Sending e-mail with classic ASP, SMTP server and IIS7.5 [Answered]RSS

8 replies

Last post Jul 21, 2010 01:30 AM by spivey

  • Sending e-mail with classic ASP, SMTP server and IIS7.5

    Jan 22, 2010 03:17 AM|martijnvm|LINK

    Hello all,

    I've installed the SMTP server on my Windows Server 2008 machine. I've added some legacy classic asp websites to the webserver. All these websites are not able to send e-mail with the installed SMTP server. I'm able to send an e-mail with telnet. When I try the following code an error occurs:

    <%
    Set cdoMessage = CreateObject("CDO.Message")
    With cdoMessage
    .From =
    info@domain1.nl
    .To =
    user@domain2.nl
    .Subject =
    "Sample CDO Message"
    .TextBody =
    "This is a test for CDO.message"
    .Send
    End With

    Set cdoMessage = Nothing
    %>

    The displayed error is:
    CDO.Message.1 error '80040220'
    The "SendUsing" configuration value is invalid.
    /testmail.asp
    , line 8

    The same code works without problems on my old Windows Server 2003 machine with IIS6. Does anyone have an idea what's wrong here?

    Thanks in advance.

    Martijn van Mechelen

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Jan 22, 2010 03:48 AM|martijnvm|LINK

    It seems that it's got something to do with the account of the Application Pool.

    With the ApplicationPoolIdentity account (the default) I get the following message:
    CDO.Message.1 error '80040220'
    The "SendUsing" configuration value is invalid.
    /testmail.asp, line 8

    With the NetworkService account I get the message:
    CDO.Message.1 error '80070005'
    Access is denied.
    /testmail.asp, line 8

    When i set the account to the Administrator account, the e-mail is sent!

    So the question is: which account and which configuration settings should I use for classic asp websites in IIS 7.5? The Administrator account doesn't seem an option.

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Jan 26, 2010 02:14 PM|jmfrank23|LINK

     Hello,

    We are experiencing this same problem. Our code is very similar to yours and works fine in Windows 2003 with IIS 6. It gives the same error in IIS 7 as you are experiencing. Did you ever figure out a fix for the problem?  

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Jan 27, 2010 03:05 AM|Leo Tang - MSFT|LINK

    Hi,

    Could you run Process Monitor on the server to capture the access denied activities?

    And below is a thread about using CDO.Message, hope helps
    hread: using CDO.Message
    http://forums.iis.net/t/1146380.aspx

    Please mark the replies as answers if they help or unmark if not.
    Feedback to us


  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Feb 03, 2010 09:12 AM|martijnvm|LINK

    Process monitor image

    The file D:\www\singersongwritermusic.nl\_pages\contact.asp tries to send the e-mail via classic asp.

    Which line should I look at and what exactly should I look for?

    Thanks for your help.

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Feb 03, 2010 10:43 AM|martijnvm|LINK

    The website now succesfully sends the mail while the website runs under the Network Service account. Therefore the code has to bee modified to:

    Set cdoConfig = CreateObject("CDO.Configuration") 
    With cdoConfig.Fields
            .Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
            .Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "localhost"
            .Update
    End With 
     
    Set cdoMessage = CreateObject("CDO.Message")  
        With cdoMessage 
            Set .Configuration = cdoConfig
            .From = "info@domain1.nl"
            .To = "user@domain2.nl"
            .Subject = "TEST MCW"
            .TextBody = "This is a test for CDO.message"
            .Send
        End With
    Set cdoMessage = Nothing

    I've no idea why this is necessary for the Network Service account, while this wasn't the case for Windows Server 2003.

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Apr 16, 2010 11:49 AM|JDL44000|LINK

    Alternatively, if you still wish to use the "default" sending model of using the local pickup directory, you can adjust permissions on the aforementioned pickup directory (generally inetpub/mailroot/pickup/) to the app pool identity (e.g, the local Network Service account was granted Modify rights).

    This seemed to do the trick for us...and did not require any additional coding changes.

