I have the same problem here. Has anything happens in the last three years on that feature request? The solution seems to be easy, or not?

please please please fix/add this.

it is killing me with 5.2.6 / win2008.

I've added a new function to my now inappropriately named 'PHP_Filetimes' http://www.steelbytes.com/?mid=46 (use the *beta* download)

The new function is a simple wrapper for CreateProcessAsUser that deals with this problem.

come on PHP/Zend pull ya socks up, I shouldn't have to write my own extensions to work around such 'bugs'/limitations :-)

When will this bug be fixed?

I compiled PHP myself an added the fix that ghoffer submitted. The fix works, so would you please add these few lines into PHP?

It's a big problem on our servers that impersonation does not work correctly.

Please note this is still occurring in PHP 5.2 branch.

Assigned to me so it will stay in my radar. I can see the src of the bug.

Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

I updated to php-5.3-nts-win32-VC9-x86-latest.zip yesterday night. The impersonation problem with iis6 and fastcgi was fixed, but when starting a php-script from the command line/dosbox, I get:

Warning: exec(): Unable to fork [imconvert.exe ...] in scriptname.php on line X

Using exec() works fine when the scripts are called from IIS, though. The failing scripts have worked fine before updating php.

I traced the execution using sysinternals process monitor, and

Process Create
C:\WINDOWS\system32\cmd.exe
cmd.exe /c "imconvert "tif:D:/data/foo.tif[0]" "D:/data/bar.jpg""

shows SUCCESS, but it seems imconvert.exe is never started, as it doesn't show up in the trace. Process Monitor shows that the php script is running as the user who's currently logged in, but I cannot see which user is trying to start convert.exe

Can I help with more info?

ben.

Please (all :) try a snapshot, php 5.3 or 6 (5.3 recommended anyway :).

I tried the newest snapshot and it seems to work - thank you!

But, could it be that the environment is not set up correctly?
Suddenly I start getting all those imagemagick-temp files in the
script's directory. I imagine the reason may be that the %TEMP% or
%TMP% system/user variables are not set correctly.

Ok, it works on the commandline but not using IIS6 and fastcgi with fastcgi.impersonate = 1;.

This is test.php:

<?php
$out = array();
echo exec("echo %USERNAME%", $out);
print_r($out);

$out = array();
echo exec("echo %USERPROFILE%", $out);
print_r($out);
?>

and this results in:

%USERNAME%Array
(
    [0] => %USERNAME%
)
C:\Documents and Settings\Default UserArray
(
    [0] => C:\Documents and Settings\Default User
)

So it seems the user's profile/environment is not correctly set up.

I think username should be either domain\deabjs1 or just deabjs1, because this is what I use to log on to IIS using NTLM. I'm still using the same snapshot I was using at [6 Sep 6:13pm UTC].

Thanks for your help!
ben

Hope I'm not too verbose. Maybe it helps to see that calling this

exec("d:/programme/imagemagick/convert.exe -density $density $baseDirectory/$bookId/document.pdf -quality 95 $baseDirectory/$bookId/$version/page_%04d.jpg", $output);
print_r($output);

in a script run by the webserver (as above) causes this:

Array
(
    [0] => Error: /invalidfileaccess in --showpage--
    [1] => Operand stack:
    [2] =>    --nostringval--   1   true
    [3] => Execution stack:
    [4] =>    %interp_exit   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --nostringval--   --nostringval--   false   1   %stopped_push   1905   1   3   %oparray_pop   1904   1   3   %oparray_pop   1888   1   3   %oparray_pop   --nostringval--   --nostringval--   2   1   4   --nostringval--   %for_pos_int_continue   --nostringval--   --nostringval--   1777   1   9   %oparray_pop   --nostringval--   --nostringval--
    [5] => Dictionary stack:
    [6] =>    --dict:1155/1684(ro)(G)--   --dict:1/20(G)--   --dict:75/200(L)--   --dict:75/200(L)--   --dict:106/127(ro)(G)--   --dict:275/300(ro)(G)--   --dict:22/25(L)--   --dict:4/6(L)--   --dict:22/40(L)--
    [7] => Current allocation mode is local
    [8] => Last OS error: Bad file descriptor
)

I'm not sure the users environment is set, that's a different thing.

