Solved

IIS 6 logging to UNC share - cannot get proper permissions

Posted on 2006-11-24
3
1,279 Views
Last Modified: 2008-02-01
Hi there,
I have two load balanced IIS 6 servers and I need to combine their logs files.
According to MS, I should be able to write the log files to a remote UNC share but I keep getting the following error when trying to do so.

15001
Unable to create the log file for site W3SVC%2.
Ensure that the logging directory for the site is correct and this computer has write access to that directory.

Here's what MS says about this error:
"Event ID 15000, 15001, and 15003

These errors occur when the log file and directory do not have proper security settings. When the IIS logging configuration settings are changed, if the file and directory security settings are not correct (if the System and Administrators do not have full control), HTTP.sys writes event ID 15001 or event ID 15003 (if binary logging is enabled) to the Event Log. HTTP.sys writes an event ID 15000 to the event log if security settings change during operation, for example, if the file ACLs are altered manually."

My problem is that I gave the Adminsitrator Full Control to the UNC Share (by the way the two machines have the same Adminsitrator username and passsword - I do not use Active Directory) and this did not work. I also tried the IUSR_SPXXXX and IWAM_SPXXXX accounts, but same thing.

Can you tell me what Account needs control - and do I apply the permissions to just the Sharing or the NTFS security as well as Sharing permissions?
0
Comment
Question by:juliandormon
  • 2
3 Comments
 
LVL 10

Expert Comment

by:AndresM
ID: 18008139
You can configure IIS to write log file data to a remote share. In the remote share, IIS creates a unique directory for each Web site, for example W3SVCX, where X is a random number generated by IIS to represent the specific Web site. IIS also creates the log file with exclusive write access, so that multiple machines cannot write to the same log file.

Configuring IIS to Log Data on a Remote Share (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0b56f0c2-5043-48a6-9564-2de0cc29c81d.mspx?mfr=true
0
 

Author Comment

by:juliandormon
ID: 18008426
Thanks,
It doesn't seem to work, probably because the instructions call for a my services to be in the same domain, but I am not using AD.
Anyother suggestions, perhaps I can robocopy the log files before I to the remote server?
0
 
LVL 10

Accepted Solution

by:
AndresM earned 250 total points
ID: 18008624
By default IIS writes its logs on a per-daily-basis. You can create a script that runs daily to copy the log (of the day before) to a share and delete the log in IIS. Since you have two webservers you can also create a script (for ie VBScript) that mixes both IIS logs. Or use a third-pary tool to analyse the logs, the tool will mix the logs for you (for i.e. Webtrends).

Since the webservers and the fileserver are not part of a domain, may be you hava some trouble copying files from one server to the other; one simple workarround is create same user same password in all servers, and configure the copy script to run under that account.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now