Sunday, 26 July 2020

ASP 500 Error with Code 0x800700aa While browsing a .asp page

Problem :


Some times you try to browse a simple ASP page (Legacy ASP) hosted on IIS 7.5 or IIS 8.5 and you run in to following Error : 

Detailed Error Information 
Module IsapiModule 
Notification ExecuteRequestHandler 
Handler ASPClassic 
Error Code 0x800700aa 
Requested URL http://localhost/New_Site/Default.asp 
Physical Path C:\inetpub\wwwroot\New_Site\Default.asp 
Logon Method Anonymous 
Logon User Anonymous

You try all the other options like Enabling 32 Bit, Changing AppPool Pipeline mode to Classic, installing .net framework 1.1 or 2.0 but it doesn't help. 



Diagnose the Problem : 

 To find the main reason of this problem you will need to run Process Monitor and filter the logs to see only ProcMon Logs related to w3Wp.exe. 

While digging the logs, you may find some logs similar to following : 

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND 
                                                                         OR

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND  

Now the question is, why an asp file request is calling a .dll file which is related to to AntiVirus program.

Some times , when AntiVirus program is installed on your server or Updated , it add this DLL as part of there ScriptScan feature  to intercept the script calls before they are executed on following Regresty Key : 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 
    (Default)    REG_SZ    C:\Program Files\McAfee\VirusScan\scriptsn.dll

In normal Conditions, this Registry Key (CLSID - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 ) points to VBScript.dll but here it is pointing to C:\Program Files\McAfee\VirusScan\scriptsn.dll. And this is the reason, ASP files are not being
 processed when requested.

After you successfully remove VSE, the system reports the following error:
The VBscript engine does not run any scripts on this machine
Some applications that utilize java script may not run properly

Procmon shows that when a VBScript is executed on this server, instead of calling the VBScript Driver vbscript.dll, it continues to call the McAfee driver from:

c:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110315093749.dll

Applet logs record the following errors related to VBScript after you use MFERemoval100.exe to remove VSE:
<Part of Applet--2016.12.21--09.58.01--[MFERemoval100.exe].txt>
E  Failed to set HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 to C: \windows\SysWOW64\vbscript.dll
S  C:\windows\SysWOW64\vbscript.dll was register.
E  Failed to set HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 to C:\windows\system32\vbscript.dll
S  C:\windows\system32\vbscript.dll was register.
S  HKEY_LOCAL_MACHINE\Wow6432Node\SOFTWARE\Classes\VBScript deleted.


Solution

Revert the registry key to its default value:

CAUTION: This article contains information about opening or modifying the registry.
  • The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
  • Before proceeding, Technical Support strongly recommends that you back up your registry and understand the restore process. For more information, see: http://support.microsoft.com/kb/256986.
  • Do not run a REG file that is not confirmed to be a genuine registry import file.
  1. Press Windows+R, type regedit, and click OK.
  2. Navigate to the following registry key:

    HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
  3. Right-click the registry key and select Permissions.
  4. Select Administrators and give Full Control.

    NOTE: In some instances, you might have to change ownership to change the permissions for these registry keys. Click Advanced Sharing, Change, and then change the permissions from the System account to the Admin account.
     
  5. Replace the following string value: 
    C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl

    With:
    C:\Windows\System32\vbscript.dll
     
  6. Navigate to the following registry key:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32]
     
  7. Replace the following string value:
    C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
    With:
    C:\Windows\System32\jscript.dll
  8. (64-bit systems only) Navigate to the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
  9. Replace the following string value:
    C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
    With:
    C:\Windows\System32\vbscript.dll
  10. (64-bit systems only) Navigate to the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
  11. Replace the following string value:
    C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.nnnnnnnnnnn.dl
    With:
    C:\Windows\SysWOW64\jscript.dll
     
  12. Register vbscript.dll. At an elevated command prompt, type the following and press ENTER:

    c:\windows\system32\regsvr32.exe vbscript.dll
     
  13. Register jscript.dll. At an elevated command prompt, type the following and press ENTER:

    c:\windows\system32\regsvr32.exe jscript.dll
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)