PRB: "Catastrophic Failure" Error Message When You Try to Debug an ASP.NET Application on Windows 2000 Domain Controller (827559)

SYMPTOMS

When you try to debug a Microsoft ASP.NET Web Application on a computer that is running Microsoft Windows 2000 Server domain controller with Service Pack 4 (SP4) installed, you may receive the following error message:

Error while trying to run project: Unable to start debugging on the web server. Catastrophic failure

CAUSE

This problem occurs when the account that is used to run the ASP.NET Worker process (by default, this is the IWAM user account on the domain controller) is not assigned with the "Impersonate a client after authentication" user right in the local security policy. This problem may occur when you install Windows 2000 SP4, and then install Microsoft Visual Studio .NET. In this situation, the IWAM account is not granted the "Impersonate a client after authentication" user right in the local security policy.

The "Impersonate a client after authentication" user right (also named SeImpersonatePrivilege) is a new Microsoft Windows 2000 security setting that was first included in Microsoft Windows 2000 SP4.

WORKAROUND

To work around the problem, manually assign the "Impersonate a client after authentication" user right to the IWAM account. To do this, follow these steps:

Click Start, point to Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
Click Security Settings.
Click Local Policies, and then click User Rights Assignment.
In the right pane, double-click Impersonate a client after authentication.
In the Security Policy Setting window, click Define these policy settings.
Click Add, and then click Browse.
In the Select Users or Groups window, select the IWAM account name, click Add, and then click OK.
Click OK two times.
To enforce an update of the computer policy, type the following command at a command prompt, and then press ENTER:
secedit /refreshpolicy machine_policy /enforce
At the command prompt, type iisreset, and then press ENTER.

MORE INFORMATION

Steps to Reproduce the Behavior

Install Service Pack 4

To download and install Windows 2000 SP4, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.mspx

Create a New ASP.NET Web Application

In Visual Studio .NET, use Microsoft Visual Basic .NET or Microsoft Visual C# .NET to create a new ASP.NET Web Application project. By default, WebForm1.aspx is created.
Right-click WebForm1.aspx, and then click View Code to open the code behind file.

Replace the existing code of the Page_Load event with the following code:

Visual C#.NET

private void Page_Load(object sender, System.EventArgs e)
{
   Response.Write("Debug Break point");
}

Visual Basic.NET

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
   Response.Write("Debug Break")
End Sub

On the Build menu, click Build Solution.

Debug the Application

Set a break point in the code of the Page_Load event.
To debug the application, click Start on the Debug menu in Visual Studio .NET.

REFERENCES

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

824308 BUG: IWAM Account Is Not Granted the Impersonate Privilege for ASP.NET 1.1 on a Windows 2000 Domain Controller with SP4

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

821255 "Error While Trying to Run Project" Error Message Occurs When You Debug a Web Application in Visual Studio .NET

For more information about ASP.NET Impersonation, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetimpersonation.asp