage

> message).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.

Reply to this Message

Steven Cheng[MSFT] - 21 Nov 2005 11:57 GMT

Hi Matt,

How are you doing on this issue, does the things in my last reply helps you
a little? If there're anything else we can help, please feel free to post
here. Thanks,

Steven Cheng
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
X-Tomcat-ID: 144971431
References: <uQU#MCu6FHA.2092@TK2MSFTNGP12.phx.gbl>
<OmxbOPv6FHA.2616@TK2MSFTNGP15.phx.gbl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_0001_B6A1C44B"
Content-Transfer-Encoding: 7bit
From: stcheng@online.microsoft.com (Steven Cheng[MSFT])
Organization: Microsoft
Date: Thu, 17 Nov 2005 07:15:19 GMT
Subject: Re: WSE 2.0 Requested registry access is not allowed.
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
Message-ID: <2rqF0a06FHA.3496@TK2MSFTNGXA02.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
Lines: 234
Path: TK2MSFTNGXA02.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices.enhancements:7647
NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122

Hi Matt,

Welcome to Webservice newsgroup.
From your description, after you installed the latest security patch on
your windows 2003 server box, you webservice application which use WSE2.0
component(turn on tracing ...) failed with some security exception related
to registry access, yes?

From the callstack you provided, the error is raised when the WSE component
try using .NET's win32 registry API to open Eventlog registry entries and
performing some event loging or eventsource creating operation. Since the
ASP.NET/WSE 2.0
run unde the asp.net's process identity (if not turn on impersonate), it
is likely that the ASP.NET webservice applicatino's process idenitity
dosn't have sufficient permission to access the EventLog registry or its
sub keys... Anyway, I suggest you try using RegMon to trace the
registry accessing when running you asp.net webservice( with WSE 2.0 and
tracing turn on....) , that'll help you got the accurate registry accessing
failure info.

Thanks,

Steven Cheng
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

> Hello,
> I started getting this message yesterday after installing the latest
> security patches to my Win2003 Standard server. Anyone know which

registry

> entry I need to fix?
> Thanks,
[quoted text clipped - 18 lines]
> EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
> at System.Diagnostics.EventLog.WriteEntry(String source, String

message,

> EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
> at System.Diagnostics.EventLog.WriteEntry(String source, String

message,

> EventLogEntryType type, Int32 eventID, Int16 category)
> at System.Diagnostics.EventLog.WriteEntry(String source, String

message,

> EventLogEntryType type, Int32 eventID)
> at System.Diagnostics.EventLog.WriteEntry(String source, String

message,

> EventLogEntryType type)
> at WSETracingUtility.EventReporting.Log(String message)
[quoted text clipped - 4 lines]
> envelope)
> at

Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage

> message).
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.

Reply to this Message

Matt Dolan - 21 Nov 2005 22:20 GMT

Stephen,
I think I fixed the problem. I ran RegMon as suggested. I was getting an
ACCESS DENIED on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Services\Eventlog
I had the WSETrace utility running and it looks like that was the problem. I
gave full permissions to the NETWORK SERVICE to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
and the errors went away. I think a new registry entry was added for
WSETracing. I reset the permissions back to where they were and it still
runs.
Thanks for the tip on RegMon. I didn't know there was a utility like that.
Matt

> Hi Matt,
>
[quoted text clipped - 138 lines]
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.

Reply to this Message

Steven Cheng[MSFT] - 22 Nov 2005 04:13 GMT

Thanks for your followup Matt,

Glad that you've found the problem registry entry and fix it. And generally
webservcie code or other service code should only need read permission on
the Eventlog registry entries, only when try creating new EventSource it'll
demand write access... In real world scenraio, it is more recommended
that we let the server admin to create eventsources and only give aspnet
service account read permission.

Anyway, thanks again for your posting.

Regards,

Steven Cheng
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
From: "Matt Dolan" <mdolan@t-tape.com>
References: <uQU#MCu6FHA.2092@TK2MSFTNGP12.phx.gbl>
<OmxbOPv6FHA.2616@TK2MSFTNGP15.phx.gbl>
<2rqF0a06FHA.3496@TK2MSFTNGXA02.phx.gbl>
<HExF5Kp7FHA.1236@TK2MSFTNGXA02.phx.gbl>
Subject: Re: WSE 2.0 Requested registry access is not allowed.
Date: Mon, 21 Nov 2005 14:20:00 -0800
Lines: 169
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
X-RFC2646: Format=Flowed; Original
Message-ID: <utaH5mu7FHA.2452@TK2MSFTNGP10.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
NNTP-Posting-Host: tsd01-srv02.t-tape.com 12.119.248.62
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices.enhancements:7688
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements

Stephen,
I think I fixed the problem. I ran RegMon as suggested. I was getting an
ACCESS DENIED on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Services\Eventlog
I had the WSETrace utility running and it looks like that was the problem.
I
gave full permissions to the NETWORK SERVICE to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
and the errors went away. I think a new registry entry was added for
WSETracing. I reset the permissions back to where they were and it still
runs.
Thanks for the tip on RegMon. I didn't know there was a utility like that.
Matt

> Hi Matt,
>
[quoted text clipped - 131 lines]
>> envelope)
>> at

Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer

> verMessage
>> message).
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.

Reply to this Message

WSE 2.0 Requested registry access is not allowed.

Free Magazines