ID: Q163351
The information in this article applies to:
While attempting to debug an ISAPI extension, you may receive the following error message:
HTTP/1.0 500 Server Error ( A required privilege is not held by the
client. )
If you are running any CGI applications while running IIS interactively,
you will need to grant the following right to the logged on use in addition
to the above:
- Replace a process level token.
This error occurs if the user context in which Internet Information Server (IIS) is running does not have the following privileges:
- Act as a part of the operating system
- Generate security audits
Normally Internet Information Server (IIS) runs as a service and has system
permissions. Often when debugging ISAPI DLLs under IIS, users run IIS
interactively, in the context of the logged on user.
If the logged on user does not have the above privileges on the local Windows NT Server or Workstation, IIS starts, but any attempts to access a page on the server results in the above error on the browser.
Perform the following steps on the IIS server to correct the problem. It is necessary to have administrative privileges on the IIS machine to perform these steps:
1. From the Administrative Tools group, run User Manager or User Manager
for domains. If you are not using User Manager for Domains, skip to
step 5.
2. From the User menu, choose Select Domain.
3. If the IIS server is a domain controller, select the domain in which it
resides.
4. If the IIS server is a "stand alone" server or a workstation, enter the
server name in the following form in the Domain text box and click OK:
\\machinename
5. From the Policies menu, choose User Rights.
6. Check the box labeled "Show Advanced User Rights."
7. In the drop-down list labeled "Right:," select "Act as a part of the
operating system."
8. Choose the Add button.
9. In the Add User and Groups dialog box, ensure that the box labeled "Show
names from:" displays the correct domain or machine name for the account
to be added.
10. Click the Show Users button.
11. In the Names list, select the user account to be added.
12. Click the Add button. The user name now is listed in the Add Names
box.
13. Click OK.
14. Repeat steps 7 through 13 and add the user to the "Generate security
audit" right.
15. Log off and log on to the system. The above changes do not take effect
until a log on occurs.
If the IIS machine is a "stand-alone" server or a workstation that is also
a member of a domain, steps 3 through 5 are required.
This behavior is by design.
For additional information and detailed steps on how to debug an ISAPI DLL, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q152054
TITLE : "Tips for Debugging ISAPI DLLs"
Developer Studio version 4.1 and up, Technical Note 63
Additional query words:
Keywords : iisapi
Version : 1.0 2.0 3.0
Platform : NT WINDOWS
Last Reviewed: May 21, 1997