Solved

Can't setup intranet in windows 2008

Posted on 2009-04-09
22
682 Views
Last Modified: 2012-05-06
We have a simple intranet that I created for our company. Currently it's on win 2003 server and it's working properly. The win server is also our DNS, DC, DHCP, printer server. But it's an old machine and I plan to move it to a new DC server win 2008. So far I have everything going good except the intranet.

-I have installed the IIS role.
-Copied over the old website files to the new server
-I've entered the IP and the port number 80 and tested it with 81 nothing works.
-My IP address is the server IP (ex. 192.168.5.20:81)

What am I missing? Though win 2008 looks different I don't see what I'm doing wrong. they're also missing the properties when you right click the web site that use to help me a lot.
I also see this:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Open in new window

0
Comment
Question by:s0nic
  • 11
  • 7
  • 2
22 Comments
 
LVL 6

Expert Comment

by:Thomas Wheeler
Comment Utility
is it firewalled?
0
 

Author Comment

by:s0nic
Comment Utility
no it's a intranet only used inside our place. Do I need to disable the server firewall, is that what your saying?
0
 
LVL 6

Expert Comment

by:Thomas Wheeler
Comment Utility
yes worth a shot
0
 

Author Comment

by:s0nic
Comment Utility
Firewall is off and it's still not working. I'm going to reinstall the IIS role
0
 

Author Comment

by:s0nic
Comment Utility
The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group.  There may be problems in viewing and setting security permissions with the IIS_IUSRS group.  This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain.  Please see the online help for more information and solutions to this problem.  The data field contains the error number.
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
Is this a ASP.NET web application?  If yes, did you add ASP.NET in the 'Application Role' services?
0
 

Author Comment

by:s0nic
Comment Utility
No and I've added the web iis in role in server 2008.
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
Is it an ASP application?  It seems like the server side script might be blocked from executing.
0
 

Author Comment

by:s0nic
Comment Utility
This is the error I get, not sure if this is gonna help:
The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group.  There may be problems in viewing and setting security permissions with the IIS_IUSRS group.  This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain.  Please see the online help for more information and solutions to this problem.  The data field contains the error number.

And if it is blocking the script what would I need to do?
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
Hmm, I've read that the default groups like 'Local System', 'Local Server' and 'Network Service' that are used in many application pools for web applications have issues on a domain controller.

You could try creating a domain service account for the application pool and assigning it in the identity tab for the application pool.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:s0nic
Comment Utility
Sorry, but I have no idea how to do that. Can you explain a little bit more. Thanks
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
I haven't worked with Windows 2008 or IIS 7 yet so I can only describe this based on working with Vista and IIS 7.  It should be similiar

Open the IIS Manager.
Right-click the website you are having trouble with and select 'Advanced Settings'
Remember the name of the 'Application Pool'
At the top of IIS is a branch called 'Application Pools'
Click it
Select the Application Pool found earlier and right-click then select 'Advanced Settings'
Under Process Model you will sett the Identity property

That identity must be a domain account (usually a service account without a mailbox) that can access the path.

In your old site there might be a domain account already set.  It's basically the same steps to find it.
0
 

Author Comment

by:s0nic
Comment Utility
I don't see Identity property but I do see ID and the ID is 2. If I change it to 1 it will say. Error ID already exist.
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
Hmm, I don't think you are looking at the right value.  Can you send a screenshot?
0
 

Author Comment

by:s0nic
Comment Utility
In basic setting this is the error I get when I try to test the connection. The second picture is the one u wanted to see. Thanks
TestConnection.jpg
AdvancedSetting.jpg
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
Wait a minute.  Pass through authentication is for accessing files on another server.  You led me to believe ALL the files were on this one server.
0
 

Author Comment

by:s0nic
Comment Utility
What do you mean? The intranet is on a windows 2003 server right now which is also are primary DC, DNS, DHCP, file server, and printer server. I want to moved everything to a new machine windows server 2008. I have moved everything already except for the intranet. Once I have the intranet up and running on the 2008 box then I will make the 2008 box global and make it the primary DC. The only problem I have left is just the intranet not moving over. I hope that helps
0
 
LVL 51

Accepted Solution

by:
tedbilly earned 500 total points
Comment Utility
No it didn't help.  I think I see what the problem is but I don't think you understood my last comment.

I am assuming that once the new server is online, the old server will be shutdown.  If you did not copy the files from the intranet site on the old server to the new server, and instead configured the web site on the new server to use a UNC path to access the files on the old server then it's an invalid test.  You should setup the website on the new server exactly the same is it will work when the old server is gone.

I would recommend you copy ALL the files from the old intranet to the new server and test it properly as it will be when you turn off the old server.
0
 

Author Comment

by:s0nic
Comment Utility
Seems like it works. Let me test it again tonight!!!
0
 

Author Closing Comment

by:s0nic
Comment Utility
Thanks for hanging in there with me. Much appreciated.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Know what services you can and cannot, should and should not combine on your server.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now