?
Solved

IIS 7 virual directory log on issue

Posted on 2010-01-12
10
Medium Priority
?
2,515 Views
Last Modified: 2012-05-08
We'd like to update our MS web server W2K3 to W2K8, so I put together a test system consisting of a W2K8 server in the workgroup "WORKGROUP" and an Integrity OpenVMS server running CIFS (Samba) in the NT domain "LANGROUP" with the CIFS share allowing public  / guest access. I put the web site on the server and mapped a virtual directory to the Integrity. The W2K8 server has no problem displaying the files in the CIFS share, but when IIS 7 tries to open it from the authentication icon in "features view" I get an error \\?\UNC\rx2660\webreports\web.config - cannot read configuration file. Yet IIS 7 sees the entire directory when using the "content view". I tried adding a user of the same name and password on both machines and that changed the IIS error message, but still didn't work. I tried with no web.config file and a blank one. The error message is:

500.19, error 0x8007052e, can not log on locally to \\rx2660\webreports as user langroup\samba$user with virtual directory password. Yet, when I right click the virtual directory and go to change permissions, it takes the username and password just fine.

Any ideas would be appreciated! Thank you.
0
Comment
Question by:Woodie_Weiss
  • 7
  • 3
10 Comments
 
LVL 5

Accepted Solution

by:
Netcraft earned 1500 total points
ID: 26296164
Looks like the user account you're using for your app pool doesn't have rights to the web site directory, so it can't read config from there. Check the app pool and see what user it is configured to run as. Check the directory and see if that user has appropriate rights to it. While you're at it, check the event log and see if IIS logged any more detailed diagnostic information there.

I found out that you have to give IUSR, IIS_WPG and IIS_IUSRS at least read permission to access folders.

I used Microsoft Process Monitor to determine the exact users/groups: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx.

Enable in Process Monitor the column User Name, but mind the required access rights, sometimes the account gets impersonated. Loos for lines with ACCESS DENIED.
0
 

Author Comment

by:Woodie_Weiss
ID: 26297811
Thank you for your quick response. The Default AppPool uses NetworkService, which is naturally on the local W2K8 server. There isn't any way I know of to add that user to the remote OpenVMS CIFS server. But the share is public, so I would have thought anyone can read, write any file on it. I think that's the part that confuses me so much. The share can be mapped and used normally on the W2K8 server, but IIS 7 can't.

Woodie
0
 
LVL 5

Expert Comment

by:Netcraft
ID: 26311858
Try Process Monitor to determine what security is needed. Maybe you created the virtual directory on a share with not enough permissions.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Woodie_Weiss
ID: 26323909
I think I got some decent info from Process Monitor.
Logfile.CSV
0
 

Author Comment

by:Woodie_Weiss
ID: 26332014
I've created a virtual directory on the W2K8 server and naturally it works fine. I ran process monitor and captured the filtered data for an attempt at opening first the virtual directory on the remote OpenVMS CIFS server and then the virtual directory on the host server. The "NotifyChangeDirectory" command returned different results. Googling this brought up this explanation:

http://msdn.microsoft.com/en-us/library/aa489282.aspx

Is there something that needs to be implemented on the CIFS server to complete this command?

I've attached the process monitor log file in an abbreviated form.

Many thanks!
Logfile.CSV
0
 
LVL 5

Assisted Solution

by:Netcraft
Netcraft earned 1500 total points
ID: 26339438
The "NotifyChangeDirectory" is called to let Windows know when a file has changed in the folder. I think only local drives support all events, and remote usually only a subset. I don't think this is a problem.

I'm missing references to the file in you error-message: \\?\UNC\rx2660\webreports\web.config. Could you filter based on accesses to the path "webreports" (Path contains "webreports")?

Can you monitor access to the RX2660 ?
0
 

Author Comment

by:Woodie_Weiss
ID: 26342790
Thanks for the suggestions...

Attached is the output filtered for path containing rx2660. The first section is the IIS attempt to get to the virtual directory. The second section is the actual web application trying to retrieve a file from that directory. It seems like they both fail on the NotifyChangeDirectory line. The OpenVMS trace is something I would need help from HP support to decipher. I have asked for their help on the issue in general and sent them the process monitor output to look at. I'll keep you posted.

Woodie
Logfile.xls
0
 

Author Comment

by:Woodie_Weiss
ID: 26343424
I ran process monitor, same filter, on a server 2003 that works fine. I see the notifychangedirectory fails there as well, so I understand why you say it does not matter. The part where it gets the pdf is what does not work on server 2008, yet it is the same web code.....
Logfile.xls
0
 

Author Comment

by:Woodie_Weiss
ID: 26355095
With help from HP we were able to turn on the NotifyChangeDirectory feature of the Samba share and presto - it now works... Odd that server 2003 didn't have any issue, but Server 2008 surely does.

Even though you didn't feel that was the issue, you were extremely helpful by suggesting I use Process Monitor (which I never heard of) so I would like to award points to you.

Thanks,

Woodie
Logfile.CSV
0
 

Author Closing Comment

by:Woodie_Weiss
ID: 31676227
Behavior of CIFS (Samba) share on OpenVMS is unusual and difficult to diagnose from Windows server side. Suggestions led me to solution for which I'm very appreciative.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question