?
Solved

IIS 7 virual directory log on issue

Posted on 2010-01-12
10
Medium Priority
?
2,451 Views
Last Modified: 2012-05-08
We'd like to update our MS web server W2K3 to W2K8, so I put together a test system consisting of a W2K8 server in the workgroup "WORKGROUP" and an Integrity OpenVMS server running CIFS (Samba) in the NT domain "LANGROUP" with the CIFS share allowing public  / guest access. I put the web site on the server and mapped a virtual directory to the Integrity. The W2K8 server has no problem displaying the files in the CIFS share, but when IIS 7 tries to open it from the authentication icon in "features view" I get an error \\?\UNC\rx2660\webreports\web.config - cannot read configuration file. Yet IIS 7 sees the entire directory when using the "content view". I tried adding a user of the same name and password on both machines and that changed the IIS error message, but still didn't work. I tried with no web.config file and a blank one. The error message is:

500.19, error 0x8007052e, can not log on locally to \\rx2660\webreports as user langroup\samba$user with virtual directory password. Yet, when I right click the virtual directory and go to change permissions, it takes the username and password just fine.

Any ideas would be appreciated! Thank you.
0
Comment
Question by:Woodie_Weiss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 5

Accepted Solution

by:
Netcraft earned 1500 total points
ID: 26296164
Looks like the user account you're using for your app pool doesn't have rights to the web site directory, so it can't read config from there. Check the app pool and see what user it is configured to run as. Check the directory and see if that user has appropriate rights to it. While you're at it, check the event log and see if IIS logged any more detailed diagnostic information there.

I found out that you have to give IUSR, IIS_WPG and IIS_IUSRS at least read permission to access folders.

I used Microsoft Process Monitor to determine the exact users/groups: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx.

Enable in Process Monitor the column User Name, but mind the required access rights, sometimes the account gets impersonated. Loos for lines with ACCESS DENIED.
0
 

Author Comment

by:Woodie_Weiss
ID: 26297811
Thank you for your quick response. The Default AppPool uses NetworkService, which is naturally on the local W2K8 server. There isn't any way I know of to add that user to the remote OpenVMS CIFS server. But the share is public, so I would have thought anyone can read, write any file on it. I think that's the part that confuses me so much. The share can be mapped and used normally on the W2K8 server, but IIS 7 can't.

Woodie
0
 
LVL 5

Expert Comment

by:Netcraft
ID: 26311858
Try Process Monitor to determine what security is needed. Maybe you created the virtual directory on a share with not enough permissions.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Woodie_Weiss
ID: 26323909
I think I got some decent info from Process Monitor.
Logfile.CSV
0
 

Author Comment

by:Woodie_Weiss
ID: 26332014
I've created a virtual directory on the W2K8 server and naturally it works fine. I ran process monitor and captured the filtered data for an attempt at opening first the virtual directory on the remote OpenVMS CIFS server and then the virtual directory on the host server. The "NotifyChangeDirectory" command returned different results. Googling this brought up this explanation:

http://msdn.microsoft.com/en-us/library/aa489282.aspx

Is there something that needs to be implemented on the CIFS server to complete this command?

I've attached the process monitor log file in an abbreviated form.

Many thanks!
Logfile.CSV
0
 
LVL 5

Assisted Solution

by:Netcraft
Netcraft earned 1500 total points
ID: 26339438
The "NotifyChangeDirectory" is called to let Windows know when a file has changed in the folder. I think only local drives support all events, and remote usually only a subset. I don't think this is a problem.

I'm missing references to the file in you error-message: \\?\UNC\rx2660\webreports\web.config. Could you filter based on accesses to the path "webreports" (Path contains "webreports")?

Can you monitor access to the RX2660 ?
0
 

Author Comment

by:Woodie_Weiss
ID: 26342790
Thanks for the suggestions...

Attached is the output filtered for path containing rx2660. The first section is the IIS attempt to get to the virtual directory. The second section is the actual web application trying to retrieve a file from that directory. It seems like they both fail on the NotifyChangeDirectory line. The OpenVMS trace is something I would need help from HP support to decipher. I have asked for their help on the issue in general and sent them the process monitor output to look at. I'll keep you posted.

Woodie
Logfile.xls
0
 

Author Comment

by:Woodie_Weiss
ID: 26343424
I ran process monitor, same filter, on a server 2003 that works fine. I see the notifychangedirectory fails there as well, so I understand why you say it does not matter. The part where it gets the pdf is what does not work on server 2008, yet it is the same web code.....
Logfile.xls
0
 

Author Comment

by:Woodie_Weiss
ID: 26355095
With help from HP we were able to turn on the NotifyChangeDirectory feature of the Samba share and presto - it now works... Odd that server 2003 didn't have any issue, but Server 2008 surely does.

Even though you didn't feel that was the issue, you were extremely helpful by suggesting I use Process Monitor (which I never heard of) so I would like to award points to you.

Thanks,

Woodie
Logfile.CSV
0
 

Author Closing Comment

by:Woodie_Weiss
ID: 31676227
Behavior of CIFS (Samba) share on OpenVMS is unusual and difficult to diagnose from Windows server side. Suggestions led me to solution for which I'm very appreciative.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question