Worker process serving the application pool is no longer trusted by WAS Rule

  • ID:  Microsoft.Windows.InternetInformationServices.2008.Worker.process.serving.the.application.pool.is.no.longer.trusted.by.WAS
  • Description:   
  • Target:  IIS 7 Application Pool
  • Enabled:  On Essential Monitoring

Overridable Parameters

Parameter Name Default Value Description Override
Priority 1  
Severity 1  

Run As Profiles

Name
Default

Rule Knowledgebase

Summary

Web sites and Web applications depend on the availability of Internet Information Services (IIS) application pools. IIS application pools in turn depend on the Windows Process Activation Service (WAS). If WAS is not running or errors occur during the startup or shutdown of an application pool, Web sites and Web applications may not be available.

Causes
This rule does not contain any causes.
Resolutions

Check an untrusted worker process

A worker process has sent some data to the Windows Process Activation Service (WAS) that was not expected. User code may be trying to engage in malicious activity in the worker process and may have taken over the communication pipe. For example, user code may be sending a second process ID to WAS for the worker process, or be sending performance counter numbers that are not in the right form. This could be an attempt to create a buffer overrun in WAS.

To resolve this issue, examine the worker process to see whether it contains suspect user code. Check the loaded modules. If ISAPI or third-party modules are running, contact the vendor of the modules for more information.

External References
This rule does not contain any external references.

See Also for Windows Internet Information Services Management Pack


Downloads for Windows Internet Information Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED