I see that Citrix updated the technote to include adding these permissions for the NETWORK SERVICE account after I posted. LOL! Regards On 3/2/07, Tim Anderson <timothylanderson@xxxxxxxxx> wrote:
Just thought I would share with this excellent list something I came across today and include a question. When doing an AAC 4.5 install on a fresh W2K SP1 fully patched VM I received a "Failed to create sample logon point". None of the solutions provide in the Citrix technote ( http://support.citrix.com/article/CTX107240) worked, although I did have to turn off DEP. The event logs showed this error: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 3/2/2007 2:43:31 PM Event time (UTC): 3/2/2007 8:43:31 PM Event ID: d76df30f893e45d3821b465a8cf80978 Event sequence: 1 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/Root/CitrixAuthService-5-128173418114919635 Trust level: Application Virtual Path: /CitrixAuthService Application Path: c:\inetpub\wwwroot\CitrixAuthService\ Machine name: AAC Process information: Process ID: 3056 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: HttpException Exception message: The current identity (NT AUTHORITY\NETWORK SERVICE) does not have write access to 'C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files'. Request information: Request URL: http://localhost/CitrixAuthService/AuthService.asmx Request path: /CitrixAuthService/AuthService.asmx User host address: 127.0.0.1 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 1 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Web.HttpRuntime.SetUpCodegenDirectory(CompilationSection compilationSection) at System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags) After giving the NETWORK SERVICE account permissions to write to %SystemRoot%\Microsoft.NET\Framework\v2.0.50727, I was able to create the sample logon point. By giving the NETWORK SERVICE account write permissions in the .NET Framework am I opening up something that should not be open? Would it be wise to remove those permissions and reinstate them if I need to create another logon point? Regards, Tim