Article ID: 317955 - Last Review: July 8, 2005 - Revision: 4.4

FIX: "Failed to start monitoring directory changes" error message when you browse to an ASP.NET page

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
This article was previously published under Q317955

On This Page

Expand all | Collapse all

SYMPTOMS

When you browse to an ASP.NET (.aspx) page, you may receive one of the following error messages:
Access denied to 'D:\MyWeb\Users\MainDirectory\MyApplication\' directory. Failed to start monitoring directory changes.
-or-
Access denied to 'D:\MyWeb\Users\MainDirectory\MyApplication\SamplePage.aspx'. Failed to start monitoring file changes.
For more information about the call stack traces that are associated with each of these error messages, see the "More Information" section.
Back to the top

CAUSE

To detect file changes, the process identity and the impersonated user identity must have specific permissions to all of the directories in the hierarchy of the file path for the file that ASP.NET is monitoring if any of the directories in that hierarchy have more than eight characters in their names.

Some examples of the files that ASP.NET monitors are as follows:
  • Web.config files
  • Machine.config files
  • Files in the Bin directory of an ASP.NET application
  • Cache dependency files
You receive the first error message if the Aspnet_wp.exe process identity (the ASPNET account by default) does not have permissions on at least one of the directories in the hierarchy of that file path.

You receive the second error message if the impersonated account does not have permissions on at least one of the directories in the hierarchy of that file path.
Back to the top

RESOLUTION

Use either of the following methods to resolve this problem.
Back to the top

Method 1

Make sure that all of the directory names in the hierarchy of that file path are less than nine characters long.

For example:
C:\Web\Users\MainDir\Site1
Note If you rename the directories so that the length of each directory name is now fewer than nine characters, after you make the required changes in the configuration of the Web site in Microsoft Internet Information Services (IIS) to deal with the directory renaming, you have to restart IIS.
Back to the top

Method 2

Grant the required permissions on all of the directories in that hierarchy to the ASP.NET process account (ASPNET by default) or to the impersonated account (if impersonation is turned on). To do this, follow these steps:
  1. In Windows Explorer, browse to the application folder or to the virtual directory that contains the content (for example, D:\MyWeb\Users\MainDirectory\MyApplication).
  2. Right-click the folder, and then click Properties.
  3. On the Security tab, click Add.
  4. Type ComputerName\ASPNET (for example, on a computer that is named Webdev, type Webdev\ASPNET), and then click OK. If impersonation is turned on, you must also add the impersonated accounts.
  5. Allow the following permissions for the ASPNET account (and for the impersonated accounts if impersonation is turned on):
    • Read & Execute
    • List Folder Contents
    • Read

  6. Click OK to close the Properties dialog box and to save the changes.
  7. Repeat steps 2 through 6 for all of the folders in the hierarchy of the path. For example:

    • D:\MyWeb\Users\MainDirectory
    • D:\MyWeb\Users
    • D:\MyWeb
    • D:\

    If you want to grant more restrictive permissions to these folders, follow these steps after you complete step 5:

    1. Click Advanced.
    2. On the Permissions tab, click the permission entry for the ASPNET account (or another impersonated account), and then click Edit.
    3. Click Clear All, and then click to select the Allow check box for the List Folder / Read Data permission.
    NOTE: The application virtual directory (for example, D:\MyWeb\Users\MainDirectory\MyApplication) must have at least the permissions that are specified in step 5.
  8. Restart IIS.
Back to the top

Method 3

If your computer is running IIS 6.0, grant the required permissions on all the folders in that hierarchy to the Network Service account. To do this, follow these steps:
  1. In Windows Explorer, locate the application folder or the virtual directory that contains the content (for example, D:\MyWeb\Users\MainDirectory\MyApplication).
  2. Right-click the folder, and then click Properties.
  3. On the Security tab, click Add.
  4. Type ComputerName\NETWORK SERVICE (for example, on a computer that is named Webdev, type Webdev\NETWORK SERVICE), and then click OK. If impersonation is turned on, you must also add the impersonated accounts.
  5. Allow the following permissions for the Network Service account (and for the impersonated accounts if impersonation is turned on):
    • Read & Execute
    • List Folder Contents
    • Read

  6. Click OK to close the Properties dialog box and to save the changes.
  7. Repeat steps 2 through 6 for all the folders in the hierarchy of the path. For example:
    • D:\MyWeb\Users\MainDirectory
    • D:\MyWeb\Users
    • D:\MyWeb
    • D:\
    If you want to grant more restrictive permissions to these folders, follow these steps after you complete step 5:
    1. Click Advanced.
    2. On the Permissions tab, click the permission entry for the Network Service account (or another impersonated account), and then click Edit.
    3. Click Clear All, and then click to select the Allow check box for the List Folder / Read Data permission.
    Note The application virtual directory (for example, D:\MyWeb\Users\MainDirectory\MyApplication) must have at least the permissions that are specified in step 5.
  8. Restart IIS.
Note These steps are only valid for Web applications that are hosted in IIS 6.0.
Back to the top

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. This bug was corrected in ASP.NET (included with the .NET Framework) 1.1.
Back to the top

MORE INFORMATION

This is the call stack trace that is associated with the first error message in the "Symptoms" section: 
[HttpException (0x80004005): Access denied to 'D:\MyWeb\Users\MainDirectory\MyApplication\' directory. Failed to start monitoring directory changes.]
   System.Web.FileChangesMonitor.StartMonitoringDirectoryRenamesAndBinDirectory(String dir, FileChangeEventHandler callback)
   System.Web.HttpRuntime.StartMonitoringDirectoryRenamesAndBinDirectory()
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context)

[HttpException (0x80004005): ASP.NET Initialization Error]
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
   System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
This is the call stack trace that is associated with the second error message in the "Symptoms" section: 
[HttpException (0x80004005): Access denied to 'D:\MyWeb\Users\MainDirectory\MyApplication\SamplePage.aspx'. Failed to start monitoring file changes.]
   System.Web.FileChangesMonitor.StartMonitoringFile(String fileName, FileChangeEventHandler callback)
   System.Web.Caching.CacheDependency.Init(String[] filenames, String[] cachekeys, CacheDependency dependency, DateTime start)
   System.Web.Caching.CacheDependency..ctor(String filename, DateTime start)
   System.Web.Caching.CacheDependency..ctor(String filename)
   System.Web.Security.FileAuthorizationModule.OnEnter(Object source, EventArgs eventArgs)
   System.Web.SyncEventExecutionStep.Execute()
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
If you receive one the error messages that are listed in the "Symptoms" section, but if the call stack trace is not the same, the cause of your error message may be different. In this case, see the articles in the "References" for more information.
Back to the top

REFERENCES

For additional information about the same error message in a different scenario, click the following article number to view the article in the Microsoft Knowledge Base:
316721  (http://support.microsoft.com/kb/316721/ ) "Failed to start monitoring directory changes" error message when you browse to ASP.NET page
For additional information about the permissions that the ASPNET account requires to run your ASP.NET applications, click the following article number to view the article in the Microsoft Knowledge Base:
317012  (http://support.microsoft.com/kb/317012/ ) Process and request identity in ASP.NET
For additional information about ASP.NET security, click the following article number to view the article in the Microsoft Knowledge Base:
306590  (http://support.microsoft.com/kb/306590/ ) ASP.NET security overview
Back to the top
APPLIES TO
  • Microsoft ASP.NET 1.0
Back to the top
Keywords: 
kbfix kbbug kbcaching kbpending kbsecurity KB317955
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top