.net vbc : error BC30138 Unable to create temp file

[robwharram]

Hi,

I'm quite frustrated in the fact that I can't even display a simple
"Hello World" message on .Net. I've been through all of the groups and
searched all over the place and haven't been able to figure out the
solution to this problem.

First off, the server is Windows Server 2003 - Web Edition (IIS 6) and
I'm using .Net Framework v1.1.4322.

The problem? When I try to view an ASPX page in the browser in vs.net
I get an error message that states as follows:

vbc : error BC30138: Unable to create temp file in path
'c:\windows\system32\inetsrv\%SYSTE~1\TEMP\': The directory name is
invalid.

Of course the directory name is invalid, it's supposed to be looking
for "C:\windows\temp\" but can't find it using "%systemroot%\temp\" for
some reason. (NOTE: I'm able to navigate to C:\Windows\Temp\ by typing
in %systemroot%\temp\ in windows explorer)

The compiler creates the temp files in
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files"
with no problems, and I've modified this location to a different folder
and that works fine as well...the tempDirectory attribute in web.config
doesn't seem to be the problem.

I've checked the environment variable for TEMP and it's set to
"%SYSTEMROOT%\TEMP\" as it's supposed to be. I've even tried changing
this to another directory as well and without any luck.

I have set full control on the C:\WINDOWS\TEMP\ folder for the "NETWORK
SERVICE" user and this doesn't seem to help.

Any help that you can provide would be greatly appreciated.
Rob

 

[Juan T. Llibre]

Hi, Rob.

Check whether you are impersonating or not, since the account
used by ASP.NET changes when you use impersonation.

Use this article as a permissions checklist, and verify that the
account you're using for ASP.NET has the NTFS permissions listed :

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp

Also, check the section titled : "To assign minimum privileges"
and make sure the account you're using for ASP.NET has the
account privileges listed.

 

[Boost]

Hi Juan,

Thanks for your response, your help is greatly appreciated. I went
through that article and I'm afraid I'm even more confused than I was
before. Do I want impersonation or not? What are the implications?

I checked in the web.config for that particular application and the
section in the article you sent me to is not in it.
<identity impersonate="true"
userName="registry:HKLM\SOFTWARE\YourSecureApp\
identity\ASPNET_SETREG,userName"
password="registry:HKLM\SOFTWARE\YourSecureApp\
identity\ASPNET_SETREG,password" />

Here's what's in my machine.config file for the processModel tag:
<processModel
enable="true"
timeout="Infinite"
idleTimeout="Infinite"
shutdownTimeout="0:00:05"
requestLimit="Infinite"
requestQueueLimit="5000"
restartQueueLimit="10"
memoryLimit="60"
webGarden="false"
cpuMask="0xffffffff"
userName="system"
password="AutoGenerate"
logLevel="Errors"
clientConnectedCheck="0:00:05"
comAuthenticationLevel="Connect"
comImpersonationLevel="Impersonate"
responseDeadlockInterval="00:03:00"
maxWorkerThreads="20"
maxIoThreads="20"
/>

Does comImpersonationLevel="Impersonate" mean that it's set to
impersonate?

I did the permissions checklist with the NETWORK SERVICE user and it
appears to be ok. How do I determine who the other user is under
impersonation?

Thanks again for your help.
Rob

 

[Boost]

Hi Juan,

I also noticed at the top of this article that this doesn't seem to
apply to IIS 6.0 (without IIS 5 isolation mode enabled). I am running
IIS 6 and don't want to turn on IIS 5 isolation mode. I am using
Windows 2003 with IIS 6.0.

Here's a direct quote:

Applies To
This module applies to the following products and technologies:

Microsoft® Windows® XP or Windows 2000 Server (with Service Pack 3) and
later operating systems
Microsoft .NET Framework version 1.0 (with Service Pack 2) and later
versions
Internet Information Services (IIS) 5.0 or 6.0 (only when using IIS 5.0
isolation mode)

Thanks!
Rob

 

[Juan T. Llibre]

From the web.config section you sent in,
it seems that you are using the System account:

userName="system"

Running ASP.NET as the System account is not recommended.

My ASP.NET 1.1 web.config has : userName="machine"

When I run the identity script listed below, from a 1.1 App directory,
I get back "NT AUTHORITY\NETWORK SERVICE " as the account
which ASP.NET 1.1 runs as.

You might get a different result.

You need to give *the account which ASP.NET is running as*
the access permissions to the directory.

