Solved

IIS 6 logging to UNC share - cannot get proper permissions

Posted on 2006-11-24
3
1,313 Views
Last Modified: 2008-02-01
Hi there,
I have two load balanced IIS 6 servers and I need to combine their logs files.
According to MS, I should be able to write the log files to a remote UNC share but I keep getting the following error when trying to do so.

15001
Unable to create the log file for site W3SVC%2.
Ensure that the logging directory for the site is correct and this computer has write access to that directory.

Here's what MS says about this error:
"Event ID 15000, 15001, and 15003

These errors occur when the log file and directory do not have proper security settings. When the IIS logging configuration settings are changed, if the file and directory security settings are not correct (if the System and Administrators do not have full control), HTTP.sys writes event ID 15001 or event ID 15003 (if binary logging is enabled) to the Event Log. HTTP.sys writes an event ID 15000 to the event log if security settings change during operation, for example, if the file ACLs are altered manually."

My problem is that I gave the Adminsitrator Full Control to the UNC Share (by the way the two machines have the same Adminsitrator username and passsword - I do not use Active Directory) and this did not work. I also tried the IUSR_SPXXXX and IWAM_SPXXXX accounts, but same thing.

Can you tell me what Account needs control - and do I apply the permissions to just the Sharing or the NTFS security as well as Sharing permissions?
0
Comment
Question by:juliandormon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:AndresM
ID: 18008139
You can configure IIS to write log file data to a remote share. In the remote share, IIS creates a unique directory for each Web site, for example W3SVCX, where X is a random number generated by IIS to represent the specific Web site. IIS also creates the log file with exclusive write access, so that multiple machines cannot write to the same log file.

Configuring IIS to Log Data on a Remote Share (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0b56f0c2-5043-48a6-9564-2de0cc29c81d.mspx?mfr=true
0
 

Author Comment

by:juliandormon
ID: 18008426
Thanks,
It doesn't seem to work, probably because the instructions call for a my services to be in the same domain, but I am not using AD.
Anyother suggestions, perhaps I can robocopy the log files before I to the remote server?
0
 
LVL 10

Accepted Solution

by:
AndresM earned 250 total points
ID: 18008624
By default IIS writes its logs on a per-daily-basis. You can create a script that runs daily to copy the log (of the day before) to a share and delete the log in IIS. Since you have two webservers you can also create a script (for ie VBScript) that mixes both IIS logs. Or use a third-pary tool to analyse the logs, the tool will mix the logs for you (for i.e. Webtrends).

Since the webservers and the fileserver are not part of a domain, may be you hava some trouble copying files from one server to the other; one simple workarround is create same user same password in all servers, and configure the copy script to run under that account.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question