Internet Explorer is not working properly insdide of a container when Mcafee is installed on the node

Symptoms Blank frame is displayed while viewing a javascript content via Internet Explorer . McAfee antivirus with Scriptscan feature is installed on the node. Cause Installation of McAfee AV with Scriptscan option replaces VBScript engine ...

Body

Symptoms

• Blank frame is displayed while viewing a javascript content via Internet Explorer .
• McAfee antivirus with Scriptscan feature is installed on the node.

Cause

Installation of McAfee AV with Scriptscan option replaces VBScript engine on the node and in containers from vbscript.dll:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
(default)    REG_SZ    C:\Windows\System32\vbscript.dll

to ScriptSn.20140523232758.dll

McAfee Scriptscan feature is not compatible with Virtuozzo Containers for Windows.

Resolution

McAfee Antivirus should be re-installed on the node without this feature. The following registry keys should be restored to original VBScript dlls in the existing containers:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
(default)    REG_SZ    C:\Windows\System32\vbscript.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
(Default)    REG_SZ    C:\Windows\System32\jscript.dll

HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
(Default)    REG_SZ    C:\Windows\system32\vbscript.dll

HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
(Default)    REG_SZ    C:\Windows\System32\jscript.dll

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
(Default)    REG_SZ    C:\Windows\SysWOW64\vbscript.dll

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
(Default)    REG_SZ    C:\Windows\SysWOW64\jscript.dll

Additional if the node has IE 9 is installed

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32
(Default)    REG_SZ    C:\Windows\System32\jscript9.dll

HKEY_CLASSES_ROOT\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32
(Default)    REG_SZ    C:\Windows\System32\jscript9.dll

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\InprocServer32
(Default)    REG_SZ    C:\Windows\SysWOW64\jscript9.dll

To reconfigure a container with default VBScript dlls the following command can be used:

vzctl CTID exec regsvr32 C:\Windows\System32\vbscript.dll
vzctl CTID exec regsvr32 C:\Windows\SysWOW64\vbscript.dll
vzctl CTID exec regsvr32 C:\Windows\System32\jscript.dll
vzctl CTID exec regsvr32 C:\Windows\SysWOW64\jscript.dll
vzctl CTID exec regsvr32 C:\Windows\System32\jscript9.dll
vzctl CTID exec regsvr32 C:\Windows\SysWOW64\jscript9.dll

In the example above, replace CTID with actual container ID number.

ASP 500 Error with Code 0x800700aa While browsing a .asp page

Problem :

Some times you try to browse a simple ASP page (Legacy ASP) hosted on IIS 7.5 or IIS 8.5 and you run in to following Error : 

Detailed Error Information 
Module IsapiModule 
Notification ExecuteRequestHandler 
Handler ASPClassic 
Error Code 0x800700aa 
Requested URL http://localhost/New_Site/Default.asp 
Physical Path C:\inetpub\wwwroot\New_Site\Default.asp 
Logon Method Anonymous 
Logon User Anonymous

You try all the other options like Enabling 32 Bit, Changing AppPool Pipeline mode to Classic, installing .net framework 1.1 or 2.0 but it doesn't help. 

Diagnose the Problem : 

 To find the main reason of this problem you will need to run Process Monitor and filter the logs to see only ProcMon Logs related to w3Wp.exe. 

While digging the logs, you may find some logs similar to following : 

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND 

                                                                         OR

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND  

Now the question is, why an asp file request is calling a .dll file which is related to to AntiVirus program.

Some times , when AntiVirus program is installed on your server or Updated , it add this DLL as part of there ScriptScan feature  to intercept the script calls before they are executed on following Regresty Key : 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 
    (Default)    REG_SZ    C:\Program Files\McAfee\VirusScan\scriptsn.dll

In normal Conditions, this Registry Key (CLSID - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 ) points to VBScript.dll but here it is pointing to C:\Program Files\McAfee\VirusScan\scriptsn.dll. And this is the reason, ASP files are not being

 processed when requested.