Whether you are impersonating or not, run this script I wrote:

identity.aspx:
--------------
<%@ Page Language="VB" %>
<%@ Import NameSpace = System.Security.Principal %>
<script runat="server">
Sub Page_Load()
Dim tmp As String = WindowsIdentity.GetCurrent.Name()
Label1.Text = tmp
End Sub
</script>
<html>
<head>
<title>WindowsIdentity.GetCurrent.Name()</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Label ID="Label1" Runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
---------

That script will return the account name ASP.NET is running under.

Then give *that* account the access permissions.
And make sure *that* account has the permissions in the article.

That will work 100% of the time.

Don't worry about the IIS version the article applies to,
as you commented in your other post.

This procedure will also work under IIS 6.0.

Let us know how you do.

 

[Boost]

Hey Juan,

Thanks for the script, however, I can't run the script because when I do
I get the same error!!

So is there another way of finding this out?

Thanks!
Rob

 

[Juan T. Llibre]

What I would suggest in that case is :

1. Change the ASP.NET account to "machine", instead of "system",
( in your web.config ) and verify that the correct NTFS permissions and
account privileges are given to the "NT AUTHORITY\NETWORK SERVICE"
account per the article at :

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp

2. Change the TEMP and TMP system environment variables to a different
directory, and perhaps even to a different drive, and add NTFS full control
permissions to the "NT AUTHORITY\NETWORK SERVICE" account
for that directory. That should fix your temp directory's permissions.

Then, try to run an aspx page again.

 

[Boost]

Hi Juan,

#1. I've changed the machine.config file so that the userName is
"machine" instead of system and restarted IIS. I went through the
article and ran through the checklist for the NETWORK SERVICE user.

#2. I changed the system environment variable for both TEMP and TMP to
D:\TEMP\ and gave the appropriate permissions to that drive and TEMP
folder. Interestingly enough, I got the exact same error:

vbc : error BC30138: Unable to create temp file in path
'c:\windows\system32\inetsrv\%SYSTE~1\TEMP\': The directory name is
invalid.

Notice that it's still looking at "%SYSTE~1\TEMP\" even though I've
change the system environment variable to "D:\TEMP\".

Any ideas? Is there a configuration setting somewhere that I'm missing?
I've seen this problem in a thousand places on google, but no one seems
to be able to solve it.

Thanks,
Rob

What I would suggest in that case is :

1. Change the ASP.NET account to "machine", instead of "system",
( in your web.config ) and verify that the correct NTFS permissions and
account privileges are given to the "NT AUTHORITY\NETWORK SERVICE"
account per the article at :

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod /html/secmod15.asp

2. Change the TEMP and TMP system environment variables to a different
directory, and perhaps even to a different drive, and add NTFS full control
permissions to the "NT AUTHORITY\NETWORK SERVICE" account
for that directory. That should fix your temp directory's permissions.

Then, try to run an aspx page again.

 

[Juan T. Llibre]

Did you stop/start iis ?

Start Menu, Run "iisreset"

Also, the convention for TEMP directory
variables doesn't include the ending slash.

i.e., instead of using D:\TEMP\ , use D:\TEMP

Hi Juan,

#1. I've changed the machine.config file so that the userName is
"machine" instead of system and restarted IIS. I went through the
article and ran through the checklist for the NETWORK SERVICE user.

#2. I changed the system environment variable for both TEMP and TMP to
D:\TEMP\ and gave the appropriate permissions to that drive and TEMP
folder. Interestingly enough, I got the exact same error:

vbc : error BC30138: Unable to create temp file in path
'c:\windows\system32\inetsrv\%SYSTE~1\TEMP\': The directory name is
invalid.

Notice that it's still looking at "%SYSTE~1\TEMP\" even though I've
change the system environment variable to "D:\TEMP\".

Any ideas? Is there a configuration setting somewhere that I'm missing?
I've seen this problem in a thousand places on google, but no one seems
to be able to solve it.

Thanks,
Rob

 

[Boost]

I restarted IIS and....IT WORKED!!!!!!!! Changing the TEMP system
variable to another folder (in my case a completely different drive) and
then restarting IIS appears to be the solution to this issue.

Thank you so much Juan! Your patience and time are greatly appreciated.
You don't know how frustrating this issue has been for me.

Thanks again!
Rob

 

[Juan T. Llibre]

re:

I restarted IIS and....IT WORKED!!!!!!!!

<very big smile>

re:

Thank you so much Juan!

You're very much welcome!