How to access files on another server using the IUSR account from IIS?
I have two computers with Windows Server 2003 installed. One of the servers is just setup as a file server and the other server is a web server with IIS 6.0 installed on it, running an asp website that needs to get 2 files from the other server. I have a third computer with Windows XP installed on it. The XP machine used to act as a file server.
When the database and the other file (ini file) were located on the XP machine I could connect to site and login without a problem. All I did was move the data and ini file to the new server (the file server) and now when I try the web page it says that it is already open exclusive or I do not have permissions. However that is only when it tries to open the database, when it tries to open the ini file to read some setting it just returns EMPTY (the default) for everything.
I have gone through everything I could think of to allow premissions for the IUSR_Machine account to have full access to the folder where those two files are located. I have set every premissions I can think of but nothing has worked. This includes adding the IUSR account on the file server and giving that admin rights.
I have not used FileMon (though I have seen it recommended) because I do not know how to use it. I am going to look into this but not sure how far I will get with it.
What permissions or anything else can I look into / add that will allow the IUSR account created by IIS to access files on the other server? Also, if I move the files to the web server I can access both of them through the web site. The only problem I have is putting the files on the computer where they need to be located.
Thanks.
When the database and the other file (ini file) were located on the XP machine I could connect to site and login without a problem. All I did was move the data and ini file to the new server (the file server) and now when I try the web page it says that it is already open exclusive or I do not have permissions. However that is only when it tries to open the database, when it tries to open the ini file to read some setting it just returns EMPTY (the default) for everything.
I have gone through everything I could think of to allow premissions for the IUSR_Machine account to have full access to the folder where those two files are located. I have set every premissions I can think of but nothing has worked. This includes adding the IUSR account on the file server and giving that admin rights.
I have not used FileMon (though I have seen it recommended) because I do not know how to use it. I am going to look into this but not sure how far I will get with it.
What permissions or anything else can I look into / add that will allow the IUSR account created by IIS to access files on the other server? Also, if I move the files to the web server I can access both of them through the web site. The only problem I have is putting the files on the computer where they need to be located.
Thanks.
ASKER
This is just a peer to peer network. There is no domain or anything involved. I will try adding a user as an admin to the server running as the web server and then giving that account the anonymous access and see what that comes back in.
ASKER
Added myself as a user (admin priv) on the web server. set it up so I was the user for anonymous access for web page. Tried the server and it still cannot read the files. Added myself, using the same account, as WebServer\Me with the same password on the file server. gave admin rights and got the same results. This user can login to both comptuers and can access the folder I need to without a problem. The problem only comes in when I use the web page.
ASKER
I still have not been able to figure this out. Any suggestions would be great.
ASKER
So i tried to install IIS on the other server and also turn it to an FTP server but that did not help either. I gave full control to every user and group on the system and this still did not work. I have added a new user to both the servers with the same password and this did not work.
Does anyone know if this is possible? I would think that it is as I do not have a problem when the two files are located on the XP machine. All I want to do is have IIS (or whatever account uses that) open two files, one is a database and one is a ini file. It seems if the files are located on another computer running Windows Server 2003 this is not possible. I have run filemon but that seems to only look at local permissions and what is being opened locally. If I just use the network (\\server2\myfiles) i can go there and open either file. The only time it has a problem is when I try to do this through the web site (iis).
Does anyone know if this is possible? I would think that it is as I do not have a problem when the two files are located on the XP machine. All I want to do is have IIS (or whatever account uses that) open two files, one is a database and one is a ini file. It seems if the files are located on another computer running Windows Server 2003 this is not possible. I have run filemon but that seems to only look at local permissions and what is being opened locally. If I just use the network (\\server2\myfiles) i can go there and open either file. The only time it has a problem is when I try to do this through the web site (iis).
ASKER
Is what I am trying to do possible? if you need more information i can provide it but I am not sure what else is needed to explain the problem.
ASKER
So I found something that worked 1/2 way. http://support.microsoft.com/default.aspx?scid=kb;en-us;332167. I say that this only worked half way because I am actually trying to run two web sites, they are the same exact site but one is using data on another machine with Windows Server 2003, the other is using data on an XP machine. If I follow the steps in the link it reverses what I am seeing right now.
bascially, it allows me access to the other server while it denies me access to the xp machine. I am not changing anything else and both computers are on the same network.
bascially, it allows me access to the other server while it denies me access to the xp machine. I am not changing anything else and both computers are on the same network.
All you are trying to do is have IIS on one machine access files on another, right? That is definitely possible - I have done it. It seems you have done the right things but since it is not working you have missed something. Here is what is required:
* A user account on each machine with the same name and password.
* User account is in the Administrators group on each PC (you obviously don't need *all* the permissions that this group provides, but start with this and back off once you get it working)
* File sharing enabled
* Firewall turned off (not required but do it for testing)
* ASP.NET code using the correct UNC syntax (e.g. "\\computername\c$\config\
As a test you should be able to log in to the PC as this account and use Windows Explorer to access the remote file. If you can do this, then IIS, when configured to run under this account, should also be able to access the file.
Good luck.
* A user account on each machine with the same name and password.
* User account is in the Administrators group on each PC (you obviously don't need *all* the permissions that this group provides, but start with this and back off once you get it working)
* File sharing enabled
* Firewall turned off (not required but do it for testing)
* ASP.NET code using the correct UNC syntax (e.g. "\\computername\c$\config\
As a test you should be able to log in to the PC as this account and use Windows Explorer to access the remote file. If you can do this, then IIS, when configured to run under this account, should also be able to access the file.
Good luck.
ASKER
hey rdogmartin,
Here is the problem, I have done each of those steps, multiple times, and each time it fails if and only if the files are located on another computer running Windows Server 2003. If the other computer is running Windows XP or any other OS (have not tried Server 2k) I can gain access to the file and read the information I need. Now, when i Configure IIS to Control the Anonymous Password per the link I posted it swaps. I can now access the files on the other Windows 2003 server but I cannot access the files on the XP machine. That being said, I have not added the iusr account to the XP machine and given it the correct account. I guess this is my next step. Hopefully this will work and from here I can take away access.
Thanks.
Here is the problem, I have done each of those steps, multiple times, and each time it fails if and only if the files are located on another computer running Windows Server 2003. If the other computer is running Windows XP or any other OS (have not tried Server 2k) I can gain access to the file and read the information I need. Now, when i Configure IIS to Control the Anonymous Password per the link I posted it swaps. I can now access the files on the other Windows 2003 server but I cannot access the files on the XP machine. That being said, I have not added the iusr account to the XP machine and given it the correct account. I guess this is my next step. Hopefully this will work and from here I can take away access.
Thanks.
ASKER
Adding the account to the windows xp machine as an admin user did not work. Still having the same problem where only one of the two sites can gain access to the necessary file. again the only difference is that one computer storing the data is Windows Server 2003 and the other is Windows XP. Having the identity set as Network Service I can open the web page that looks at the windows Xp machine and it works properly, having the identity set as Local Service I can open the web page that looks at the windows server 2003 machine and it works properly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This may be a fundamental security requirement Microsoft imposes on us. There may be some way to do it but as best I can tell it is locked down.