troubleshooting Question

Allowing NT Authority\Network Service across domains

Avatar of MUSLMan
MUSLManFlag for United States of America asked on
Operating SystemsMicrosoft IIS Web ServerMicrosoft Server OS
8 Comments2 Solutions1968 ViewsLast Modified:
Goal: Have IIS Server from domain A connect to FAS2020 (which stores websites) on domain B when sebsite is using ASP.NET 2.0.

Summary:  I have a virtual machine of Windows 2003 Enterprise x86 R2 IIS Server on domain A that will be serving web traffic.  This IIS Server is running an ASP.NET 2.0 application with NETWORK SERVICE in the Identity properties of the AppPool.  When IIS manager home directory is setup on the local C drive, the website works just fine, but if I remove NETWORK SERVICE from the permissions I get "Server Unavailable" and the application event log shows Event IDs: 1088 and 1334, which are mainly general errors for permissions.  

My issue comes in when I use a network share as my home directory path.  I get the same error as above "Server Unavailable" and event IDs: 1088 and 1334.  So this leads me to believe that NETWORK SERVICE does not have the proper permissions.  

The network share is on a network device (NetApp FAS2020) which is on another domain (domain B).  Domain B has a one way trust established with domain A, but domain A does not have a trust with domain B.  So the FAS2020 can get the permission from domain A, except it cannot get the NETWORK SERVICE permission.

Does a trust need to be established in both directions for ASP.NET and NETWORK SERVICE to work properly?

"The account does have network credentials, which means you can use it to access network resources and remote databases by using Windows authentication. The network resources must be in the same domain as your Web server or in a trusted domain."
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 8 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros