cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
WAS service unable to start with the error 'the data is invalid'
By
ashfana
Published Jul 04 2021 10:20 PM 3,893 Views
ashfana
Microsoft
‎Jul 04 2021 10:20 PM

WAS service unable to start with the error 'the data is invalid'

‎Jul 04 2021 10:20 PM

We had an issue where WAS service was unable to start with  error data is invalid

 

ashfana_4-1625459443840.png

 

 

We checked the procmon and we could see that Service is trying to read the apphost.config file and nothing happens after that

 

 

4:45:05.6132558 PM  svchost.exe      31736  41848  QueryAttributeInformationVolume            C:\Windows\System32\inetsrv\config\applicationHost.config          SUCCESS            FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00600, MaximumComponentNameLength: 255, FileSystemName: NTFS     NT AUTHORITY\SYSTEM         0

4:45:05.6133179 PM  svchost.exe      31736  41848  QueryRemoteProtocolInformation            C:\Windows\System32\inetsrv\config\applicationHost.config          INVALID PARAMETER             NT AUTHORITY\SYSTEM  0

4:45:05.6133488 PM  svchost.exe      31736  41848  QuerySecurityFile            C:\Windows\System32\inetsrv\config\applicationHost.config          SUCCESS          Information: Attribute          NT AUTHORITY\SYSTEM         0

4:45:05.6135904 PM  svchost.exe      31736  41848  ReadFile            C:\Windows\System32\inetsrv\config\applicationHost.config          SUCCESS          Offset: 0, Length: 131,072, Priority: Normal       NT AUTHORITY\SYSTEM         0

4:45:05.6137492 PM  svchost.exe      31736  41848  ReadFile            C:\Windows\System32\inetsrv\config\applicationHost.config          SUCCESS          Offset: 131,072, Length: 95,532            NT AUTHORITY\SYSTEM         0

4:45:05.6140994 PM  svchost.exe      31736  41848  CloseFile            C:\Windows\System32\inetsrv\config\applicationHost.config          SUCCESS                      NT AUTHORITY\SYSTEM  0

 

We checked the apphost.config file and understood that we had a null parameter getting added which corrupts the apphost.config file… removing that lines resolved the issue .

 

ashfana_5-1625459477954.png

 

C:\WINDOWS\system32>net start WAS

The Windows Process Activation Service service is starting.

The Windows Process Activation Service service could not be started.

 A system error has occurred.

 System error 13 has occurred.

 The data is invalid.

 

Removing the last line “null” from the same apphost.config I was able to start the WAS service

 

C:\WINDOWS\system32>net start WAS

The Windows Process Activation Service service is starting.

The Windows Process Activation Service service was started successfully.

 

 

so someone/some process is corrupting the apphost by passing null parameter

 possible causes which I can think of:

  • if apphost is on shared config or network share there can be disk corruption leading to this kind of issue
  • i have also seen some scenarios like this when the disk gets corrupted, memory level corruptions etc can lead to config file corruption
  • some scanning software /AV scanning the config folder corrupts it

 

in order to find the actual case ,

  • we need procmon with filter set to apphost.config path to see who is touching those files
  • and file level auditing for config folder
  • ensure AV is not scanning IIS files/config files
Co-Authors
Version history
Last update:
‎Jul 04 2021 10:20 PM
Updated by: