logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
ray22901031  
#1 Posted : Wednesday, March 1, 2023 1:11:47 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Should I be concerned about this?

This is the note that was added.

Quote:
James McFadden - Ship what you have and reduce the quantity on the order for PMLN7101 to 2. Thanks.



Event code: 3003
Event message: A validation error has occurred.
Event time: 3/1/2023 10:20:48 AM
Event time (UTC): 3/1/2023 3:20:48 PM
Event ID: f64230cfee364c4b994bf0d9c6aad0d7
Event sequence: 1197
Event occurrence: 1
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/2/ROOT-1-133221384229902797
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\myradiomall.com-9.0.7\
Machine name: WWS-DED40

Process information:
Process ID: 5212
Process name: w3wp.exe
Account name: IIS APPPOOL\www.myradiomall.com

Exception information:
Exception type: HttpRequestValidationException
Exception message: A potentially dangerous Request.Form value was detected from the client (Comment="... McFadden <james.mcfadden@wayn...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpValueCollection.EnsureKeyValidated(String key)
at System.Web.HttpValueCollection.GetValues(String name)
at System.Web.Mvc.NameValueCollectionValueProvider.ValueProviderResultPlaceholder.GetResultFromCollection(String key, NameValueCollection collection, CultureInfo culture)
at System.Web.Mvc.NameValueCollectionValueProvider.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.ValueProviderCollection.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder)
at System.Web.Mvc.DefaultModelBinder.BindProperty(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor)
at System.Web.Mvc.DefaultModelBinder.BindProperties(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.BindComplexElementalModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Object model)
at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__0(AsyncCallback asyncCallback, Object asyncState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state)
at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_0(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_0(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)



Request information:
Request URL: https://www.myradiomall.com:443/Admin/Orders/AddOrderNote
Request path: /Admin/Orders/AddOrderNote
User host address: 172.70.130.179
User: christian@arsradio.com
Is authenticated: True
Authentication Type: Forms
Thread account name: IIS APPPOOL\www.myradiomall.com

Thread information:
Thread ID: 61
Thread account name: IIS APPPOOL\www.myradiomall.com
Is impersonating: False
Stack trace: at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpValueCollection.EnsureKeyValidated(String key)
at System.Web.HttpValueCollection.GetValues(String name)
at System.Web.Mvc.NameValueCollectionValueProvider.ValueProviderResultPlaceholder.GetResultFromCollection(String key, NameValueCollection collection, CultureInfo culture)
at System.Web.Mvc.NameValueCollectionValueProvider.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.ValueProviderCollection.GetValue(String key, Boolean skipValidation)
at System.Web.Mvc.DefaultModelBinder.BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.GetPropertyValue(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor, IModelBinder propertyBinder)
at System.Web.Mvc.DefaultModelBinder.BindProperty(ControllerContext controllerContext, ModelBindingContext bindingContext, PropertyDescriptor propertyDescriptor)
at System.Web.Mvc.DefaultModelBinder.BindProperties(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.DefaultModelBinder.BindComplexElementalModel(ControllerContext controllerContext, ModelBindingContext bindingContext, Object model)
at System.Web.Mvc.DefaultModelBinder.BindComplexModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor)
at System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__0(AsyncCallback asyncCallback, Object asyncState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, String actionName, AsyncCallback callback, Object state)
at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_0(AsyncCallback asyncCallback, Object asyncState, ExecuteCoreState innerState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback, Object state)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext, AsyncCallback callback, Object state)
at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_0(AsyncCallback asyncCallback, Object asyncState, ProcessRequestState innerState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallBeginDelegate(AsyncCallback callback, Object callbackState)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.Begin(AsyncCallback callback, Object state, Int32 timeout)
at System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback callback, Object state)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


Custom event details:

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

nadeem  
#2 Posted : Thursday, March 2, 2023 8:49:23 AM(UTC)
nadeem

Rank: Advanced Member

Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin, System
Joined: 10/11/2018(UTC)
Posts: 110

Thanks: 19 times
Was thanked: 18 time(s) in 18 post(s)
Hi Ray,

This error will be registered in event log if you try to add HTML in the comments like this:

<p>James McFadden - Ship what you have and reduce the quantity on the order for PMLN7101 to 2. Thanks</p>

The message will not be posted if you insert the HTML in the note text area. So this isn't the valid scenario. You can add the HTML if this is an HTML editor.

Hope this helps!

Edited by user Thursday, March 2, 2023 8:51:12 AM(UTC)  | Reason: Not specified

ray22901031  
#3 Posted : Thursday, March 2, 2023 9:02:01 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Hello nadeem,

I believe you are missing the boat; no one entered any HTML information. A note was added by one of my sales associates using the admin area in orders.

Furthermore, please see the new error message below. This is a new server, so is there anything that could be off at the new server?

