« Previous Next »

• 09-29-2009, 1:39 PM

  sigjonss Joined on 09-29-2009, 1:34 PM Posts 6

  The access control list is not in canonical form..... Reply Contact Hi I was trying to install Moodle using web platform installation on a Windows Server 2008. Everything seemed to go well until I got this message about not being in canonical form. My log file is. [17:23:34]Performing synchronization pass #1. [17:23:110]Parameter entry 'Application Path/1' is applicable to 'iisApp/moodle' because of its scope.  Details:  name: Application Path [17:23:112]Parameter entry 'Connection String/1' is applicable to 'dbMySql/install.sql' because of its scope.  Details:  name: Connection String [17:23:113]Parameter entry 'SetAcl Parameter 1/1' is applicable to 'setAcl/moodle/moodledata' because of its scope.  Details:  name: SetAcl Parameter 1 [17:23:570]Source createApp (moodle) does not match destination (Default Web Site/moodle) differing in attributes (isDest,managedRuntimeVersion['',''],enable32BitAppOnWin64['',''],managedPipelineMode['',''],applicationPool,appExists). Update pending. [17:23:605]Updating createApp (Default Web Site/moodle).  Details:  operationType: Update  providerName: createApp  path: Default Web Site/moodle [17:23:729]Parameter entry 'Application Path/2' is applicable to 'moodle\config.php' because of its scope.  Details:  name: Application Path [17:23:747]Parameter entry 'Database Server/1' is applicable to 'moodle\config.php' because of its scope.  Details:  name: Database Server [17:23:763]Parameter entry 'Database Name/1' is applicable to 'moodle\config.php' because of its scope.  Details:  name: Database Name [17:23:778]Parameter entry 'Database Username/1' is applicable to 'moodle\config.php' because of its scope.  Details:  name: Database Username [17:23:793]Parameter entry 'Database Password/1' is applicable to 'moodle\config.php' because of its scope.  Details:  name: Database Password [17:23:795]Attribute 'size' equality changed to True when comparing filePath (Default Web Site/moodle\config.php) to moodle\config.php because of rule Parameterization.  Details:  rule: Parameterization  attribute: size  newEquals: True [17:23:454]Parameter entry 'Database Server/2' is applicable to 'MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript' because of its scope.  Details:  name: Database Server [17:23:454]Parameter entry 'Database Server/2' could not be applied to 'MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript'. Deployment will continue with the original data. Details: No matches were found for the search string 'PlaceHolderForDbServer' (type 'TextFile').  Details:  name: Database Server [17:23:468]Parameter entry 'Database Name/2' is applicable to 'MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript' because of its scope.  Details:  name: Database Name [17:23:482]Parameter entry 'Database Username/2' is applicable to 'MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript' because of its scope.  Details:  name: Database Username [17:23:496]Parameter entry 'Database Password/2' is applicable to 'MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript' because of its scope.  Details:  name: Database Password [17:23:496]Source sqlScript (MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript) replaced with changed attributes (checksum['2967126440','3805665388']) because of rule Parameterization.  Details:  rule: Parameterization [17:23:518]Adding child sqlScript (MSDeploy.iisApp/dbMySql[@path='server=localhost;database=moodle;uid=root;allow user variables=True']/sqlScript).  Details:  operationType: AddChild  providerName: sqlScript  path: MSDeploy.iisApp/dbMySql[@path='server=localhost;database=moodle;uid=root;allow user variables=True']/sqlScript [17:23:526]Getting stream data for 'sqlScript' ('MSDeploy.iisApp/dbMySql[@path='install.sql']/sqlScript'). [17:23:529]Opening SQL Connection with connection string 'server=localhost;database=moodle;uid=root;allow user variables=True'. The 'transacted' setting for this connection is 'False'. [17:23:533]Executing the following database command (lines 1 to 17 of the script): CREATE DATABASE IF NOT EXISTS moodle; USE moodle;   DROP PROCEDURE IF EXISTS add_user ;   CREATE PROCEDURE add_user() BEGIN DECLARE EXIT HANDLER FOR 1044 BEGIN END; GRANT ALL PRIVILEGES ON moodle.* to 'moodleuser'@'localhost' IDENTIFIED BY 'moodleuser'; FLUSH PRIVILEGES; END ;   CALL add_user();   DROP PROCEDURE IF EXISTS add_user; [17:23:537]Source setAcl (moodle/moodledata) does not match destination (Default Web Site/moodle/moodledata) differing in attributes (isDest,setAclUser,setAclAccess). Update pending. [17:23:537]Updating setAcl (Default Web Site/moodle/moodledata).  