How to save upload on second server?

Hi all!

I have two upload scripts. One selfmade with uploading by filesystemobject and one by using COM (ASPPW.Upload). They both work fine, until I want to save on antoher server / a network path.

I have two webservers running for load balancing and I configured IIS to load all pictures from Server A (www...). So if a user is on Server B (www2...), the virtual directory "/images" is pointing to a network path "//ServerB/inetpub/wwwroot/images/". This works fine. Uploading pictures to Server A is no problem cause pics are uploaded to local folder, but if I use the same scripts for Server B there are permission issues and I can not upload anything.

Folder images on Server A has full access for everyone, so it should work I think. The path is configured by using Server.MapPath("/images") on Server B and the path seems to be right. If I try to map the directory as drive on Server B it also does not work (Server.MapPath("I:\")).

What can I do to get the upload running? Any more information needed?
LVL 11
SvenTech Lead Web-DevelopmentAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it will most probably be either the IWAM_Usr which is the account that lauchs out of process objects or which ever is you iis log in user (which by default is you IUSR_Machinename in anonymous authentication),

So you need to give the directorys you want to be able to upload to premisson to those accounts.  If your on a cross domain it gets a bit tricker again.

Good Luck

SvenTech Lead Web-DevelopmentAuthor Commented:
I allready tried given IWAM_ServerB and IUSR_ServerB user full access to the image folder of Server A, without success. Also "everyone" has full access. I get an "access denied" error everytime. Strange is that if I choose an non existing folder the same error occurs, but only if it is on network path.


\\ServerA\inetpub\wwwroot\images --> Exists, but "access denied"

\\ServerA\inetpub\wwwroot\images2 --> Does not exist, and also error "access denied"
SvenTech Lead Web-DevelopmentAuthor Commented:
I have to add some information:

- Server A and Server B are within the same windows domain.
- Server B is Domain Controller
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Well one way that I have solved these problems for sure is to put an object into the COM+ server that wraps a copy file function make it a Server Application and change the user that creates the object to you admin user and you should defenately get access to copy because you will know the user that is running the object.

So after you've done that you upload the file to your server A copy with com+ object then delete from server A or what ever.

The other thing I can think of is to add the computer account to the serverB folder with permissions.
SvenTech Lead Web-DevelopmentAuthor Commented:
Problem is, that Content Manager will get randomly to www. or www2. and if they run the upload scripts on www2. they have no permission to save to the virtual folder. I can not redirect them to www. cause I do not know the IPs of these users, they have dynamic ones. So I have to get the upload scripts to work :(
Actually have you tried changin the anonymous authentication to an admin user(you domain Admin) and see if you get the same error?
SvenTech Lead Web-DevelopmentAuthor Commented:
I did not try that and I do not want to change this option cause I can not oversee the whole reaction of the system, COM+ and scripts if I do that.
Just add another area that you can play around with (make a virtual directory, modifiy a script to upload a file to your directory and change the authentication only on that virtual directory and you won't touch a thing) I'm only asking this way to rule out that it's a front in IIS problem.
SvenTech Lead Web-DevelopmentAuthor Commented:
Changing authentication was not successfull too :(
Maybe it is not even possible to save files cross server!?
yer it can be a pain sercurity some days.

it can be done via the com+ object way I describe above for I use it every day. you could even probably put the upload object in it to impersonate as well but I wouldn't recommend that..

Arr what can it be.?? Have you checked your Event Logs

Whats your server OS's and IIS version..

See from memory the biggest problem is that your running iis processes from a local account on the machine and it does that in the background, you can tell this by watching you task manager on the web server and watch the IWAN_Usr process get used in the upload.  I think you have to find a way to impersonte the IWAN_Usr in the COM+(CompontServices in Admin Tools) servers,  I trying to find out how.
SvenTech Lead Web-DevelopmentAuthor Commented:
Eventlog tells nothing.
DLLHost3g.exe is running under IWAM account.

Server is Windows Advanced Server with IIS 5.

Have a look at those, from what i'm thinking this may help solve the problem..