Thanks,
-Ray


Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 3/1/2023 6:42:13 PM
Event time (UTC): 3/1/2023 11:42:13 PM
Event ID: 904f5742744843ea9289b94dee9d8f6e
Event sequence: 4834
Event occurrence: 1
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/2/ROOT-1-133221384229902797
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\myradiomall.com-9.0.7\
Machine name: WWS-DED40

Process information:
Process ID: 5212
Process name: w3wp.exe
Account name: IIS APPPOOL\www.myradiomall.com

Exception information:
Exception type: HttpException
Exception message: Exception of type 'System.Web.HttpException' was thrown.
at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)



Request information:
Request URL: https://www1.myradiomall.com:443/Trace.axd
Request path: /Trace.axd
User host address: 167.172.96.177
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\www.myradiomall.com

Thread information:
Thread ID: 43
Thread account name: IIS APPPOOL\www.myradiomall.com
Is impersonating: False
Stack trace: at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)


Custom event details:
nadeem  
#4 Posted : Thursday, March 2, 2023 9:15:04 AM(UTC)
nadeem

Rank: Advanced Member

Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin, System
Joined: 10/11/2018(UTC)
Posts: 110

Thanks: 19 times
Was thanked: 18 time(s) in 18 post(s)
Quote:
believe you are missing the boat; no one entered any HTML information. A note was added by one of my sales associates using the admin area in orders.


I was able to reproduce the same warning in event logs (Windows logs -> Application) while putting the HTML in order note from merchant admin.

Quote:
Furthermore, please see the new error message below. This is a new server, so is there anything that could be off at the new server?


Ok, will check if I can find something based on the new error message.
ray22901031  
#5 Posted : Thursday, March 2, 2023 9:27:20 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Quote:
I was able to reproduce the same warning in event logs (Windows logs -> Application) while putting the HTML in order note from merchant admin.


Again, no one put any HTML code in the order notes area. My people have no idea what HTML is.

Thanks
nadeem  
#6 Posted : Thursday, March 2, 2023 9:48:24 AM(UTC)
nadeem

Rank: Advanced Member

Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin, System
Joined: 10/11/2018(UTC)
Posts: 110

Thanks: 19 times
Was thanked: 18 time(s) in 18 post(s)
Ok, this could be the IIS configuration issue then. I am sure you have the .Net framework 4.8 installed.
Do you have proper permissions set to the application pool? Also, make sure the application pool is using .Net 4.5 (Integrated). You can compare the IIS configurations with the old server to make sure nothing is missing. Also try removing Temporary ASP.NET files and restarting the application pool.

If nothing works, you can try adding the requestValidationMode="2.0" attribute inside <httpRuntime in the web.config e.g.

<httpRuntime targetFramework="4.8" maxRequestLength="20480" requestValidationMode="2.0" />

Edited by user Thursday, March 2, 2023 9:55:34 AM(UTC)  | Reason: Not specified

ray22901031  
#7 Posted : Thursday, March 2, 2023 10:00:15 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
I appreciate your interest in this matter.

Yes, obviously, the system is running framework 4.8.

The app pool is set to integrated, but does not list any other information. How can you tell if it's .Net 4.5 as specified in your message?

The old system was also set to integrated, but made no reference to 4.5.

Thanks
nadeem  
#8 Posted : Thursday, March 2, 2023 10:06:50 AM(UTC)
nadeem

Rank: Advanced Member

Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin, System
Joined: 10/11/2018(UTC)
Posts: 110

Thanks: 19 times
Was thanked: 18 time(s) in 18 post(s)
Quote:
The app pool is set to integrated, but does not list any other information. How can you tell if it's .Net 4.5 as specified in your message?


Click on Application Pools in IIS, on the right side pane you will see the details.
ray22901031  
#9 Posted : Thursday, March 2, 2023 10:10:02 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
There is no mention of 4.5, only 4.0 integrated.

This was the same in the old server, and this is the same in all my development servers.

Please point in your instructions where the 4.5 integrated App Pool is recommended or mandatory.

I have been running the system on 4.0 integrated for the last 1.5 years.

Thanks
nadeem  
#10 Posted : Friday, March 3, 2023 5:41:44 AM(UTC)
nadeem

Rank: Advanced Member

Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, Admin, System
Joined: 10/11/2018(UTC)
Posts: 110

Thanks: 19 times
Was thanked: 18 time(s) in 18 post(s)
Quote:
Please point in your instructions where the 4.5 integrated App Pool is recommended or mandatory.


The .NET 4.5,4.6,4.7,4.8 are actually the in-place replacements for .NET 4.0. That being said, these all are using same .NET CLR Version (v4.0). So if you have .NET 4.0 set to your App pool, then that should be correct and work as expected. By the way, you can enable .Net framework versions from IIS Manager. See screenshot attached from my PC (windows 10 turn windows features on/off).

trun-on-www-features.GIF (8kb) downloaded 0 time(s).
ray22901031  
#11 Posted : Friday, March 3, 2023 7:15:36 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
I figured as much after doing some research on the Microsoft website. The in-place replacements are built into Server 2019, so my settings are correct. Please tell me if you find any additional information on the problems I am describing. I appreciate your explanation.

Thanks,
-Ray
judy at Web2Market  
#12 Posted : Friday, March 3, 2023 8:20:02 AM(UTC)
judy at Web2Market

Rank: Advanced Member

Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 302

Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
Ray, are you sure your employee didn't copy the user name from somewhere there was an email address hidden, like a link or the from address in an email?
The error log is showing that someone did try to enter an email address.
McFadden <james.mcfadden@wayn
ray22901031  
#13 Posted : Friday, March 3, 2023 8:25:33 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
That is a good point and I will ask when I get to the office. But according to support it would not have been posted and it was. What is interesting about this, this error never showed up on the AbleCommerce error logs, only on the windows logs. Go figure.

As you know, we just moved from a 2016 server with problems to a brand new 2019, so I might be oversensitive looking at things.

Appreciate the feedback and we'll let you know.

Thanks,
-Ray
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.