Article ID: 919085 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
Consider the following scenario. You configure the World Wide Web Publishing Service on Microsoft Windows Server 2003 to interact with the desktop. You log on to a console session either locally or remotely. In this scenario, when you browse an .aspx page that requires compilation, you may receive the following error message:
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
Compiler Error Message: The compiler failed with error code 128.
This problem occurs because the worker process that tries to start the Microsoft ASP.NET compiler process is running under the Network Service identity or under an account that is not in the Administrators group. When the ASP.NET compiler process tries to start Vbc.exe or Csc.exe, the process initialization routine fails. This failure occurs because a dependent DLL fails during its initialization routine. If any of the DLLs for a process return a failure in their initialization routine, the operating system stops the process startup and returns an error code of 128 (ERROR_WAIT_NO_CHILDREN).
To resolve this problem, use either of the following methods. Use the method that fits your situation the best.
Method 1: Prevent the World Wide Web Publishing Service from interacting with the desktopYou can prevent the World Wide Web Publishing Service from interacting with the desktop. This is the preferred method.
Note By default, the World Wide Web Publishing Service is not configured to interact with the desktop.
To do this, follow these steps:
Method 2: Change the application pool identity to the Local System identityWarning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
You can change the application pool identity to the Local System identity.
Important You should only use this method if the following conditions are true:
ASP.NET does not try to compile a page after an error is encountered during the compilation process. The error is cached until the process is recycled, or until the page or one of its dependencies is modified. When the worker process is tied to the console windowstation (Winsta0), the World Wide Web Publishing Service adds the security identifier (SID) for the IIS_WPG group to the access control list (ACL) for the Winsta0 object. Then, the World Wide Web Publishing Service starts the W3wp.exe process.
When a user logs on to or off a console session, the Winlogon process rebuilds the ACL for the Winsta0 object and removes the IIS_WPG SID from the ACL. Any child processes that are started by the worker process (W3wp.exe) may not start. These processes include the Csc.exe and Vbc.exe processes.
When a service is not configured to interact with the desktop, the process uses a non-interactive windowstation that is unaffected by a user logging on to the console.
Note You can log on to the console in Windows Server 2003 by any one of the following methods:
Article ID: 919085 - Last Review: March 16, 2007 - Revision: 1.5