IIS7.5 App Pools & Network Shares

I'm running IIS7.5 and have several .NET 4.0 sites running on IIS.

One of these sites, we'll call it "Site A", is using network sharing and it works.

Another site, call it "Site B", also uses network sharing (to the same shares Site A accesses), but it doesn't work. I get "access denied" errors.

I went to Site B's app pool and changed the "Identity" to "NetworkService" and Site B was able to start accsessing network shares.

The problem is, Site B's app pool and Site A's app pool were set up identically. Site A's app pool uses the "ApplicationPoolIdentity" identity and it's able to access the shares with no problem.

Can anyone explain why and let me know how to get Site B to access network shares using the "ApplicationPoolIdentity" identity?
infotechelgAsked:
Who is Participating?
 
Brad HoweDevOps ManagerCommented:
Strange. So your setup is as such.

SERVER
      Site A using SiteA_appPool
      Site B using SiteB_appPool
      
SiteA_AppPool running under Application PoolIdentity
SiteB_AppPool running under Network Service

When Site B uses SiteB_AppPool, it doesn't work.
When Site B uses SiteA_AppPool, it works?

Application Pool identities also use the machine account to access network resources. The fact that it works by flipping the appPools tends to show other missing configurations.

SHARE permissions and Security permissions should allow for
            domain\servername$
full access.

Are Codebases different?
Are both sites using the same authentication?
Where is this network share located?

Let me know,
Hades666
0
 
infotechelgAuthor Commented:
The only difference between the two sites is that Site B is an MVC application, and Site A isn't. Though, I don't see how that could make a difference when it comes to my issue.
0
 
Brad HoweDevOps ManagerCommented:
Should work fine IF they are identical. The applicationPool identity impersonates this user <domain-mname>\<machine-name>$ when accessing network resources.

Please run the following and compare:

c:\Windows\System32\inetsrv>appcmd list APPPOOL "YOUR APP POOL NAME" /text:*

Also, if you place your App under the SiteA appPool does it work?

Lastly, if these are different servers, then you will most like need to grant the machine$ account access to the share too.

Let us know if you see no differences.
Cheers,
Hades666
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
infotechelgAuthor Commented:
Thanks hades. Unfortunately, I get "access denied" error when I try to run this command.
0
 
Brad HoweDevOps ManagerCommented:
Are you running CMD under the RUN AS ADMINISTRATOR context?

appcmd is a restricted exe.

Sorry/

-Hades666
0
 
infotechelgAuthor Commented:
Thanks, hades. I ran the command on the two app pools and, except for the difference in identityType, they're identical.

And yes, I moved Site B's app pool to Site A's and it worked.
0
 
infotechelgAuthor Commented:
SiteB_AppPool is running under NetworkService because running it under ApplicationPoolIdentity wasn't working with the shared files on the network.

SiteA is a .NET Website, SiteB is a .NET MVC Application.

However, there is a new issue. SiteC, which also uses the same shares, was using ApplicationPoolIdentity and it was working. I had to restart the app pool and, all of a sudden, it started behaving like SiteB and I had to change the Identity to NetworkService. SiteC is also a .NET Website like SiteA.

The network share is located on a different server, but on the same network. All three sites share the same folders.

Strange.
0
 
infotechelgAuthor Commented:
So, I had to restart Site A's app pool, and now ApplicationPoolIdentity doesn't work anymore. Had to switch to NetworkService.

This is really frustrating.
0
 
infotechelgAuthor Commented:
?
0
 
Brad HoweDevOps ManagerCommented:
That makes no sense to me. APPID uses the $MACHINEACCOUNT and is the same account that NetworkService uses.

Was this machine cloned, imaged, restored recently?

-Hades666
0
 
infotechelgAuthor Commented:
It wasn't cloned or imaged. I know they rebuilt it because the initial installation of IIS wasn't performing properly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.