Runtime error while running web application on remote machine

[Marina Anufreichik]

Hi,

After deploymnet web application on web server I can access page on local
machine and login fine but when I'm trying to access web site from remote
machine I can see login page, but when I'm trying to login with correct
credentials it give me error:

Server Error in '/PDVMgr' Application.

----------------------------------------------------------------------------
----

Runtime Error

Description: An application error occurred on the server. The current custom
error settings for this application prevent the details of the application
error from being viewed remotely (for security reasons). It could, however,
be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable
on remote machines, please create a <customErrors> tag within a "web.config"
configuration file located in the root directory of the current web
application. This <customErrors> tag should then have its "mode" attribute
set to "Off".



ANY SUGGESTIONS AND CONCERNS???????



Thanks

Marina

 

[Shuvro Mazumder [MSFT]]

Try getting the actual error message by temporarily setting the customErrors
mode to off. That should show you the actual exception you're getting on the
remote server.

 

[Marina Anufreichik]

In web config the setting for customErrors is off, but it still not
displaying

Thanks

Marina

 

[Shuvro Mazumder [MSFT]]

Maybe the setting is overridden in the machine.config on your webserver

- Shuvro

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

 

[Juan T. Llibre]

Hi, Shuvro.

A setting in machine.config *cannot*
override a setting in web.config.

A setting in web.config *can*
override a setting in machine.config.




Juan T. Llibre
ASP.NET MVP
===========

Maybe the setting is overridden in the machine.config on your webserver

- Shuvro

 

[Shuvro Mazumder [MSFT]]

However, a server Admin can always enforce customErrors=RemoteOnly. That's
what I meant.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

 

[Shuvro Mazumder [MSFT]]

Below is the section you need to put in machine.config. Make sure you remove
the existing <customerrors> section and then use the below. It's in a
location allowOverride="false" to prevent users from overriding the setting
in their web.config.

<location allowOverride="false">
<system.web>
<!--
customErrors Attributes:
mode="[On|Off|RemoteOnly]"
On: Always display custom errors
Off: Always display ASP.NET error pages
RemoteOnly: Display custom errors to remote clients and ASP.NET
errors to localhost
defaultRedirect="url" - Url to redirect client to when an error
occurs
-->
<customErrors mode="Off" />
</system.web>
</location>

Check if this is set in your machine.config on the server?
- Shuvro

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

 

[Juan T. Llibre]

Shuvro,

with all due respect, wouldn't setting
<location allowOverride="false">
affect *all* websites in a server ?

The default machine.config setting is :
<location allowOverride="true">

That would imply that any web.config setting would
override any machine.config setting, as it should be.

Simply setting <customErrors mode="Off" /> in an application's
web.config would do the same job, unless the setting in
machine.config has been changed to <location allowOverride="false">
( the setting you're recommending).

I'd really hesitate to recommend *any* user to change
machine.config at all, especially to override default settings
which affect *all* websites in a machine.

It's vastly preferrable to override any setting in machine.config
with a setting in web.config, as opposed to establishing a
machine-wide override in machine.config.



Juan T. Llibre
ASP.NET MVP
===========

Below is the section you need to put in machine.config. Make sure you
remove
the existing <customerrors> section and then use the below. It's in a
location allowOverride="false" to prevent users from overriding the
setting
in their web.config.

<location allowOverride="false">
<system.web>
<!--
customErrors Attributes:
mode="[On|Off|RemoteOnly]"
On: Always display custom errors
Off: Always display ASP.NET error pages
RemoteOnly: Display custom errors to remote clients and ASP.NET
errors to localhost
defaultRedirect="url" - Url to redirect client to when an error
occurs
-->
<customErrors mode="Off" />
</system.web>
</location>

Check if this is set in your machine.config on the server?
- Shuvro

 

[Shuvro Mazumder [MSFT]]

I was not recommending any solution. I was trying to help Marina with her
original problem, where she observed that changing the setting on the
web.config for customErrors key *DID NOT* change the behavior. My suggestion
was to ask the server Admin on which she was deploying her solution, if such
a setting have been made on the machine.config.

I agree with your observation that changes to machine.config would affect
all websites. However, the location allowOverride="False" allows the server
administrator to specify default behavior for keys they ABSOLUTELY do not
want their users to override. Think about an ISP Scenario providing ASP.Net
web hosting. For security reasons, they might want to not allow users to
have customErrors mode="Off" set (that's how my ISP has their server set
up). In such cases it makes more sense to change the settings in
machine.config and not rely on individual applications having the setting in
their web.config.

Hope this helps
- Shuvro

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

Shuvro,

with all due respect, wouldn't setting
<location allowOverride="false">
affect *all* websites in a server ?

The default machine.config setting is :
<location allowOverride="true">

That would imply that any web.config setting would
override any machine.config setting, as it should be.

Simply setting <customErrors mode="Off" /> in an application's
web.config would do the same job, unless the setting in
machine.config has been changed to <location allowOverride="false">
( the setting you're recommending).

I'd really hesitate to recommend *any* user to change
machine.config at all, especially to override default settings
which affect *all* websites in a machine.

It's vastly preferrable to override any setting in machine.config
with a setting in web.config, as opposed to establishing a
machine-wide override in machine.config.



Juan T. Llibre
ASP.NET MVP
===========

Below is the section you need to put in machine.config. Make sure you
remove
the existing <customerrors> section and then use the below. It's in a
location allowOverride="false" to prevent users from overriding the
setting
in their web.config.