Details:  operationType: Update  providerName: setAcl  path: Default Web Site/moodle/moodledata EXCEPTION: System.InvalidOperationException: This access control list is not in canonical form and therefore cannot be modified.    at System.Security.AccessControl.CommonAcl.ThrowIfNotCanonical()    at System.Security.AccessControl.CommonAcl.Purge(SecurityIdentifier sid)    at System.Security.AccessControl.CommonSecurityDescriptor.PurgeAccessControl(SecurityIdentifier sid)    at System.Security.AccessControl.ObjectSecurity.PurgeAccessRules(IdentityReference identity)    at Microsoft.Web.Deployment.SetAclProvider.Add(DeploymentObject source, Boolean whatIf)    at Microsoft.Web.Deployment.SetAclProvider.Update(DeploymentObject source, Boolean whatIf)    at Microsoft.Web.Deployment.DeploymentObject.Update(DeploymentObject source, DeploymentSyncContext syncContext)    at Microsoft.Web.Deployment.DeploymentSyncContext.HandleUpdate(DeploymentObject destObject, DeploymentObject sourceObject)    at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildrenOrder(DeploymentObject dest, DeploymentObject source)    at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildren(DeploymentObject dest, DeploymentObject source)    at Microsoft.Web.Deployment.DeploymentSyncContext.ProcessSync(DeploymentObject destinationObject, DeploymentObject sourceObject)    at Microsoft.Web.Deployment.DeploymentObject.SyncToInternal(DeploymentObject destObject, DeploymentSyncOptions syncOptions, PayloadTable payloadTable, ContentRootTable contentRootTable)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentProviderOptions providerOptions, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(String provider, String path, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentWellKnownProvider provider, String path, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.PlatformInstaller.MSDeployProxy.Install(InstallerContext context, RemoteCredentials remoteCredentials)   And the web platform installer log file is:   DownloadManager Information: 0 : Loading product xml from 'https://go.microsoft.com/fwlink/?LinkId=158722' DownloadManager Information: 0 : Product manager downloading: https://go.microsoft.com/fwlink/?LinkId=158722 DownloadManager Information: 0 : Remote file has not changed, using local cached file:C:\Users\Administrator.000\AppData\Local\Microsoft\Web Platform Installer\112853652.xml.temp DownloadManager Information: 0 : Loading product xml from 'http://www.microsoft.com/web/webpi/2.0/WebApplicationList.xml' DownloadManager Information: 0 : Product manager downloading: http://www.microsoft.com/web/webpi/2.0/WebApplicationList.xml DownloadManager Information: 0 : Remote file has not changed, using local cached file:C:\Users\Administrator.000\AppData\Local\Microsoft\Web Platform Installer\-1589660071.xml.temp DownloadManager Information: 0 : Filtering by majorOS: 6, minorOS: 0, majorSP: 2, minorSP: 0, productType: 7, architecture: x86 DownloadManager Information: 0 : Filtering by majorOS: 6, minorOS: 0, majorSP: 2, minorSP: 0, productType: 7, architecture: x86 DownloadManager Information: 0 : Contextual entry products: PHP DownloadManager Information: 0 : Contextual product is already installed DownloadManager Information: 0 : Contextual navigation to product 'PHP' DownloadManager Information: 0 : Getting ratings file from http://go.microsoft.com/fwlink/?LinkId=163219 DownloadManager Information: 0 : Ratings file loaded successfully DownloadManager Information: 0 : Adding product Moodle (Moodle) to cart DownloadManager Information: 0 : Product 'Moodle' was already in cart. DownloadManager Information: 0 : No SQL to configure DownloadManager Information: 0 : No MySQL to configure DownloadManager Information: 0 : Setting current install to 1 DownloadManager Information: 0 : Starting install sequence DownloadManager Information: 0 : Using cached file at C:\Users\Administrator.000\AppData\Local\Microsoft\Web Platform Installer\installers\Moodle\F25C51F112C16F68A7F04652E5334769FFAAC62F\MoodleWindowsWpi-latest-19-20090826.zip instead of downloading from http://download.moodle.org/download.php/direct/windows_wpi/MoodleWindowsWpi-latest-19-20090826.zip DownloadManager Information: 0 : Using chosen site 'Default Web Site' DownloadManager Information: 0 : The specified destination folder for application moodle is not empty. If you proceed with installation, existing files in that folder may be overwritten. Do you want to continue? DownloadManager Information: 0 : User chose of overwrite DownloadManager Information: 0 : SMO is missing. Removing MySQL from database list DownloadManager Information: 0 : Setting current install to 1 DownloadManager Error: 0 : MS Deploy exception: System.InvalidOperationException: This access control list is not in canonical form and therefore cannot be modified.    