But is it the correct user?

I checked using Process Monitor - convert.exe is NOT started by the correct user:

User: NT AUTHORITY\NETWORK SERVICE
Auth ID: 00000000:000003e4

Just a quick note about the user profile, it is not set (by design) so I won't try to access the profile data.

More on the impersonated problem later.

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

Stupid auto no feedback.

Please tell me how you setup FCGI, I did test it under FCGI with impersonate set and the cmd are actually called using the impersonated user.

Can you try again using a recent snapshot to be sure that we use the same bins?

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

appears to be still broken in 5.3.1

This bug seems to be still there, no update for a while.  From my Process Monitor logs, there is no apparent permission errors. It looks like cmd.exe is not event launched.

PHP 5.3.1
MSVC9
FastCGI
Microsoft-IIS/7.0


PHP Warning:  exec() [<a href='function.exec'>function.exec</a>]: Unable to fork ['cmd /c echo Hello World!] in D:\Inetpub\wwwroot\www.example.com\test.php on line 3


"Sequence","Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"n/a","12:04:43.1093656 PM","w3wp.exe","4064","CreateFile","D:\Inetpub\wwwroot\www.example.com\test.php\web.config","PATH NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com"
"n/a","12:04:43.1095972 PM","w3wp.exe","4064","CreateFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, No Buffering, Attributes: RE, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1097796 PM","w3wp.exe","4064","QueryAllInformationFile","D:\Inetpub\wwwroot\www.example.com\test.php","BUFFER OVERFLOW","CreationTime: 7/10/2009 11:29:33 AM, LastAccessTime: 7/10/2009 11:29:33 AM, LastWriteTime: 2/2/2010 12:04:35 PM, ChangeTime: 2/2/2010 12:04:35 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 43, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x100000000416b, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, No Buffering, AlignmentRequirement: Word"
"n/a","12:04:43.1102377 PM","php-cgi.exe","2760","CreateFile","D:\Inetpub\wwwroot\www.example.com","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1102797 PM","php-cgi.exe","2760","QueryDirectory","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","Filter: test.php, 1: test.php"
"n/a","12:04:43.1103154 PM","php-cgi.exe","2760","CloseFile","D:\Inetpub\wwwroot\www.example.com","SUCCESS",""
"n/a","12:04:43.1104406 PM","php-cgi.exe","2760","CreateFile","D:\Inetpub\wwwroot","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1104738 PM","php-cgi.exe","2760","QueryDirectory","D:\Inetpub\wwwroot\www.example.com","SUCCESS","Filter: www.example.com, 1: www.example.com"
"n/a","12:04:43.1105034 PM","php-cgi.exe","2760","CloseFile","D:\Inetpub\wwwroot","SUCCESS",""
"n/a","12:04:43.1106205 PM","php-cgi.exe","2760","CreateFile","D:\Inetpub","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1106537 PM","php-cgi.exe","2760","QueryDirectory","D:\Inetpub\wwwroot","SUCCESS","Filter: wwwroot, 1: wwwroot"
"n/a","12:04:43.1106805 PM","php-cgi.exe","2760","CloseFile","D:\Inetpub","SUCCESS",""
"n/a","12:04:43.1107412 PM","php-cgi.exe","2760","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1107733 PM","php-cgi.exe","2760","QueryDirectory","D:\Inetpub","SUCCESS","Filter: Inetpub, 1: Inetpub"
"n/a","12:04:43.1108023 PM","php-cgi.exe","2760","CloseFile","D:\","SUCCESS",""
"n/a","12:04:43.1111529 PM","php-cgi.exe","2760","CreateFile","D:\Inetpub\wwwroot\www.example.com","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1112066 PM","php-cgi.exe","2760","QueryDirectory","D:\Inetpub\wwwroot\www.example.com\.user.ini","NO SUCH FILE","Filter: .user.ini"
"n/a","12:04:43.1112443 PM","php-cgi.exe","2760","CloseFile","D:\Inetpub\wwwroot\www.example.com","SUCCESS",""
"n/a","12:04:43.1117452 PM","php-cgi.exe","2760","CreateFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1118254 PM","php-cgi.exe","2760","ReadFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","Offset: 0, Length: 43, Priority: Normal"
"n/a","12:04:43.1118720 PM","php-cgi.exe","2760","ReadFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","Offset: 0, Length: 43, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"n/a","12:04:43.1122877 PM","php-cgi.exe","2760","QueryOpen","D:\Inetpub\wwwroot\www.example.com","SUCCESS","CreationTime: 7/10/2009 11:29:33 AM, LastAccessTime: 2/2/2010 9:52:00 AM, LastWriteTime: 2/2/2010 9:52:00 AM, ChangeTime: 2/2/2010 9:52:00 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: D"