--Extract--  Active Server Pages (ASP) pages are often run under the security context of the Internet Guest Account (or, by default, the IUSR_<ComputerName> account). Within these ASP pages, when you reference files or databases on a computer other than the Web server, you must often duplicate this user (the Anonymous user account) on the remote computer. This is because, by default, the Internet Guest Account is a local computer account on the Web server and is not recognized by any other computer on the network. If you duplicate the Internet Guest Account on another computer, you can enable that remote computer to authenticate the account and allow access to resources on that computer.
and I'm reconing that it's probably the a policy thats's giving the permission denied

-- extract -- Grant New Anonymous Account "Log on Locally" Rights

before you start playing with adding users try looking at your Local Security Policy and find the Log On locally key and check some of these.
Hmm, can user IWAM_Usr of one computer can access another computer and if there is Active Directory active. Looks like you should authenticate with some other user maybe. I am not sure but if you try to access \\ServerB directly from your computer when loggen let's say with IWAM_Usr, can you access it? Or you have to authenticate via some other user, like a user from AD or ServerB's administrator user..
Sorry didnt see your messege :))
SvenTech Lead Web-DevelopmentAuthor Commented:
I added IUSR and IWAM to Server A local users and guest group. I also unchecked IIS control of anonymous password on Server B for IUSR but nothing helped me out :(

I still get the error "permission denied".
OK it's funny I had the same problem at work today basically, I've got a win2k3 server that I store all the files I upload and 2k web server that dishes it.  And no I couldn't copy throught the upload object I was using [HUGEAsp].

How I fixed it similar to what I was describing above but I can tell you what worked for me now.

On your serverB that you copying to open up your Admin Tools | Local Security Policy.
Drill down Security Settings | Local Policys | User Rights assignment
Find 'Access Computer From Network' and Add your server A to the list (you will most probably have to check the box in types to look for)
Find 'Log On Locally' and add the computer again.
Rebooted the iis, but recommend rebooting the server
     And wammo it worked
#Note: the folder it was coping to had everyone full control.

Cheers Hope it works for you

?¿ did you get it going ¿?
SvenTech Lead Web-DevelopmentAuthor Commented:
I can not add the "computer" to the local security policy. I only can add users and groups. I added IWAM and IUSR for the server but this did not work. The server I am copying from is the domain controller. Maybe there is about this!?
Well I just thought Of hopefully the last place that you can change.

I take it your on win 2k servers then.

in you component Services MMC Console if you drill down to.
Computers | ComputerName | IIS Out-Of-Process Pooled Applications
 go propertys on this, goto Identity you should notice that this is IWAM_MachineName

So this is where the objects are being created (You should be able to change this to you privledged/domain account) and off ya go.
SvenTech Lead Web-DevelopmentAuthor Commented:
First: No success :(

Second: I do not even know why to change "Out-Of-Process Pooled" identity!? Can you explain? The COM+ package was not even running before or after the changes, so we do not need them at all I think.

As I wrote before, we are using two W2k Advanced Server machines. One of them is the domain controller.
Did you reboot IIS & the reboot the Component better yet the server?

The reason I said to look into this is because this is where the behind the scenes objects get created and used depening on you configuration in IIS. I can only guess from some of the info you have given ie:" DLLHost3g.exe is running under IWAM account. " And I gather that was what the User was when you looked at it.

Heres a couple of articles that go into it a bit.

There is an important not in the first one that may help in configuring yours ie: make it a high isolated app in IIS and configue the com+ process with the user you want.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SvenTech Lead Web-DevelopmentAuthor Commented:
Problem is, I can not reboot the machine and rebooting IIS is also not the best way, cause the two servers I am speaking of are in production and there is an online shop running and it would cost us real money to reboot the server :(

Also we do not want to run IIS in high isolated cause of performance. So this is not an option, even if it would be the only one.
Well theres your answer then you cann't do it the way you want to do it.

Sorry but thats all I've got, happy coding

SvenTech Lead Web-DevelopmentAuthor Commented:
okay, thx. will give you points for your effort to help!
Thx I think we explored as much of IIS as you can get.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.