at System.Security.AccessControl.CommonAcl.ThrowIfNotCanonical()    at System.Security.AccessControl.CommonAcl.Purge(SecurityIdentifier sid)    at System.Security.AccessControl.CommonSecurityDescriptor.PurgeAccessControl(SecurityIdentifier sid)    at System.Security.AccessControl.ObjectSecurity.PurgeAccessRules(IdentityReference identity)    at Microsoft.Web.Deployment.SetAclProvider.Add(DeploymentObject source, Boolean whatIf)    at Microsoft.Web.Deployment.SetAclProvider.Update(DeploymentObject source, Boolean whatIf)    at Microsoft.Web.Deployment.DeploymentObject.Update(DeploymentObject source, DeploymentSyncContext syncContext)    at Microsoft.Web.Deployment.DeploymentSyncContext.HandleUpdate(DeploymentObject destObject, DeploymentObject sourceObject)    at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildrenOrder(DeploymentObject dest, DeploymentObject source)    at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildren(DeploymentObject dest, DeploymentObject source)    at Microsoft.Web.Deployment.DeploymentSyncContext.ProcessSync(DeploymentObject destinationObject, DeploymentObject sourceObject)    at Microsoft.Web.Deployment.DeploymentObject.SyncToInternal(DeploymentObject destObject, DeploymentSyncOptions syncOptions, PayloadTable payloadTable, ContentRootTable contentRootTable)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentProviderOptions providerOptions, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(String provider, String path, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentWellKnownProvider provider, String path, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.PlatformInstaller.MSDeployProxy.Install(InstallerContext context, RemoteCredentials remoteCredentials) DownloadManager Error: 0 : MS Deploy error: System.InvalidOperationException: This access control list is not in canonical form and therefore cannot be modified.    at System.Security.AccessControl.CommonAcl.ThrowIfNotCanonical()    at System.Security.AccessControl.CommonAcl.Purge(SecurityIdentifier sid)    at System.Security.AccessControl.CommonSecurityDescriptor.PurgeAccessControl(SecurityIdentifier sid)    at System.Security.AccessControl.ObjectSecurity.PurgeAccessRules(IdentityReference identity)    at Microsoft.Web.Deployment.SetAclProvider.Add(DeploymentObject source, Boolean whatIf)    at Microsoft.Web.Deployment.SetAclProvider.Update(DeploymentObject source, Boolean whatIf)    at Microsoft.Web.Deployment.DeploymentObject.Update(DeploymentObject source, DeploymentSyncContext syncContext)    at Microsoft.Web.Deployment.DeploymentSyncContext.HandleUpdate(DeploymentObject destObject, DeploymentObject sourceObject)    at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildrenOrder(DeploymentObject dest, DeploymentObject source)    at Microsoft.Web.Deployment.DeploymentSyncContext.SyncChildren(DeploymentObject dest, DeploymentObject source)    at Microsoft.Web.Deployment.DeploymentSyncContext.ProcessSync(DeploymentObject destinationObject, DeploymentObject sourceObject)    at Microsoft.Web.Deployment.DeploymentObject.SyncToInternal(DeploymentObject destObject, DeploymentSyncOptions syncOptions, PayloadTable payloadTable, ContentRootTable contentRootTable)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentProviderOptions providerOptions, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(String provider, String path, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentWellKnownProvider provider, String path, DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.Deployment.DeploymentObject.SyncTo(DeploymentBaseOptions baseOptions, DeploymentSyncOptions syncOptions)    at Microsoft.Web.PlatformInstaller.MSDeployProxy.Install(InstallerContext context, RemoteCredentials remoteCredentials)    at Microsoft.Web.PlatformInstaller.MSDeployPackage.Install(InstallerContext currentInstall) DownloadManager Information: 0 : Product Moodle done install completed DownloadManager Information: 0 : Increasing current install to 2 DownloadManager Information: 0 : Moodle installation log: C:\Users\Administrator.000\AppData\Local\Microsoft\Web Platform Installer\logs\install\2009-09-29T17.22.46\Moodle.txt   All help is very much apreciated.

