Caspol set, but no longer allowing assembly downloads

[zenenigma]

Background:

My group has developed a web app and it's been in production for months. One part of the application requires a .net assembly download (.DLL) to the client machine. We have a stand-alone program that allows the user to set the site they would like to allow full trust to.

All that works fine. For once, the issue is not with the clients, it's with me (and my workstation).

Late last week I installed .NET 2.0 SDK so that I could try some new options for our installations (like giving fulltrust to our strong name instead of using "site"). Well none of the strong name caspol entries I tried seemed to work, so I gave it up, removed the Strong Name entries from caspol, and re-added our local dev server name as the site to give full trust to (as I've done hundreds of times).

FYI, the command our standalone uses:

"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -machine -addgroup 1 -site Awesome FullTrust -name Awesome"

Where "Awesome" would be the name of our server.


Later that day I attempt to get some screenshots from our app and I get the all too familiar "Object doesn't support this property or method". Odd, so I go through my normal checklist that I go through with clients:

1) Check caspol -lg to confirm info is correct. Machine level, server name, full trust. Set correctly.

2) Can other users access and download the component - yes, all the other developers can access it just fine.

3) I'm not using Vista or IE 7/8 (I'm XP and IE6), but I add our server to the trusted sites, just to eliminate that possibility.

4) Check the workstation event logs - nothing related there.

5) Check the C:\Windows\Assembly\Download\ folder. Previous downloads are there for our various servers. I use gacutil to clear it and try to access our app again - nothing is being downloaded.

6) Check for Fusion Bind errors in IE History - the last fusion bind error was 2 weeks ago when I was testing.

7) Check IE Security settings - signed .NET assemblies are allowed. Reset "Trusted Sites" zone to "Low" and tried again, no luck.

8) Using caspol I reset all levels to the default settings and add our server again. I also try adding full trust to different zones and to all code. no luck.


So I figure the SDK install must have hosed something up. I:

Uninstall the SDK and try again. No luck

Uninstall .NET Framework 3.5, 3.0, and 2.0 (so 1.1 was all that is left). Reinstall Framework 2.0, set the caspol, and try again. No luck

Do some google searches, uninstall Framework 2.0, use a .NET 2.0 cleanup tool from microsoft, re-install Framework 2.0, set the caspol, and try again. No luck.

Backup the "Config" folder (within Windows\Microsoft.NET\Framework\v2.0.50727\) and replace it with a backup I did early last week. No luck.

-------------------

I'm at a loss. I troubleshoot clients every day who are usually just not following the directions to set security. This is not something I've seen before.

Unless I can get an answer here, my next steps are either to:

Uninstall all framework (including 1.0 and 1.1) and start fresh, but I need to research any issues that might come up with going that far back.

or

Restore my entire laptop from the backup (which I'm hoping was prior to this becoming an issue) and hope that resolves the issue.

Any help would be greatly appreciated. It's a bit awkward being the guy people come to for troubleshooting these issues and I can't even get my own workstation to work correctly.

-ZE

 

[zenenigma]

A week with no replies - that doesn't seem promising.

I've tried (or going to try) a few more things:

1) Using the "Repair" feature of the .NET 2.0 Framework entry (in Add/Remove programs). It repairs and then disappears. I check the install log - no errors, seemed to repair fine. Still no luck with access though.

2) Next step is to attempt to add my local PC to caspol and see if I can run the project locally (I'll add the PC name and "localhost" just in case).

3) Barring any suggestions or luck with google/forum searches my next step is to go to the backup from 3 weeks ago. And pray that resolves the issue and I don't have to reformat.

Any help would still be greatly appreciated,

ZE

 

[zenenigma]

Well it's been months and the backup I had is no longer available.

Last week I uninstalled all versions of framework (highest to lowest). And then used the tool from microsoft to clean up all the framework leftovers after an uninstall.

Then I installed Framework 1.1 and 2.0 (and let the updates run).

Now I get even more errors in my fusion bind log, and not just when I attempt to access the assembly through the web app. Now it's throwing errors even when I run a "caspol -lg" to check the code groups:

---------
*** Assembly Binder Log Entry (11/30/2009 @ 10:41:49 AM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Running under executable C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
--- A detailed error log follows.

LOG: Start binding of native image caspol, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
LOG: IL assembly loaded from C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe.
WRN: No matching native image found.
LOG: Bind to native image assembly did not succeed. Use IL image.

-------------


Two similar fail message also occur when I attempt to access the assembly from the web app:

-------------

1 (IEHOST)

*** Assembly Binder Log Entry (11/30/2009 @ 10:40:33 AM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Running under executable C:\Program Files\Internet Explorer\iexplore.exe
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = USI-DOMAIN\Houck
LOG: DisplayName = IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = file:///C:/Program Files/Internet Explorer/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = iexplore.exe
Calling assembly : (Unknown).
===
LOG: Start binding of native image IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.

-------------

2 (IIEHOST)

*** Assembly Binder Log Entry (11/30/2009 @ 10:40:33 AM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Running under executable C:\Program Files\Internet Explorer\iexplore.exe
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = USI-DOMAIN\Houck
LOG: DisplayName = IIEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = file:///C:/Program Files/Internet Explorer/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = iexplore.exe
Calling assembly : IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
===
LOG: Start binding of native image IIEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.

-----------

And I've been told that the lease on this laptop isn't up for a while, so I may be stuck with this.

The following are confirmed:

* Machine Level Access to the server is set through Caspol (Exclusive LevelFinal)
* There is only one code policy entry for the server
* There is no enterprise level code policy that would overwrite the machine level
* The site is in the Internet Explorer "Trusted Sites" zone.


Any help would be greatly appreciated. I'm having to remote connect into other PC's to do testing.

-ZE