WCF service running under custom identity resets connection for WSDL's XSD includes

Question

I have requirements to configure IIS 6 to host a WCF service targeting .NET Framework 4.0 using a custom identity for the worker process. The identity is a highly restricted domain account that is used to identify and manage the permissions for an entire ecosystem of services that interact in the same business process.

I have run aspnet_regiis.exe with the -ga flag to grant this identity permissions to the relevant ASP.NET locations on the server environment and add it to the IIS_WPG group. For the most part, things seem to work relatively well... except for the auto-generated WSDL specification's includes. Accessing the top-level WSDL spec works fine (i.e. path.to/MyService.svc?wsdl), but IIS 6 is resetting the connection before returning the response for the WSDL's includes (i.e. path.to/MyService.svc?xsd=xsd0, etc). This happens both when accessed via loopback on the server and through the public IP. It does not happen when reconfiguring the app pool to run under the default Network Service account.

I haven't found any documentation for this particular problem, but it's not the first time I've had difficulty with certain bits of the .NET Framework not quite working correctly when the IIS 6 worker process is running under a custom domain identity. I haven't configured any special privileges in the Local Security Policy for this account, other than the pre-configured permission for members of IIS_WPG to log on as a batch job. What might I be missing to get the worker functioning correctly?

EDIT:

The Event Viewer contains no errors and IIS logs show the server responding with 200 OK to the request, but the full status value is 200 0 64, indicating a Win32 status code of 64.

The dump I receive on that error from net helpmsg 64 is as follows:

The specified network name is no longer available.

Responses from various entities are below:

• Chrome: Error 101 (net::ERR_CONNECTION_RESET): The connection was reset
• Firefox: The connection to the server was reset while the page was loading
• Eclipse/Java: java.net.SocketException: Connection reset

EDIT:

Service logging (provided by BNL) produced the following exception dump:

System.InvalidOperationException: Unable to generate a temporary class (result=1). error CS2001: Source file 'C:\WINDOWS\TEMP\vxmgwmnl.0.cs' could not be found. error CS2008: No inputs specified.

at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence) at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, XmlSerializerCompilerParameters parameters, Assembly assembly, Hashtable assemblies) at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence) at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace) at System.Xml.Schema.XmlSchema.Write(XmlWriter writer, XmlNamespaceManager namespaceManager) at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.XmlSchemaMessage.OnWriteBodyContents(XmlDictionaryWriter writer) at System.ServiceModel.Channels.Message.OnWriteMessage(XmlDictionaryWriter writer) at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota) at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset) at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message) at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpRequestContext.OnReply(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.Reply(MessageRpc& rpc)

Answer 1

Using the guidelines on the Microsoft KB article Error message when ASP.NET 2.0 is configured to run with a user account: "Unable to generate a temporary class", I located the C:\Windows\Temp directory and inspected its folder properties by right-clicking and choosing Properties. I then navigated to the Security tab and clicked Advanced, then Add. I entered the name of the IIS_WPG group on the local computer and allowed it only the special permission List Folder / Read Data. This has now resolved the issue.