ASP 500 Error and Error Code 0x800700aa when browsing a simple .asp page

I recently helped a customer with an issue where ASP pages would not execute and returned the following error page:

HTTP Error 500.0 - Internal Server Error

If you check the Detailed Error page you will see the following additional information (NOTE: Steps to enable and use Detailed Errors can be found HERE):

Detailed Error Information
Module IsapiModule
Notification ExecuteRequestHandler
Handler ASPClassic
Error Code 0x800700aa
Requested URL https://localhost:80/Test_site/Default.asp
Physical Path C:\inetpub\wwwroot\Test_site\Default.asp
Logon Method Anonymous
Logon User Anonymous

Creating a Test Page

First we will create a simple  ASP page to test with. This will eliminate the possibility that an application problem is causing the error. These steps assume that IIS is in the default configuration with  the Default Web Site and content in C:\inetpub\wwwroot.

A) Create a text file with the  following text and save this as  c:\inetpub\wwwroot\Test.ASP
    <%Response.Write(“Hello”)%>

B) If there is a Global.ASA file located in C:\inetpub\wwwroot  rename this  temporarily for testing (i.e. Global.asa.txt)

C) Test the page https://localhost/test.asp

If the error does not occur with the Test page then the resolution below will not apply.

Troubleshooting

To troubleshoot this we used Process Monitor to gather a log when attempting to execute an ASP page. When we got the error, we stopped the Process Monitor log then searched ( Edit > Find)  for  w3wp.exe. We right-clicked on this and selected “Include w3wp.exe” ,which filtered the log. So now we were filtered down to only items relating to IIS’s worker process.

The next step required a little knowledge of the internals of ASP to recognize something was odd about what was being called, but since we know the answer we can just jump to what we found. 

In the process of executing the page we found the following call to a McAfee component used for scanning VB Script code.

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND 

But in our customer’s case McAfee was not installed, which explains the PATH NOT FOUND error. However it then begged the question, why is access to a non-installed component being attempted?  The answer is in this Registry entry. The CLSID below would normally be pointing to VBScript.dll which is used to execute the ASP code.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
    (Default)    REG_SZ    C:\Program Files\McAfee\VirusScan\scriptsn.dll

McAfee adds this as part of there ScriptScan feature  to intercept the script calls before they are executed.

Resolution

As you may have already concluded this registry key was left behind from a previous McAffee installation and should have been removed.

A)  If McAfee is not installed on your system then you need to revert the registry setting to point back to Vbscript.dll.

Note: These steps 1-10 were required on Windows 7 to allow you to edit the registry. This may not be required on Windows 2003.

1. Open Registry Editor
2. Navigate to :   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}
3. Right Click and Select Permissions
4. Click Advanced
5. Click on the owner Tab
6. In the "Change owner to "  Administrators
7. Click Apply can click OK
8. The Select Administrators in the list of accounts under " Groups or User names"
9. Click the "FULL Control"
10. Click Apply and OK
11.   Create a text file with the following text and save it as VbScript.Reg. (NOTE: Information on how to modify the Registry with .REG files can be found here HERE)

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}]
@="VB Script Language"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}]
@=hex(0):
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}]
@=hex(0):
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32]
@="C:\\Windows\\system32\\vbscript.dll"
"ThreadingModel"="Both"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\OLEScript]
@=hex(0):
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\ProgID]
@="VBScript"

12. Double click the registry file vbscript.reg . The message should state that the keys were added to the registry.  

13. Now when you check  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}  the Inproc server should point to vbscript.dll

B) If MacAfee is installed on your system and in the Process Monitor Log you see “ACCESS DENIED” for this scriptsn.dll you can resolve the issue by giving the account that is failing read/execute permissions to scriptsn.dll. This will be the Process identity of the worker process (w3wp.exe). 

If you are not sure how to identify the identity, Dave's Blog has a good overview of this for all versions of IIS along with reference links.

If you need help disabling this feature in McAfee you can contact McAfee Support