IIS Lockdown Tool Affects SharePoint Portal Server

This article was previously published under Q309675
This article has been archived. It is offered "as is" and will no longer be updated.
One of the following symptoms may occur:
  • You may not be able to install SharePoint Portal Server and you may receive the following error message:
    [2] CVAIComponent, Error 0x80004005: VAIFy failed
    [0] CVAIComponent:Install, Error setting up VAI.

  • You may not be able to access the workspace by using the portal and you may receive the following error message when you access the portal:
    HTTP 404 - File Not Found
This issue can occur if the Internet Information Services (IIS) Lockdown tool is blocking .asp pages.
To resolve this issue, remove the IIS Lockdown Tool, and then reinstall it with support for ASP pages turned on. To do this, follow these steps:
  1. Run the IIS Lockdown tool Setup (IISLockd.exe) again, and then click Undo.
  2. On the This Server Was Already Configured screen, click Next.
  3. Click the Yes button on the dialog box that appears.
  4. Wait while IIS Lockdown Tool restores your previous settings. This can take up to half an hour to complete.
  5. Click the Next button, and then click the Finish button to exit the Lockdown Tool setup.
  6. Re-run the Lockdown Tool setup program, and then click Next.

    NOTE: When you re-run the setup program, make sure that you select the View template settings option when you select a server template. Or, you can select the Other template, which will allow you to select each setting manually.
  7. On the Script Maps screen, make sure that you clear the check box next to Active Server Pages (.asp).
  8. Set the rest of the options based on your server setup.
  9. Restart the server.
NOTE: This process will restore the backup of your metabase that was made when you initially ran the IIS Lockdown Tool. If you have made any changes to your IIS configuration since that time, such as adding sites or virtual directories, these changes will be lost.
If you have made changes to your IIS configuration since you first ran the IIS Lockdown Tool, you can use this workaround to restore support for ASP pages without removing your configuration changes:
  1. Start Internet Services Manager.
  2. Expand the server object that is running SharePoint Portal Server.
  3. Open the properties for the virtual directory of your workspace.
  4. Click Configuration.
  5. Under Application Mappings, click the .asp extension, and then click Edit.
  6. In the Executable box, change the file name from 404.dll to asp.dll.
  7. Click OK to close all of the properties dialog boxes.
  8. Stop and then restart the default Web site.
Repeat these steps for all of the workspaces.

If you installed URLScan when you installed the IIS Lockdown Tool, you must make a few more changes as follows:
  1. Open the C:\Winnt\System32\Inetsrv\Urlscan\Urlscan.ini file in Notepad.
  2. Under the Options section, note the value of the UseAllowExtensions option.
  3. If UseAllowExtensions is set to 0, find the DenyExtensions section farther down the file, and then comment out the .asp, .cer, .cdx, and .asa lines by putting a semicolon (;) in front of them.
  4. If UseAllowExtensions is set to 1, find the AllowExtensions section farther down the file, and then add .asp, .cer, .cdx, and .asa, each on their own line.
  5. Save the Urlscan.ini file, and then restart IIS.
NOTE: If you set up SharePoint Portal Server for use on an extranet, you must repeat this process for the secondary virtual directories that are created.

Article ID: 309675 - Last Review: 10/24/2013 07:59:07 - Revision: 2.1

Microsoft SharePoint Portal Server 2001

  • kbnosurvey kbarchive kberrmsg kbprb KB309675