"n/a","12:04:43.1123637 PM","php-cgi.exe","2760","QueryInformationVolume","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","VolumeCreationTime: 7/10/2009 12:05:39 PM, VolumeSerialNumber: 24A7-59D9, SupportsObjects: True, VolumeLabel: "
"n/a","12:04:43.1123930 PM","php-cgi.exe","2760","QueryAllInformationFile","D:\Inetpub\wwwroot\www.example.com\test.php","BUFFER OVERFLOW","CreationTime: 7/10/2009 11:29:33 AM, LastAccessTime: 7/10/2009 11:29:33 AM, LastWriteTime: 2/2/2010 12:04:35 PM, ChangeTime: 2/2/2010 12:04:35 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 43, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x100000000416b, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word"
"n/a","12:04:43.1124319 PM","php-cgi.exe","2760","ReadFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS","Offset: 0, Length: 43"
"n/a","12:04:43.1125218 PM","php-cgi.exe","2760","CloseFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS",""
"n/a","12:04:43.1128956 PM","php-cgi.exe","2760","QueryOpen","D:\Inetpub\wwwroot\www.example.com","SUCCESS","CreationTime: 7/10/2009 11:29:33 AM, LastAccessTime: 2/2/2010 9:52:00 AM, LastWriteTime: 2/2/2010 9:52:00 AM, ChangeTime: 2/2/2010 9:52:00 AM, AllocationSize: 4,096, EndOfFile: 4,096, FileAttributes: D"
"n/a","12:04:43.1131742 PM","php-cgi.exe","2760","QueryOpen","D:\PHP5\cmd.exe","NAME NOT FOUND",""
"n/a","12:04:43.1134247 PM","php-cgi.exe","2760","QueryOpen","D:\PHP5\cmd.exe","NAME NOT FOUND",""
"n/a","12:04:43.1137195 PM","php-cgi.exe","2760","QueryOpen","C:\Windows\System32\cmd.exe","FAST IO DISALLOWED",""
"n/a","12:04:43.1139779 PM","php-cgi.exe","2760","CreateFile","C:\Windows\System32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1140326 PM","php-cgi.exe","2760","QueryBasicInformationFile","C:\Windows\System32\cmd.exe","SUCCESS","CreationTime: 1/19/2008 12:34:23 AM, LastAccessTime: 1/19/2008 12:34:23 AM, LastWriteTime: 1/19/2008 2:33:04 AM, ChangeTime: 2/2/2010 11:43:33 AM, FileAttributes: A"
"n/a","12:04:43.1140530 PM","php-cgi.exe","2760","CloseFile","C:\Windows\System32\cmd.exe","SUCCESS",""
"n/a","12:04:43.1143525 PM","php-cgi.exe","2760","QueryOpen","C:\Windows\System32\cmd.exe","FAST IO DISALLOWED",""
"n/a","12:04:43.1146062 PM","php-cgi.exe","2760","CreateFile","C:\Windows\System32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1146850 PM","php-cgi.exe","2760","QueryBasicInformationFile","C:\Windows\System32\cmd.exe","SUCCESS","CreationTime: 1/19/2008 12:34:23 AM, LastAccessTime: 1/19/2008 12:34:23 AM, LastWriteTime: 1/19/2008 2:33:04 AM, ChangeTime: 2/2/2010 11:43:33 AM, FileAttributes: A"
"n/a","12:04:43.1147056 PM","php-cgi.exe","2760","CloseFile","C:\Windows\System32\cmd.exe","SUCCESS",""
"n/a","12:04:43.1150613 PM","php-cgi.exe","2760","CreateFile","C:\Windows\System32\cmd.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1151266 PM","php-cgi.exe","2760","CreateFileMapping","C:\Windows\System32\cmd.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE"
"n/a","12:04:43.1151895 PM","php-cgi.exe","2760","CreateFileMapping","C:\Windows\System32\cmd.exe","SUCCESS","SyncType: SyncTypeOther"
"n/a","12:04:43.1152680 PM","php-cgi.exe","2760","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys"
"n/a","12:04:43.1153714 PM","php-cgi.exe","2760","CloseFile","C:\Windows\System32\cmd.exe","SUCCESS",""
"n/a","12:04:43.1155641 PM","php-cgi.exe","2760","CreateFile","D:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: DOMAIN\www.example.com, OpenResult: Opened"
"n/a","12:04:43.1156289 PM","php-cgi.exe","2760","QueryDirectory","D:\PHP5","SUCCESS","Filter: PHP5, 1: PHP5"
"n/a","12:04:43.1157083 PM","php-cgi.exe","2760","CloseFile","D:\","SUCCESS",""
"n/a","12:04:43.1158982 PM","php-cgi.exe","2760","QueryOpen","D:\PHP5","SUCCESS","CreationTime: 1/4/2010 12:15:47 PM, LastAccessTime: 2/2/2010 11:42:26 AM, LastWriteTime: 2/2/2010 11:42:26 AM, ChangeTime: 2/2/2010 11:42:26 AM, AllocationSize: 12,288, EndOfFile: 12,288, FileAttributes: D"
"n/a","12:04:43.1163648 PM","w3wp.exe","4064","CloseFile","D:\Inetpub\wwwroot\www.example.com\test.php","SUCCESS",""

