Solved

IIS 7 - Path not found - UNC Path

Posted on 2010-09-09
3
1,177 Views
Last Modified: 2012-05-10
I'm getting a painful issue where I have moved an old asp custom written application that lists files in directories that has been moved to an IIS 7 server and i'm getting an "Path not found" error when executing the fso.GetFolder() function.

Outline:
- IIS 7
- 2008 Server 64-bit
- 32-bit is Enabled in ASP
- Windows Authentication Only (Kernel-mode Enabled) (Negotiate, NTLM)
- Impesonate (Enabled)

The unique thing about this is that if I access the server on the current domain network it all works fine and the user can see the files list through the asp page but if I access the site from the external internet url it fails.

Internal Network:
- http://webservername/                                               = Works fine
- http://webservername.domainname.com/                  = Works fine
- http://externalname.domainname.com/                      = Works fine

From the Internet
- http://externalname.domainname.com/                      = Fails with "Path not found"

If I run a processmonitor on the w3wp.exe process I can see the following:

***** WORKING *****
Date & Time:      10/09/2010 3:19:33 PM
Event Class:      File System
Operation:      CreateFile
Result:      SUCCESS
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1932
Duration:      0.0004655
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername
OpenResult:      Opened

***** FAILED *****
Date & Time:      10/09/2010 2:46:54 PM
Event Class:      File System
Operation:      CreateFile
Result:      ACCESS DENIED
Path:      \\servername\sales$\projectfolders\lists\documents
TID:      1156
Duration:      0.0059476
Desired Access:      Read Attributes
Disposition:      Open
Options:      Open Reparse Point
Attributes:      n/a
ShareMode:      Read, Write, Delete
AllocationSize:      n/a
Impersonating:      DOMAIN\myusername

I've checked SPN's that they look fine.  I can't see any easy way to debug kernel-mode authentication as authdiag is not designed to run with IIS 7.  Any input would be appreciated.

thanks,

Michael





0
Comment
Question by:mreggio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:rsimsee
ID: 33643849
It's working internally because you are authenticating via your originating windows domain account which has access to the file in question.

When you try to access the same file from an external site, your authentication is no longer valid and you become anonymous and use the IUSR_servername account.  Any file or folder that you want to be able to access anonymously must have the IUSR account added to it's ACL.

Be careful with this however, anybody who connects to the server anonymously would also have these rights.  If you really want to do something like this externally, you should authenticate with a username / password first.
0
 
LVL 1

Author Comment

by:mreggio
ID: 33644166
Anonymous is not in use on this site at all.  If you check the file assecc ddebug I posted in the question you will see that its Impersonating a domain account.   When any user accesses the site it authenticates them with a domain account.
0
 
LVL 1

Accepted Solution

by:
mreggio earned 0 total points
ID: 33785575
I worked this out.  Was a security token issue when connecting between servers.  External Kerberos authentication requests cannot be passed between servers if the request is from and external source.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question