We have seen that the Jakarta Redirect ISAPI filter can crash IIS 6.0 AppPools in the following senario. 1- Two AppPools are running under the identity of different accounts. (Non admin accounts.) 2- The first AppPool has started (someone hits the web app associated with it), if the second AppPool tries to start up, it will fail since the filter is currently controlled by the first AppPool account. Basically it comes down to an illegal memory reference being made to the ISAPI filter. Since the ISAPI filter works if the user is part of the admin group, we can suppose that there is a write permissions issue that is covered up by using elevated accounts. ChildEBP RetAddr Args to Child 0104bc94 7c83d281 0000046c 00000004 00000000 ntdll!RtlpWaitOnCriticalSection+0xdf 0104bcb4 6a6c400b 6a6e11ec 6a6bf741 01cc8310 ntdll!RtlEnterCriticalSection+0xa8 WARNING: Stack unwind information not available. Following frames may be wrong. 0104bcbc 6a6bf741 01cc8310 00000000 6a6e6168 isapi_redirect!TerminateFilter+0x810b 0104bcd0 6a6d2dbf 01cca890 01cc7f90 6a6e6168 isapi_redirect!TerminateFilter+0x3841 0104bcfc 6a6d30f6 01cc8310 00000001 01cc7f90 isapi_redirect!TerminateFilter+0x16ebf 0104bd2c 6a6d2a66 01cc7f90 01cc82f8 00000002 isapi_redirect!TerminateFilter+0x171f6 00000000 00000000 00000000 00000000 00000000 isapi_redirect!TerminateFilter+0x16b66
Moving to TC6 to increase visibility.
We are also seeing this issue when we use JK 1.2.28. It is reproducible using IIS 6 and IIS 7. Our web application lives under the "Default Web Site" in IIS, and has its own application pool. The redirector lives under the DefaultAppPool. If our web application sends a request to the redirector, the w3wp.exe process for the DefaultAppPool will frquently crash. I say "frequently" because sometimes it works without error. This is only an issue if the DefaultAppPool runs using the "Local Service" or "Network Service" identity. If we set the DefaultAppPool to run using the "Local System" identity, everything works as expected. Below are details of the crash: Function Arg1 Arg2 Arg3 ntdll!RtlpWaitOnCriticalSection+c5 00000000 00000000 4b66d376 ntdll!RtlEnterCriticalSection+152 6a6ee4e8 6a6b9ae6 00000000 isapi_redirect!TerminateFilter+c24b 00000000 00000000 76bbcc54 isapi_redirect+9ae6 01459180 4b66d376 00000000 isapi_redirect!TerminateFilter+21435 00000000 10000000 01b6dd18 isapi_redirect!HttpExtensionProc+29c 00000000 732448ee 73243b7a iisutil!STRU::STRU+c 73243b7a 0157e69c 7327a93f nativerd!CONFIG_ELEMENT::ReferenceConfigElement+f 000cf7f0 00000000 7327a970 nativerd!CONFIG_ELEMENT_LIST::GetMergedElement+483 73243e08 0157eaa8 00000000 0x0157e68c 00000000 00000000 00000000 NTDLL!RTLPWAITONCRITICALSECTION+C5In w3wp__PID__5276__Date__02_01_2010__Time_01_13_27PM__226__Second_Chance_Excep tion_C0000005.dmp the assembly instruction at ntdll!RtlpWaitOnCriticalSection+c5 in C:\Windows\System32\ntdll.dll from Microsoft Corporation has caused an access violation exception (0xC0000005) when trying to write to memory location 0x00000014 on thread 5
There have been quite a few changes since 1.2.28. I can't reproduce this with IIS7 and 1.2.42-dev built from trunk. If this is still an issue, please provide step-by-step instructions for creating this from a clean IIS7 install with the ISAPI redirector release.