Solved

IIS 7 - Path not found - UNC Path

Posted on 2010-09-09
3
1,169 Views
Last Modified: 2012-05-10
I'm getting a painful issue where I have moved an old asp custom written application that lists files in directories that has been moved to an IIS 7 server and i'm getting an "Path not found" error when executing the fso.GetFolder() function.

Outline:
- IIS 7
- 2008 Server 64-bit
- 32-bit is Enabled in ASP
- Windows Authentication Only (Kernel-mode Enabled) (Negotiate, NTLM)
- Impesonate (Enabled)

The unique thing about this is that if I access the server on the current domain network it all works fine and the user can see the files list through the asp page but if I access the site from the external internet url it fails.

Internal Network:
- http://webservername/                                               = Works fine
- http://webservername.domainname.com/                  = Works fine
- http://externalname.domainname.com/                      = Works fine

From the Internet
- http://externalname.domainname.com/                      = Fails with "Path not found"

If I run a processmonitor on the w3wp.exe process I can see the following:

***** WORKING *****
Date & Time:      10/09/2010 3:19:33 PM
Event Class:      File System
Operation:      CreateFile
Result:      SUCCESS
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1932
Duration:      0.0004655
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername
OpenResult:      Opened

***** FAILED *****
Date & Time:      10/09/2010 2:46:54 PM
Event Class:      File System
Operation:      CreateFile
Result:      ACCESS DENIED
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1156
Duration:      0.0059476
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername

I've checked SPN's that they look fine.  I can't see any easy way to debug kernel-mode authentication as authdiag is not designed to run with IIS 7.  Any input would be appreciated.

thanks,

Michael





0
Comment
Question by:mreggio
  • 2
3 Comments
 
LVL 7

Expert Comment

by:rsimsee
ID: 33643849
It's working internally because you are authenticating via your originating windows domain account which has access to the file in question.

When you try to access the same file from an external site, your authentication is no longer valid and you become anonymous and use the IUSR_servername account.  Any file or folder that you want to be able to access anonymously must have the IUSR account added to it's ACL.

Be careful with this however, anybody who connects to the server anonymously would also have these rights.  If you really want to do something like this externally, you should authenticate with a username / password first.
0
 
LVL 1

Author Comment

by:mreggio
ID: 33644166
Anonymous is not in use on this site at all.  If you check the file assecc ddebug I posted in the question you will see that its Impersonating a domain account.   When any user accesses the site it authenticates them with a domain account.
0
 
LVL 1

Accepted Solution

by:
mreggio earned 0 total points
ID: 33785575
I worked this out.  Was a security token issue when connecting between servers.  External Kerberos authentication requests cannot be passed between servers if the request is from and external source.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now