<location allowOverride="false">
<system.web>
<!--
customErrors Attributes:
mode="[On|Off|RemoteOnly]"
On: Always display custom errors
Off: Always display ASP.NET error pages
RemoteOnly: Display custom errors to remote clients and ASP.NET
errors to localhost
defaultRedirect="url" - Url to redirect client to when an error
occurs
-->
<customErrors mode="Off" />
</system.web>
</location>

Check if this is set in your machine.config on the server?
- Shuvro

-
-

 

[Juan T. Llibre]

re:

I was not recommending any solution.

You sure could have fooled me.

Didn't you make this recommendation ?
Maybe you don't realize that you did recommend that change
( that has happened to me in the past ), but when you ask
someone to "put" something in machine.config and to
"make sure you remove the existing <customerrors> section",
you sure were recommending a solution : to edit machine.config.

Later, you said this :

Check if this is set in your machine.config on the server?

Which is different than your earlier recommendation :
That she check for that setting was a good recommendation,
if she has access to machine.config (which I doubt, since she's
talking about a web server at her ISP), but editing machine.config
was not a good recommendation.

If <location allowOverride="false"> *had* been placed in
machine.config by her ISP, she wouldn't have access to
machine.config, anyway.

She would only have access to her application directory and,
if that setting *had* been placed there by her ISP for security
reasons, in the scenario you describe, it's highly unlikely that
her ISP would change it back to true for her, violating the
security rule you invoke as the reason for that setting having
been placed there by her ISP.

That said, Marina hasn't popped back in here to tell us how she did.
Let's hope she was able to work around the problem.




Juan T. Llibre
ASP.NET MVP
===========

I was not recommending any solution. I was trying to help Marina with her
original problem, where she observed that changing the setting on the
web.config for customErrors key *DID NOT* change the behavior. My
suggestion
was to ask the server Admin on which she was deploying her solution, if
such
a setting have been made on the machine.config.

I agree with your observation that changes to machine.config would affect
all websites. However, the location allowOverride="False" allows the
server
administrator to specify default behavior for keys they ABSOLUTELY do not
want their users to override. Think about an ISP Scenario providing
ASP.Net
web hosting. For security reasons, they might want to not allow users to
have customErrors mode="Off" set (that's how my ISP has their server set
up). In such cases it makes more sense to change the settings in
machine.config and not rely on individual applications having the setting
in
their web.config.

Hope this helps
- Shuvro

--
This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.

Shuvro,

with all due respect, wouldn't setting
<location allowOverride="false">
affect *all* websites in a server ?

The default machine.config setting is :
<location allowOverride="true">

That would imply that any web.config setting would
override any machine.config setting, as it should be.

Simply setting <customErrors mode="Off" /> in an application's
web.config would do the same job, unless the setting in
machine.config has been changed to <location allowOverride="false">
( the setting you're recommending).

I'd really hesitate to recommend *any* user to change
machine.config at all, especially to override default settings
which affect *all* websites in a machine.

It's vastly preferrable to override any setting in machine.config
with a setting in web.config, as opposed to establishing a
machine-wide override in machine.config.



Juan T. Llibre
ASP.NET MVP
===========

Below is the section you need to put in machine.config. Make sure you
remove
the existing <customerrors> section and then use the below. It's in a
location allowOverride="false" to prevent users from overriding the
setting
in their web.config.

<location allowOverride="false">
<system.web>
<!--
customErrors Attributes:
mode="[On|Off|RemoteOnly]"
On: Always display custom errors
Off: Always display ASP.NET error pages
RemoteOnly: Display custom errors to remote clients and ASP.NET
errors to localhost
defaultRedirect="url" - Url to redirect client to when an
error
occurs
-->
<customErrors mode="Off" />
</system.web>
</location>

Check if this is set in your machine.config on the server?
- Shuvro

Hi, Shuvro.

A setting in machine.config *cannot*
override a setting in web.config.

A setting in web.config *can*
override a setting in machine.config.




Juan T. Llibre
ASP.NET MVP
===========
Maybe the setting is overridden in the machine.config on your webserver

- Shuvro

"Marina Anufreichik" <marina_at_pdvcorp_dot_com> wrote in message
In web config the setting for customErrors is off, but it still not
displaying

Thanks

Marina

message
Try getting the actual error message by temporarily setting the
customErrors
mode to off. That should show you the actual exception you're
getting
on
the
remote server.

--
This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.



"Marina Anufreichik" <marina_at_pdvcorp_dot_com> wrote in message
Hi,

After deploymnet web application on web server I can access
page
on
local
machine and login fine but when I'm trying to access web site from
remote
machine I can see login page, but when I'm trying to login with
correct
credentials it give me error:

Server Error in '/PDVMgr' Application.

------------------------------------------------------------------------ -
-
--
----

Runtime Error

Description: An application error occurred on the server. The
current
custom
error settings for this application prevent the details of the
application
error from being viewed remotely (for security reasons). It could,
however,
be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message
to
be
viewable
on remote machines, please create a <customErrors> tag within a
"web.config"
configuration file located in the root directory of the current
web
application. This <customErrors> tag should then have its
"mode"
attribute
set to "Off".



ANY SUGGESTIONS AND CONCERNS???????



Thanks

Marina

 

[Rajasekhar Patta]

Please let me know whether the issue has been resolved. I am having the
same problem and looking forward for the solution.