• 09-30-2009, 10:10 PM

  In reply to

  stjacobs Joined on 09-23-2008, 3:09 PM Redmond Posts 43

  Re: The access control list is not in canonical form..... Reply Contact  Hi, I've got a couple of questions for you which will help us narrow this down.   Is "Default Web Site" still mapped to  %SYSTEMDRIVE%\inetpub\wwwroot?  This would be C:\inetpub\wwwroot on most systems. Can you run the command "icals.exe <moodledata directory>" from a command prompt, and substitute the actual moddledata directory name for <moodledata directory>?  If the moodledata directory did not actually get created, can you send us the icacles.exe output for the directory where the application would be installed?  i.e. "icacls.exe %SYSTEMDRIVE%\inetpub\wwwroot\moodle" This will help us better understand the state that is leading up to this particular error. thanks! -Jake   -- Steve Jacobson (Jake) Sr. Program Manager - IIS

• 10-01-2009, 10:00 AM

  In reply to

  sigjonss Joined on 09-29-2009, 1:34 PM Posts 6	Re: The access control list is not in canonical form..... Reply Contact   1. default web site is %SYSTEMDRIVE%\inetpub\wwwroot 2.  icals.exe is not reconized as an internal or external command was the message I got when trying to run. Siggi

• 10-01-2009, 12:49 PM

  In reply to

  stjacobs Joined on 09-23-2008, 3:09 PM Redmond Posts 43	Re: The access control list is not in canonical form..... Reply Contact  Hi Siggi - icals.exe doesn't work because I typed the command wrong.  It should be icacls.exe.   Thanks!    -Jake -- Steve Jacobson (Jake) Sr. Program Manager - IIS

• 10-01-2009, 1:56 PM

  In reply to

  sigjonss Joined on 09-29-2009, 1:34 PM Posts 6

  Re: The access control list is not in canonical form..... Reply Contact Is this what you were asking for? C:\Inetpub\wwwroot\moodle>icacls.exe c:\inetpub\wwwroot\moodle c:\inetpub\wwwroot\moodle NT AUTHORITY\LOCAL SERVICE:(F)                           NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(F)                           NT AUTHORITY\NETWORK SERVICE:(F)                           NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(IO)(F)                           NT SERVICE\TrustedInstaller:(F)                           NT SERVICE\TrustedInstaller:(I)(OI)(CI)(IO)(F)                           NT AUTHORITY\SYSTEM:(F)                           NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)                           BUILTIN\Administrators:(F)                           BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)                           BUILTIN\Users:(RX)                           BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)                           BUILTIN\Administrators:(F)                           CREATOR OWNER:(I)(OI)(CI)(IO)(F)                           NT SERVICE\TrustedInstaller:(OI)(CI)(F)                           BUILTIN\IIS_IUSRS:(OI)(CI)(RX)                           BUILTIN\Administrators:(F)                           CREATOR OWNER:(OI)(CI)(IO)(F) Successfully processed 1 files; Failed processing 0 files

• 10-01-2009, 7:51 PM

  In reply to

  richma Joined on 04-06-2009, 12:10 PM Posts 367

  Re: The access control list is not in canonical form..... Reply Contact Hi Siggi, Yes this the command we were looking for and this looks fine. If you check the properties of the Moodle folder using Explorer (right click -> properties -> security tab), do you receive any errors ? Do any of the user names appear as  SID which would appear something like "S-1-5- nnnnnnnnn "  where the n's are a long string of numbers. Is the machine an physical machine or VM ? Thanks Richard

• 10-02-2009, 6:37 AM

  In reply to

  sigjonss Joined on 09-29-2009, 1:34 PM Posts 6	Re: The access control list is not in canonical form..... Reply Contact Hi I did receive an error:The permissions on moodle are incorrectly ordered, which may cause some entries to be ineffective. There are no strange usernames. It is a physical machine.   Siggi

• 10-02-2009, 11:10 AM

  In reply to

  richma Joined on 04-06-2009, 12:10 PM Posts 367

  Re: The access control list is not in canonical form..... Reply Contact Hi Siggi, Thats the error that is most likely causing the issue with Moodle installation.  Try either of the following to resolve this. a) Was there an option to Re-Order the permissions when you receive the error ? If so try this then the Moodle installation.  I would check the persmissons on WWWRoot as well and make sure there are no errors. b) If not currently inheriting permissions from the Parent try adding this to Moodle. Click the Advanced Button on the Security tab, then Change Permissions and check the "Include inheritable permissions from this objects parent" . Then go to the parent  (wwwroot) add a new security group (test user or anything) . Then under the same Advanced settings check "Replace all child object permissions  with inheritable persmissions ..  "    then try the Moodle installation. Thanks Richard

• 10-07-2009, 11:06 AM

  In reply to

  sigjonss Joined on 09-29-2009, 1:34 PM Posts 6	Re: The access control list is not in canonical form..... Reply Contact Hi Everything seems to work now. Thanks Siggi

• 10-07-2009, 12:18 PM

  In reply to

  richma Joined on 04-06-2009, 12:10 PM Posts 367	Re: The access control list is not in canonical form..... Reply Contact Thanks for the Update. What method did you use to resolve the error ?

• 10-07-2009, 1:09 PM

  In reply to

  sigjonss Joined on 09-29-2009, 1:34 PM Posts 6	Re: The access control list is not in canonical form..... Reply Contact Hi I checked all permissions and made the changes which you suggested, deleted the moodle folder from webroot and started from the beginning. Siggi