Solved

IIS 7 - Path not found - UNC Path

Posted on 2010-09-09
3
1,172 Views
Last Modified: 2012-05-10
I'm getting a painful issue where I have moved an old asp custom written application that lists files in directories that has been moved to an IIS 7 server and i'm getting an "Path not found" error when executing the fso.GetFolder() function.

Outline:
- IIS 7
- 2008 Server 64-bit
- 32-bit is Enabled in ASP
- Windows Authentication Only (Kernel-mode Enabled) (Negotiate, NTLM)
- Impesonate (Enabled)

The unique thing about this is that if I access the server on the current domain network it all works fine and the user can see the files list through the asp page but if I access the site from the external internet url it fails.

Internal Network:
- http://webservername/                                               = Works fine
- http://webservername.domainname.com/                  = Works fine
- http://externalname.domainname.com/                      = Works fine

From the Internet
- http://externalname.domainname.com/                      = Fails with "Path not found"

If I run a processmonitor on the w3wp.exe process I can see the following:

***** WORKING *****
Date & Time:      10/09/2010 3:19:33 PM
Event Class:      File System
Operation:      CreateFile
Result:      SUCCESS
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1932
Duration:      0.0004655
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername
OpenResult:      Opened

***** FAILED *****
Date & Time:      10/09/2010 2:46:54 PM
Event Class:      File System
Operation:      CreateFile
Result:      ACCESS DENIED
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1156
Duration:      0.0059476
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername

I've checked SPN's that they look fine.  I can't see any easy way to debug kernel-mode authentication as authdiag is not designed to run with IIS 7.  Any input would be appreciated.

thanks,

Michael





0
Comment
Question by:mreggio
  • 2
3 Comments
 
LVL 7

Expert Comment

by:rsimsee
ID: 33643849
It's working internally because you are authenticating via your originating windows domain account which has access to the file in question.

When you try to access the same file from an external site, your authentication is no longer valid and you become anonymous and use the IUSR_servername account.  Any file or folder that you want to be able to access anonymously must have the IUSR account added to it's ACL.

Be careful with this however, anybody who connects to the server anonymously would also have these rights.  If you really want to do something like this externally, you should authenticate with a username / password first.
0
 
LVL 1

Author Comment

by:mreggio
ID: 33644166
Anonymous is not in use on this site at all.  If you check the file assecc ddebug I posted in the question you will see that its Impersonating a domain account.   When any user accesses the site it authenticates them with a domain account.
0
 
LVL 1

Accepted Solution

by:
mreggio earned 0 total points
ID: 33785575
I worked this out.  Was a security token issue when connecting between servers.  External Kerberos authentication requests cannot be passed between servers if the request is from and external source.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question