Windows Azure Application launch failed with an error "This access control list is not in canonical form and therefore cannot be modified"

Environment: Visual Studio 2010 Professional SP1 & Windows Azure SDK 1.5

 

While working on an issue, I found an interesting issue with a new hello worlds ASP.NET based web role. When launching this application with or without debugger, the exception was generated as below:

 

 System.ServiceModel.FaultException`1 was unhandled
 Message=This access control list is not in canonical form and therefore cannot be modified.
 Source=mscorlib
 Action=https://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher/fault
 StackTrace:
 Server stack trace:
 at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
 at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
 at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
 at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
 Exception rethrown at [0]:
 at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
 at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
 at IConfigurator.Deploy(String roleId, WebAppModel webAppModelPath, String roleRootDirectory, String sitesDestinationRootDirectory, String diagnosticsRootDirectory, String roleGuid, Dictionary`2 globalEnvironment)
 at Microsoft.WindowsAzure.Hosts.WaIISHost.Program.Main(String[] args)
 
 InnerException:
 

 

At this point when exception occurred, if you open IIS Management application (Inetmgr.exe) you will see the site is actually running and it also has binding set to IP address similar to 127.255.0.0:82 and if you browse this URL, it does show your ASP.NET web application. So the problem is mainly related with the interaction between compute emulator and IIS components. After digging a few more minutes, I was not able to find the actual root cause however found a workaround.

 

Here is what I tried which did not work:

  • Reinstalling Windows Azure SDK 1.5
  • Disabling and then enabling IIS from Program and Features, did not help

 

What worked:

- When I run the web role to legacy mode (HWC) by commenting whole sites section in CSDEF the exception disappeared.

<Added on 10/20/2011> Solution:

After more investigation it was clear that this issue is caused by a registry key permission issue. To fix this particular issue try:

  1. open regedit
  2. right-click on HKLM\Software\Microsoft\Windows Azure, and choosing Re-Order

Unfortunately, if HWC is not your option then the faster method is to get a new OS and tools to get you going.