It works just fine here, 5.3.1 or later with II6/7. The initial 

It looks to a configuration problem to me. PLs double check it and come back if you still experience this problem.

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

PHP 5.3.2 (cgi-fcgi) (built: Mar  3 2010 20:47:00)
FastCGI DLL Version 7.5.7693.0
Microsoft Windows Server 2003R2
IIS6

Exact same problem - PHP Warning: exec(): Unable to fork 
Changed PHP back to:
  PHP 5.2.13 (cgi-fcgi) (built: Feb 24 2010 14:37:42)

No fork problem, so it is not a configuration problem.

It works just fine and you have the permission to the IIS user to execute the shell. See the other reports about that, I added the explanation and how to configure it correctly there.

you have >to give< the permission

Let me copy my note here as well:

Quick note here. It is necessary to give a given IUSR_* the permission
to use cmd.exe (%COMSPEC%). It is recommended not to do it as it may
introduce security issues, obviously. But if you really want to do it,
use:

cacls %COMSPEC% /E /G IUSR_xxxx:R

Thanks for your fast response.

I am running the website using an application pool and have configured a special user for that pool. I use the same user for anonymous access. So both the website as well as PHP use the same identity. This user has all the required rights. 

Just to test I have given this user rights to %COMSPEC% using cacls. Same error.
Gave IUSR_xxx rights, same error.
Gave IWAM_xxx rights, same error.

Please check what has changed between 5.2.13 and 5.3.2

Again, I did check in all possible configurations and it does work.

However please configure impersonation correctly for FastCGI (that's not the App pool settings).

See my comment and related link in #50542

FastCGI impersonation is configured correctly and ProcMon shows that cmd.exe is started with the correct user. The fork error however still shows.

I am now downloading the php-5.3.3-dev-nts-Win32-VC9-x86-dfsfix.zip file and will check if that solves the problem.

Then I need more details about your exact configuration (windows version, IIS version, fastcgi version, etc.)

5.3.3.dev did not solve the problem

Had most versions in my first post:
PHP 5.3.2 (cgi-fcgi) (built: Mar  3 2010 20:47:00)
FastCGI DLL Version 7.5.7693.0
Microsoft Windows Server 2003R2
IIS6 - dll's have version 6.0.3790.1830

Do you need anymore information?

