Solved

IIS 7 - Path not found - UNC Path

Posted on 2010-09-09
3
1,167 Views
Last Modified: 2012-05-10
I'm getting a painful issue where I have moved an old asp custom written application that lists files in directories that has been moved to an IIS 7 server and i'm getting an "Path not found" error when executing the fso.GetFolder() function.

Outline:
- IIS 7
- 2008 Server 64-bit
- 32-bit is Enabled in ASP
- Windows Authentication Only (Kernel-mode Enabled) (Negotiate, NTLM)
- Impesonate (Enabled)

The unique thing about this is that if I access the server on the current domain network it all works fine and the user can see the files list through the asp page but if I access the site from the external internet url it fails.

Internal Network:
- http://webservername/                                               = Works fine
- http://webservername.domainname.com/                  = Works fine
- http://externalname.domainname.com/                      = Works fine

From the Internet
- http://externalname.domainname.com/                      = Fails with "Path not found"

If I run a processmonitor on the w3wp.exe process I can see the following:

***** WORKING *****
Date & Time:      10/09/2010 3:19:33 PM
Event Class:      File System
Operation:      CreateFile
Result:      SUCCESS
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1932
Duration:      0.0004655
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername
OpenResult:      Opened

***** FAILED *****
Date & Time:      10/09/2010 2:46:54 PM
Event Class:      File System
Operation:      CreateFile
Result:      ACCESS DENIED
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1156
Duration:      0.0059476
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername

I've checked SPN's that they look fine.  I can't see any easy way to debug kernel-mode authentication as authdiag is not designed to run with IIS 7.  Any input would be appreciated.

thanks,

Michael





0
Comment
Question by:mreggio
  • 2
3 Comments
 
LVL 7

Expert Comment

by:rsimsee
ID: 33643849
It's working internally because you are authenticating via your originating windows domain account which has access to the file in question.

When you try to access the same file from an external site, your authentication is no longer valid and you become anonymous and use the IUSR_servername account.  Any file or folder that you want to be able to access anonymously must have the IUSR account added to it's ACL.

Be careful with this however, anybody who connects to the server anonymously would also have these rights.  If you really want to do something like this externally, you should authenticate with a username / password first.
0
 
LVL 1

Author Comment

by:mreggio
ID: 33644166
Anonymous is not in use on this site at all.  If you check the file assecc ddebug I posted in the question you will see that its Impersonating a domain account.   When any user accesses the site it authenticates them with a domain account.
0
 
LVL 1

Accepted Solution

by:
mreggio earned 0 total points
ID: 33785575
I worked this out.  Was a security token issue when connecting between servers.  External Kerberos authentication requests cannot be passed between servers if the request is from and external source.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

A publishing tool, a Version Control System, or a Collaboration Platform! These can be some of the defining words for the two very famous web-hosting Git repositories: Bitbucket and Github. Git is widely used amongst the programmers and developers f…
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now