merrifurlong
asked on
IIS 6.0 Remote Virtual Directory Browse Problem
IIS 6.0 Remote Directory Browse Problem
We migrated our web server from WinNT 4.0 to Windows Server 2003.
We have a virtual directory mapped to a remote computer, and enabled "directory browsing" so that the directory structure of 100, 000 drawing files can be navigated through a web interface. We do a "connect as" a user in the the remote computer's domain, and up until now, it works.
The problem: the IIS 6.0 server cannot list the files. I get an "HTTP Error 500 - Internal server error." and in the audit logs, I see the following logon failure: Event ID 529 Unknown user or password, logon type 8. If I try to work around, map the remote share to a local drive, then set the virtual directory to point to this "local" mapped drive, I get a 404, File not found error.
Web Server extensions are wide open to allow everything, NTFS, Shares, permissions are set correctly, and I know the Username and Password are correct because the NT 4.0 IIS 4.0 server is set exactly the same way, and it works fine. In fact, the only way I can get directory browsing to work in IIS is to browse the LOCAL drive, no remote drives. I hate to replicate 70 gigs of TIF files if I don't have to.
Have I run across a bug in IIS 6.0? I cannot find any documentation other than that I must be using a bad password, which I am not. I think IIS 6.0 cannot interpret the password, doesn't matter whether I use Basic, NTLM, Digest, Anonymous Authentication.
We migrated our web server from WinNT 4.0 to Windows Server 2003.
We have a virtual directory mapped to a remote computer, and enabled "directory browsing" so that the directory structure of 100, 000 drawing files can be navigated through a web interface. We do a "connect as" a user in the the remote computer's domain, and up until now, it works.
The problem: the IIS 6.0 server cannot list the files. I get an "HTTP Error 500 - Internal server error." and in the audit logs, I see the following logon failure: Event ID 529 Unknown user or password, logon type 8. If I try to work around, map the remote share to a local drive, then set the virtual directory to point to this "local" mapped drive, I get a 404, File not found error.
Web Server extensions are wide open to allow everything, NTFS, Shares, permissions are set correctly, and I know the Username and Password are correct because the NT 4.0 IIS 4.0 server is set exactly the same way, and it works fine. In fact, the only way I can get directory browsing to work in IIS is to browse the LOCAL drive, no remote drives. I hate to replicate 70 gigs of TIF files if I don't have to.
Have I run across a bug in IIS 6.0? I cannot find any documentation other than that I must be using a bad password, which I am not. I think IIS 6.0 cannot interpret the password, doesn't matter whether I use Basic, NTLM, Digest, Anonymous Authentication.
ASKER
The web server is using the default user, and is stand alone. The remote file server is not truly an NT box: it is an EMC box managed by a different NT domain. So, I am not sure if it can have a local NT account made for it, but I will contact the administrator of that box and get back to you on that.
Because the web server is stand alone, I can't use the other domains user account to start the IIS service. I've always been able to get the "Connect As" in IIS to work up to this point on the IIS 4.0 servers. - .
The weird thing is this: in the IIS 6.0 manager, I can actually see the files in the remote directory! The problem only appears when browsing the URL of the web server, the way the users would see it.
Because the web server is stand alone, I can't use the other domains user account to start the IIS service. I've always been able to get the "Connect As" in IIS to work up to this point on the IIS 4.0 servers. - .
The weird thing is this: in the IIS 6.0 manager, I can actually see the files in the remote directory! The problem only appears when browsing the URL of the web server, the way the users would see it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nothing in the system or application log. Just the 529 error in the security log. I will try your suggestion tomorrow(about the matching accounts) and will let you know how that turns out.
is this any help?
http://www.eventid.net/display.asp?eventid=529+&source=
http://www.eventid.net/display.asp?eventid=529+&source=
ASKER
No - 2 problems.
1. The remote server is an EMC box and therefor does not use NT for local accounts. NT Domain accounts have access, but there are no local accounts other than Unix.
2. I am unable to start the WWW service with anything other than the local system account - I get Access Denied using any other account, local admin or remote. It gives me an error that www is a shared process, so it will not allow the remote domains NT account to start the service.
Am I missing something?
Using Windows 2003 server, I was able to duplicate this problem on a second test system, using a test domain. The problem happened even when the server became a member server - any remote share could not be browsed successfully - I get the same authentication error in the audit logs, and the Internal Server Error 500 at the browser. The error does not show up in the IIS Manager. I see the files fine there.. Maybe I'll have to replicate the 70 gig vault to the local drive to resolve this problem.
1. The remote server is an EMC box and therefor does not use NT for local accounts. NT Domain accounts have access, but there are no local accounts other than Unix.
2. I am unable to start the WWW service with anything other than the local system account - I get Access Denied using any other account, local admin or remote. It gives me an error that www is a shared process, so it will not allow the remote domains NT account to start the service.
Am I missing something?
Using Windows 2003 server, I was able to duplicate this problem on a second test system, using a test domain. The problem happened even when the server became a member server - any remote share could not be browsed successfully - I get the same authentication error in the audit logs, and the Internal Server Error 500 at the browser. The error does not show up in the IIS Manager. I see the files fine there.. Maybe I'll have to replicate the 70 gig vault to the local drive to resolve this problem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks anyhow.
Did this problem ever get resolved...I'm having the same problem...
ASKER
Not really. The "fix" is to make sure both machines are in the same domain, and that they both have identical local accounts, same name, same password.
I spent the $250 to call MS about this.
Because I do not want this machine to be in the same domain, I just chose to replicate the data locally.
I spent the $250 to call MS about this.
Because I do not want this machine to be in the same domain, I just chose to replicate the data locally.
If it is the default user try these things.
1. Run the IIS service using a network user having access to both the machines. (security issue?)
2. Make two local users at the IIS machine and the remote machine by same name and pwd. Run the IIS with this user.
Option 2 might have been some security bug (it doesn't look like a feature to me) but is vastly used in situations like this.
If you had been using this method before, it might have been 'corrected' in a new SP and you might need to try option 1.
::fozylet