SQL Server Reporting Services and the Validate Path Module

Saturday, October 9, 2004

FINAL UPDATE:

This problem is now addressed in the following knowledge base article:

You may receive error messages from Reporting Services after you install the ASP.NET ValidatePath Module.

--

If you’ve installed the Validate Path Module because of the vulnerability in ASP.NET on a machine with SQL Server Reporting Services, then you’ve got troubles. Here is the exception I'm seeing: 

Request for the permission of type System.Web.AspNetHostingPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.

I dumped the PublicKeyBlob of the new assembly with the Caspol.exe utility and granted the module Full Trust (as the other GAC'ed assemblies signed by Microsoft have been given). Place the following into both the rssrvpolicy.config and rsmgrpolicy.config files. I placed the entry just underneath the Microsoft_Strong_Name CodeGroup.

I hope this gets everyone up and running again. If I see any official configuration information from MS, I'll update this post to pass it along

UPDATE Oct 11: No official word yet. If you are getting the following exception after updating both policy files, than restart the web server (IISRESET from the command line will work). Thanks to Adam Creeger for the tip. 

Assembly microsoft.web.validatepathmodule.dll security 
permission grant set is incompatible between appdomains.
Comments
Adam Creeger Monday, October 11, 2004
Very helpful, thankyou!
<br>
<br>After I implemented this fix, I was getting a Configuration Exception:
<br>
<br>Assembly microsoft.web.validatepathmodule.dll security
<br>permission grant set is incompatible between appdomains
<br>
<br>I fixed this by simply doing an IISReset. If thats not possible/feasible, recycling the Application Pool should do the trick...
<br>
<br>Just thought I would spread the knowledge in case anyone else had the same problem...
<br>
<br>Cheers,
<br>
<br>Adam
Steve Muise Monday, October 11, 2004
Thanks, I was doing some consulting work on the MS campus, and this update was pushed without the Ops Mgr's knowledge - between Google and you I saved days worth of head pounding troubleshooting. It seems the MSI for this patch doesn't leave much of a footprint in the event log either.
<br>
<br>Thanks again
Aaron Tuesday, October 12, 2004
I tried your fix but now it errors out parsing machine.config, specifically the following line gives a permissions error.
<br>Line 198: &lt;add assembly=&quot;*&quot;/&gt;
<br>
<br>Back to the drawing board...
Velvet Saunders Tuesday, October 12, 2004
Thank you for the coded. It worked to solve the initial problem; however, I am now receiving the following error:
<br>
<br>The underlying connection was closed: Could not establish secure channel for SSL/TLS.
<br>
<br>Any suggestions on how to resolve this would be appreciated.
<br>
<br>Thanks again.
Jon Forst Tuesday, October 12, 2004
This is exactly was I was looking for. Worked perfect.
<br>Thanks!
nikhil Wednesday, October 27, 2004
The underlying connection was closed: Could not establish secure channel for SSL/TLS.
<br>
<br>I am getting the same error any solution
kornolio Wednesday, April 27, 2005
Wasim Kazi Tuesday, July 26, 2005
Is it possible for you to give the commands and a few steps on how to use the capsol? It will really help novices like me here.
scott Tuesday, July 26, 2005
Comments are now closed.
Follow Me On Twitter
RSS Subscribe
Contact
Search Archives
by K. Scott Allen
K.Scott Allen