SQL Monitor not starting asp.net core app when installing in IIS

H_racing

Hi,

We are installing SQL Monitor on one of our servers and we cannot get it working when using IIS web server. If we choose the default SQL Monitor web server option it works fine, but when installing via IIS we get the HTTP Error 500.30 - ASP.NET Core app failed to start message. 

We have tried installing the ASP.NET Core Module for IIS (version 6 or the latest version) and still get the error. We can see that the aspNetCore module has been installed as part of the SQL Montior web setup and is showing in IIS. 

Any ideas would be really helpful.

Thanks.

dkim1999

Hi there,

From this error message:

2022-03-04 13:49:15,974 [    1] ERROR RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore - Access denied.

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied.

   at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)

It looks like the app pool identity user for the IIS Site doesn't have permission to access the certificates needed to communicate with the base monitor:
​

You could try a couple things - first try setting the Load User Profile to be True (seen at the bottom of the image of the Advanced Settings menu (right click on the application pool and choose Advanced Settings) and then restart the application pool and site and see if it works.  Or alternatively try changing the Identity user (highlighted in the image above) to the same user that is running the base monitor service (also keeping the load user profile set to true).

Can you let me know if either of those troubleshooting steps helps?

Thank you!

David Kim

Product Support Engineer

H_racing

Further detail:

Application '/LM/W3SVC/2/ROOT' with physical root 'Red Gate\SQL Monitor\Web\' failed to load coreclr. Exception message:

CLR worker thread exited prematurely

2022-03-04 13:49:14,659 [    1] INFO  RedGate.SqlMonitor.Common.Logging.LogManager - Application started:

Red Gate Monitor (12.0.16.22039), Running as: IIS APPPOOL\SQL-Monitor (Service), Working Dir: Red Gate\SQL Monitor\Web

Running on: , OS Version: Microsoft Windows 6.3.9600 (X64), .NET Runtime Version: .NET 6.0.1

2022-03-04 13:49:14,663 [    1] INFO  RedGate.SqlMonitor.Common.Logging.LogManager - Logging configured from file 'Red Gate\SQL Monitor\Web\RedGate.SqlMonitor.UI.Website.logging.jsonc'

2022-03-04 13:49:15,974 [    1] ERROR RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore - Access denied.

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Access denied.

   at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)

   at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)

   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)

   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)

   at RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore.ReadCertFromFile()

2022-03-04 13:49:16,001 [    1] ERROR RedGate.SqlMonitor.Common.Utilities.Windows.Certificates.CertificateStore - Current executing user: IIS APPPOOL\SQL-Monitor

H_racing

Thank you David. 

We will try that when we have some time. 

Regards
A

H_racing

Hi David,

That worked when we changed the account to the account running the base monitor. It also works when we use the LocalSystem identity too.

Thank you for your help on this.
Regards,
A