Maybe superfluous, but the only change I make is in the fcgiext.ini

I change the ExePath from:
ExePath=D:\PHP\PHP_5_2_13\php-cgi.exe
No fork error

To
ExePath=D:\PHP\PHP_5_3_3_dev\php-cgi.exe
Fork error

Rights are assigned on D:\PHP and inherit down, so that can not be the problem. No other changes to my environment for the problem to appear.

Yes, which command do you call?

And how exactly did you configure FCGI (impersonation). As your configuration is exactly one of my tests configuration, and it works just fine.

I am using a simple test script to do the test:
<?php
echo exec('cmd /c echo Hello World!');
?> 

FastCGI impersonation:
In PHP.ini
fastcgi.impersonate = 1

IIS:
Anonymous Authentication = On 
User is same user as Application Pool user

User has been added to IIS_WPG

Can you try using: c:\Windows\System32\whoami please?

BTW if I run the same script on the webserver using fakeCGI and runas to run as the application pool user it works.

Fake FastCGI web server
FCGI_PARAMS sent
FCGI_STDIN sent
Launching receive loop
FCGI_STDOUT: X-Powered-By: PHP/5.3.2
Content-type: text/html; charset=utf-8

Hello World!"

FCGI_END_REQUEST received
killing app
FastCGI process exited with 0

So the problem is definitely in the combination IIS6 and PHP 5.3

Result:
PHP Warning: exec(): Unable to fork [c:\Windows\System32\whoami] in D:\Web\Public\Typo3\v4_2_6\fdha_hr\hr\forkTest.php on line 2

It is not the same context using runas or impersonate.

Did you use "c:\\....\\whoami" or "cmd /c..."?

btw, is it possible to access this box? I could try to debug what's wrong there as it works just fine with the same constellation here (same windows, IIS and fcgi versions).

This is what I ran:
<?php
echo exec('c:\Windows\System32\whoami');
?> 

ProcMon shows cmd.exe being started by php-cgi.exe
A thread is created running as the correct user.
Excecuted command is: cmd.exe /c "c:\Windows\System32\whoami"

I do notice that the process exits with Exit Status 5, which is normally access denied.

I have however already tried to give Everyone full access to the whole machine, i.e. all drives. Still the same error.

Box is behind a company firewall so you can unfortunately not access it.
This is an intranet site.

echo exec('c:\Windows\System32\whoami'); can't work.

echo exec('c:\\Windows\\System32\\whoami'); should work.

What I do not understand is that 5.2.13 works and 5.3.2 (or 5.3.3) does not work with the same configuration.

Changed to your suggestion with \\, same error.

Changed to 5.2.13 ran my version and your version both echo the correct username.

I don't know either and hard to say why it does not work for you but for us (same config).

I feel like you actually configure it wrong. impersonation in 5.2 was not fully working and was not doing the right thing (not only for exec&co).

I can't help further without more details about how you configure the impersonation or having a remote access to debug.

Thanks for your help. I think there are still more people with the same problem. I will try to find a solution and will post here if I find one.
For now I stick with 5.2.13

I am not convinced it is a config problem. Will dig into SVN and find what the difference is between the two versions.

I will repeat a last time :) It does work here using IIS6 and the exact same windows version of FastCGI. The other users with issues with that have solved the problem as well using latest 5.3 and the right configuration.

There are differences between 5.2 and 5.3, a lot. One of them is a working impersonation (which is not only about exec).

Located the problem and have been able to fix it.

I am using a special user for my Application Pool (say AppPoolUser), so PHP runs as this user. The new exec function uses CreateProcessAsUser() with impersonation. This means that the AppPoolUser must have the right to change the process level token.

You can assign this right to the user in the "Local Security Settings" -> User Rights Assignment.

I have granted my AppPoolUser the "Replace a process level token" setting -> fork error has gone.

Thought this might be useful information, so access is required to cmd.exe but in addition the "Replace a process level token" setting.

Ah nice, so another useful entry to add to the documentation, thanks for investigating it and report it back! :)

The PHP 5 documentation is being removed from http://PHP.net and will not be maintained by the PHP Documentation Group. You can find legacy documentation on https://php-legacy-docs.zend.com. If this issue is still impacting someone, please report it via the Report a Bug link on the appropriate page over there.