SQL Monitor not starting asp.net core app when installing in IIS

H_racingH_racing Posts: 4 New member
edited March 4, 2022 1:19PM in Redgate Monitor
Hi,

We are installing SQL Monitor on one of our servers and we cannot get it working when using IIS web server. If we choose the default SQL Monitor web server option it works fine, but when installing via IIS we get the HTTP Error 500.30 - ASP.NET Core app failed to start message. 

We have tried installing the ASP.NET Core Module for IIS (version 6 or the latest version) and still get the error. We can see that the aspNetCore module has been installed as part of the SQL Montior web setup and is showing in IIS. 

Any ideas would be really helpful.

Thanks.
Tagged:
· Share on Twitter

Best Answer

  • dkim1999dkim1999 Posts: 85 Bronze 2
    Answer ✓
    Hi there,

    From this error message:
    2022-03-04 13:49:15,974 [    1] ERROR RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore - Access denied.
    Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied.
       at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)

    It looks like the app pool identity user for the IIS Site doesn't have permission to access the certificates needed to communicate with the base monitor:


    You could try a couple things - first try setting the Load User Profile to be True (seen at the bottom of the image of the Advanced Settings menu (right click on the application pool and choose Advanced Settings) and then restart the application pool and site and see if it works.  Or alternatively try changing the Identity user (highlighted in the image above) to the same user that is running the base monitor service (also keeping the load user profile set to true).

    Can you let me know if either of those troubleshooting steps helps?

    Thank you!

    David Kim
    Product Support Engineer


    · Share on Twitter

Answers

  • H_racingH_racing Posts: 4 New member
    edited March 9, 2022 10:48AM
    Further detail:

    Application '/LM/W3SVC/2/ROOT' with physical root 'Red Gate\SQL Monitor\Web\' failed to load coreclr. Exception message:
    CLR worker thread exited prematurely

    2022-03-04 13:49:14,659 [    1] INFO  RedGate.SqlMonitor.Common.Logging.LogManager - Application started:
    Red Gate Monitor (12.0.16.22039), Running as: IIS APPPOOL\SQL-Monitor (Service), Working Dir: Red Gate\SQL Monitor\Web
    Running on: , OS Version: Microsoft Windows 6.3.9600 (X64), .NET Runtime Version: .NET 6.0.1
    2022-03-04 13:49:14,663 [    1] INFO  RedGate.SqlMonitor.Common.Logging.LogManager - Logging configured from file 'Red Gate\SQL Monitor\Web\RedGate.SqlMonitor.UI.Website.logging.jsonc'
    2022-03-04 13:49:15,974 [    1] ERROR RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore - Access denied.
    Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied.
       at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
       at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
       at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
       at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
       at RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore.ReadCertFromFile()
    2022-03-04 13:49:16,001 [    1] ERROR RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore - Current executing user: IIS APPPOOL\SQL-Monitor
    · Share on Twitter
  • H_racingH_racing Posts: 4 New member
    Thank you David. 

    We will try that when we have some time. 

    Regards
    A
    · Share on Twitter
  • H_racingH_racing Posts: 4 New member
    Hi David,

    That worked when we changed the account to the account running the base monitor. It also works when we use the LocalSystem identity too.

    Thank you for your help on this.
    Regards,
    A
    · Share on Twitter
Sign In or Register to comment.