search cancel

Control Compliance Suite (CCS) returns unknown results for IIS checks.

book

Article ID: 163592

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

Control Compliance Suite (CCS) returns unknown evaluation results for IIS checks.

WindowsDC.log:

ErrorLog.cpp | 936 | DCModule.exe | 11284 | 9796 | Entering Function: IIS7WmiConnection::GetIIS7PropertyValueUsingWMISections()
ErrorLog.cpp | 936 | DCModule.exe | 11284 | 9796 | Entering Function: IIS7WmiConnection::GetPropertyValUsingWMISection()
IIS7WmiConnection.cpp | 652 | DCModule.exe | 11284 | 9796 | Entering IIS7WmiConnection::GetSection
IIS7WmiConnection.cpp | 687 | DCModule.exe | 11284 | 9796 | IIS7WmiConnection::GetSection- Failed to ExecMethod 'GetSection' with Error Code: 800700b7:
IIS7WmiConnection.cpp | 706 | DCModule.exe | 11284 | 9796 | IIS7WmiConnection::GetPropertyValUsingWMISection - Failed to Get Section 'DirectoryBrowseSection' with Error Code: 800700b7:
ErrorLog.cpp | 941 | DCModule.exe | 11284 | 9796 | Exiting Function: IIS7WmiConnection::GetPropertyValUsingWMISection()
ErrorLog.cpp | 941 | DCModule.exe | 11284 | 9796 | Exiting Function: IIS7WmiConnection::GetIIS7PropertyValueUsingWMISections()
ErrorLog.cpp | 936 | DCModule.exe | 11284 | 9796 | Entering ReadListProcessInterfaceImpl::AddExceptionFile()
ProcessInterface.cpp | 174 | DCModule.exe | 11284 | 9796 | ReadListProcessInterfaceImpl::AddExceptionFile() - 1 - <message level="2" target="{HOSTNAME.EN_US}"><desc><![CDATA[IIS returned an error while reading web configuration [Binding: Application.Path="/AppTwo",SiteName="Default Web Site", Class: DirectoryBrowseSection, Property: Enabled] - Cannot create a file when that file already exists. - ]]></desc><internalerror><![CDATA[0]]></internalerror></message>
ErrorLog.cpp | 941 | DCModule.exe | 11284 | 9796 | Exiting ReadListProcessInterfaceImpl::AddExceptionFile()
BVNTProcessQuery.cpp | 3598 | DCModule.exe | 11284 | 9796 | BVNTProcessQuery::AddErrorRecord{HOSTNAME.EN_US},0,IIS returned an error while reading web configuration [Binding: Application.Path="/AppTwo",SiteName="Default Web Site", Class: DirectoryBrowseSection, Property: Enabled] - Cannot create a file when that file already exists.,null,2)

Note: there could be more errors in the same log for different classes.

 

Environment

Control Compliance Suite (CCS) 11.x

IIS 7 and onwards including IIS 8.5.

Cause

Most likely cause here is that the IIS configuration is corrupt or in any other way broken and/or cannot be read by WMI queries.

 

Resolution

The same/similar query can be executed in power-shell. Open power-shell on the IIS system and run the following command:

 Get-CimInstance –Namespace root\WebAdministration -Class DirectoryBrowseSection

Here is the input/output of a working system:

If the IIS configuration is corrupt or in any other way broken or cannot be read by WMI queries than something like this will show.

Here are some other samples of the type of queries potentially ran by CCS:

Get-CimInstance –Namespace root\WebAdministration -Class DirectoryBrowseSection
Get-CimInstance –Namespace root\WebAdministration -Class AnonymousAuthenticationSection
Get-CimInstance –Namespace root\WebAdministration -Class SessionStateSection
Get-CimInstance –Namespace root\WebAdministration -Class CustomErrorsSection
Get-CimInstance –Namespace root\WebAdministration -Class CompilationSection
Get-CimInstance –Namespace root\WebAdministration -Class RequestFilteringSection

Here are some basic troubleshooting steps to find where it might be going wrong with the IIS configuration.

To conclude, if the powershell query also fails to return results then there is no defect or issue within CCS, it's the IIS configuration that is either corrupt and/or can't be read by WMI for whatever reason and is preventing CCS to determine the configuration and in turn causing an UNKNOWN. If you need help determining what is wrong with your IIS website/application configuration Symantec suggests you contact Microsoft technical support.

If the powershell query does report the expected results and CCS is not - please contact you local Symantec technical support representative and open a ticket referring to this article.

 

Attachments