After you successfully remove VSE, the system reports the following error:

The VBscript engine does not run any scripts on this machine
Some applications that utilize java script may not run properly

Procmon shows that when a VBScript is executed on this server, instead of calling the VBScript Driver vbscript.dll, it continues to call the McAfee driver from:

c:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110315093749.dll

Applet logs record the following errors related to VBScript after you use MFERemoval100.exe to remove VSE:

<Part of Applet--2016.12.21--09.58.01--[MFERemoval100.exe].txt>
E  Failed to set HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 to C: \windows\SysWOW64\vbscript.dll
S  C:\windows\SysWOW64\vbscript.dll was register.
E  Failed to set HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 to C:\windows\system32\vbscript.dll
S  C:\windows\system32\vbscript.dll was register.
S  HKEY_LOCAL_MACHINE\Wow6432Node\SOFTWARE\Classes\VBScript deleted.

Solution

Revert the registry key to its default value:

CAUTION: This article contains information about opening or modifying the registry.

• The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
• Before proceeding, Technical Support strongly recommends that you back up your registry and understand the restore process. For more information, see: http://support.microsoft.com/kb/256986.
• Do not run a REG file that is not confirmed to be a genuine registry import file.

1. Press Windows+R, type regedit, and click OK.
2. Navigate to the following registry key:
   
   HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
3. Right-click the registry key and select Permissions.
4. Select Administrators and give Full Control.
   
   NOTE: In some instances, you might have to change ownership to change the permissions for these registry keys. Click Advanced Sharing, Change, and then change the permissions from the System account to the Admin account.
    
5. Replace the following string value: 
   C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
   
   With:
   C:\Windows\System32\vbscript.dll
    
6. Navigate to the following registry key:
   [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
    
7. Replace the following string value:
   C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
   With:
   C:\Windows\System32\jscript.dll
8. (64-bit systems only) Navigate to the following registry key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
9. Replace the following string value:
   C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
   With:
   C:\Windows\System32\vbscript.dll
10. (64-bit systems only) Navigate to the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
11. Replace the following string value:
    C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
    With:
    C:\Windows\SysWOW64\jscript.dll
     
12. Register vbscript.dll. At an elevated command prompt, type the following and press ENTER:
    
    c:\windows\system32\regsvr32.exe vbscript.dll
     
13. Register jscript.dll. At an elevated command prompt, type the following and press ENTER:
    
    c:\windows\system32\regsvr32.exe jscript.dll

Backup and restoring websites on the Internet Information Services (IIS) Manage

To back up and restore IIS 6:

1. Open the IIS Manager.
2. Right-click the machine labeled as Local Computer.
3. Click All Tasks > Backup/Restore Configuration > Create Backup.
   
4. Type a name for the backed up configuration and then click OK.
   
5. Click Close.
6. Open the %windir%\system32\inetsrv\MetaBack directory and copy the created backup to a local folder.
   
7. Reinstall IIS.
8. Open the local folder and copy the backup file to the %windir%\system32\inetsrv\MetaBack directory.
9. Open the IIS Manager.
10. Right-click the machine labeled as Local computer.
11. Click All Tasks > Backup/Restore Configuration.
12. Select the backup name and then click Restore > Yes > OK.
13. Click Close.

To back up and restore IIS 7 or IIS 8:

1. Open cmd.exe.
2. Navigate to %windir%\system32\inetsrv\.
3. Execute following command to back up configuration:
   appcmd.exe add backup <backupname>.
4. Open the %windir%\system32\inetsrv\backup directory and copy the backup folder to a local folder.
5. Reinstall IIS.
6. Open the local folder and copy the backup folder to the %windir%\system32\inetsrv\backup directory.
7. Execute following command to back up configuration:
   appcmd.exe restore backup <backupname>