     Jim

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    May 10, 2010 04:30 PM|jgovednik|LINK

    I just found an easy solution to this problem that does not involve using the NetworkService as the account to run the AppPool or changing your code that used to work on 2003.

    I have applied this solution to my 2008R2 using IIS7.5 (using IIS6Compatibility mode and the local SMTP server Feature installed and all ASP AppPools running in 32bit mode); I have not tested this outside of that environment, so your mileage may vary.

    let me preface by saying, this issue didnt happen when the AppPool was running as NetworkService, only when using ApplicationPoolIdentity. The reason for this is explained below.


    The initial error being seen was a 500 when trying to send email. There was no further debugging information being displayed in the browser, even when using detailed, non-friendly errors on the server.

    Investigation showed that, the error was showing up in the EventLog as:

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Active Server Pages" />
        <EventID Qualifiers="49152">5</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2010-05-10T17:11:54.000000000Z" />
        <EventRecordID>7224</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SERVERNAME</Computer>
        <Security />
      </System>
      <EventData>
        <Data>File /email.asp  Unexpected error. A trappable error (E06D7363) occurred in an external object. The script cannot continue running.</Data>
      </EventData>
    </Event>

     

    FREB reports, when enabled and allowed to grow past 5mb, showed that the ASP page was returning the 500 Error on the ObjEmail.Send() function:

    625. ? ASP_SCRIPT_TRACE_COM_CALL_START FilePath="D:\WWWROOT\EMAIL.ASP", LineNumber="864", CurrentStatement="emailResult = objEmail.Send()", SizeOfStatement="29"
    626. r ASP_LOG_ERROR Error LineNumber="", ErrorCode="ASP 0115", Description="Unexpected error"

     

    Detailed debugging of the application showed that CDO was throwing the "CDO_E_INVALID_SEND_OPTION (0x80040220)" error when trying to send email as ApplicationPoolIdentity.

     

     

    In 2008/IIS7+ the ApplicationPoolIdentity accounts are hidden accounts that have dynamically assigned SID's (created and assigned when the ApplicationPool is started). But the accounts live as (hidden) users under the IIS_IUSRS group on the local machine (this makes giving them permissions to the AppPools pretty easy, since you can use the normal GUI interface for perms or use scripts while specifying the local user group).

    To fix the issue with ASP sites running under IIS7.5 not being able to send email:

    1. Give Read/Write permissions for the IIS_IUSRS group to the Mailroot folder (permissions will inherit down to Pickup/etc folders).
    2. Now use a Metabase Permissions modifier (Metabase Explorer works, so does METAACL.VBS from 2003), Open LM\SMTPSVC and SMTPSVC\1 and add IIS_IUSRS with read permissions to those branches of the metabase.

      cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC %computername%\IIS_IUSRS R
      cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC/1 %computername%\IIS_IUSRS R

    Those permissions will allow any of the ApplicationPoolIdentity users to create and send email using the local SMTP service.
    This can be tested with SMTP service on the local machine stopped, which will force the .EML files to show up in the mailroot\pickup folder.

    The reason sending email works for NetworkService and LocalService and not the ApplicationPoolIdentity is that the Metabase, by default, has read permissions for SYSTEM and NetworkService. This is an yet another example of why running AppPools as ApplicationPoolIdentity provides more security than running as NetworkService: the applications must be given explicit privileges to any registry entry, folder hierarchy, file, etc that it must read or write. 

     

    MetaACL.vbs can be downloaded directly from Microsoft here (my tests show it works fine on 2008R2): http://support.microsoft.com/kb/267904/

     

    Hope this helps all the other people who found this thread.

    IIS 7 SMTP e-mail network service Application Pool Identity

  • Re: Sending e-mail with classic ASP, SMTP server and IIS7.5

    Jul 21, 2010 01:30 AM|spivey|LINK

    Excellent.  Thanks for the pointers.  I had to use BUILTIN\IIS_IUSRS to get it to work.

    cscript metaacl.vbs IIS://LOCALHOST/SMTPSVC BUILTIN\IIS_IUSRS R

    Also had to reboot rather than just restarting IIS and SMTP.