我最近将我的应用程序从使用 ASP.NET 模拟切换为在应用程序池中实际指定身份。 这样做的原因是为了使将来更容易使用
async
,以便线程作为我的服务帐户运行。
自从进行更改以来,该网站遇到了一些问题。 在我进行更改的那天,我现在看到这些事件日志显示的频率更高(以前是每天 2-3 次,现在是每天 8-10 次):
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-1695807550-3099950144-3292890465-4346:
Process 3840 (\Device\HarddiskVolume2\Windows\System32\inetsrv\w3wp.exe) has opened key \REGISTRY\USER\S-1-5-21-1695807550-3099950144-3292890465-4346
Process 3840 (\Device\HarddiskVolume2\Windows\System32\inetsrv\w3wp.exe) has opened key \REGISTRY\USER\S-1-5-21-1695807550-3099950144-3292890465-4346\Control Panel\International
Process 3840 (\Device\HarddiskVolume2\Windows\System32\inetsrv\w3wp.exe) has opened key \REGISTRY\USER\S-1-5-21-1695807550-3099950144-3292890465-4346\Software\Microsoft\Windows\CurrentVersion\Explorer
在与活动目录交谈时,我也遇到了(看似随机的)错误:
System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
自从进行更改以来我看到的最后一个错误(尽管它似乎不太常见):
System.Runtime.InteropServices.COMException (0x800703FA): Illegal operation attempted on a registry key that has been marked for deletion.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, IdentityType identityType, String identityValue)
重置应用程序池后,问题就消失了。 不幸的是,它似乎在一两天后又回来了。
有人知道这里发生了什么吗? 我可以重新使用模拟,因为直到我将应用程序池身份切换为特定用户之前,这种情况从未发生过。 我的 Google-fu 今天没有给我任何答案。
我无法找到问题的根本原因。 但是,如果底层代码依赖于属于该身份的资源,则似乎对多个应用程序池使用相同的身份可能会导致一些问题。
将应用程序池设置
Load User Profile
更改为 True
修复了问题,并且事件日志条目不再出现。
我要对此进行尝试并说您可能没有正确清理资源。
Microsoft.Win32.RegistryKey
物体和 System.DirectoryServices.AccountManagement.PrincipalContext
都是 IDisposable
,不再使用时必须丢弃。
更改之前,当用户会话超时时,这些资源可能已被清理,但自从您关闭模拟后,这些资源就不再被清理了。
与 AD 交互时,我还收到“System.Runtime.InteropServices.COMException (0x800703FA)”(IIS AppPool 标识设置为特定服务帐户)。重新启动 AppPool 对我不起作用。我必须重新启动网络服务器才能使其正常工作。