Solved

Windows Server 2008 Permission Problem

Posted on 2014-12-31
38
107 Views
Last Modified: 2015-01-06
On the following site:

http://faboh.com/faboh25/

There is a permissions error in the folder that does not allow the folder open a stream and prevents the site from loading. I can connect to the server through Plesk or RDC. Permissions look good from what I can tell. This is site was running on my computer and migrated it to the remote server.

What else should I be checking?
0
Comment
Question by:domgarofalo
  • 20
  • 16
  • +1
38 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
what is line 18 in the PHP code what does it try to access and where is that file located?
It is likely a path related error that you missed
i.e. require or include "path/to/the/file" which works on your home system, but on this system the path/to/the/file is incorrect.
look at the file contents then see whether the required/include item is available on the remote system.

C:\Inetpub\vhosts\faboh.com\httpdocs\faboh25/includes/defines.php
does this file exist as listed on the server where it is generating the error?
0
 
LVL 11

Expert Comment

by:rharland2009
Comment Utility
Do you know what line 18 of that PHP script reads?
0
 
LVL 14

Expert Comment

by:Michael Dyer
Comment Utility
As a test, you could give the "Everyone" group full control and see what happens.  That will enable you to determine if it really is the permissions on this folder.  I've had it be the inetpub folder or the C:\Windows\System32\inetsrv folder before.
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, here is the code for line 18:

      require_once JPATH_BASE.'/includes/defines.php';

I have confirmed that the file is there.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Run icacls on the includes and the file separately.
To see the permissions on includes does it inherit permissions from parent?

What are the contents of defines? Does it try to include/require a module that is not available on this system?
0
 

Author Comment

by:domgarofalo
Comment Utility
Michael,

I don't have an 'Everyone' group that shows up in Group or Usernames on the Security tab.
Is there a way that I could add it?
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, could you give me an example of what icacl command to run? I am not very familiar with it.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
on the command line(start, run, cmd) navigate to c:\inetpub\vhosts\faboh.com\httpdocs\faboh25\includes\defines.php
when in vhosts
icaclc faboh.com
cd faboh.com
icacls httpdocs
cd httpdocs
icacls faboh25
cd faboh25
icacls includes
cd includes
icacls defines.php
0
 

Author Comment

by:domgarofalo
Comment Utility
Thanks Arnold. I'll do that right away.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
What you are looking for is IUSR_systemname having rights.
Compare the results on your home system.

Is your site based in the same location?
Compare the website config on the home system to the one on the server.
0
 

Author Comment

by:domgarofalo
Comment Utility
Ok, I did it. Still the same thing. Everything processed correctly.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Try php empy page
<? Phpinfo();
?>
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
All icacls does is return the permission information, you need to see whether IIS has the requisite permissions.  The other thing is to check what defines.php does.

Does your IIs log, look at the error log to see what is going on.
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, here is what the info page says.

http://faboh.com/faboh25/info.php
0
 

Author Comment

by:domgarofalo
Comment Utility
Here is what the defines.php says.

<?php
/**
 * @package            Joomla.Site
 * @subpackage      Application
 * @copyright      Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
 * @license            GNU General Public License version 2 or later; see LICENSE.txt
 */

// No direct access.
defined('_JEXEC') or die;

/**
 * Joomla! Application define.
 */

//Global definitions.
//Joomla framework path definitions.
$parts = explode(DIRECTORY_SEPARATOR, JPATH_BASE);

//Defines.
define('JPATH_ROOT',                  implode(DIRECTORY_SEPARATOR, $parts));

define('JPATH_SITE',                  JPATH_ROOT);
define('JPATH_CONFIGURATION',      JPATH_ROOT);
define('JPATH_ADMINISTRATOR',      JPATH_ROOT . '/administrator');
define('JPATH_LIBRARIES',            JPATH_ROOT . '/libraries');
define('JPATH_PLUGINS',                  JPATH_ROOT . '/plugins'  );
define('JPATH_INSTALLATION',      JPATH_ROOT . '/installation');
define('JPATH_THEMES',                  JPATH_BASE . '/templates');
define('JPATH_CACHE',                  JPATH_BASE . '/cache');
define('JPATH_MANIFESTS',            JPATH_ADMINISTRATOR . '/manifests');
0
 

Author Comment

by:domgarofalo
Comment Utility
Here's the log from today.

2015-01-01 00:01:56 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 200 0 0 236 10437 556
2015-01-01 00:02:13 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 123.125.71.78 HTTP/1.1 Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) - - www.faboh.com 200 0 64 0 179 1290
2015-01-01 00:03:30 W3SVC5 FABOH2008 184.168.105.182 GET /proxy.php - 80 - 195.91.243.81 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0 param1=CookieString RefererString chek.zennolab.com 404 0 64 0 399 215
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 - - faboh.com 200 0 0 4860 178 1478
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 POST /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 a9f53da081d866baf6db826a08490c96=7fb3c86877d5b622dec25ba4eed3cbf8 - faboh.com 303 0 0 391 476 835
2015-01-01 00:07:03 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 a9f53da081d866baf6db826a08490c96=7fb3c86877d5b622dec25ba4eed3cbf8 - faboh.com 200 0 0 4960 463 1338
2015-01-01 00:09:52 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 54.224.177.116 HTTP/1.1 Mozilla/5.0+(compatible;+linkdexbot/2.0;++http://www.linkdex.com/bots/) - - faboh.com 200 0 0 6800 175 2874
2015-01-01 00:10:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 500 0 64 0 21896 91022
2015-01-01 00:12:41 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/02-about-us - 80 - 66.249.65.46 HTTP/1.1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.faboh.com 200 0 0 7373 358 4115
2015-01-01 00:14:07 W3SVC5 FABOH2008 184.168.105.182 GET /docs/October2013.pdf - 80 - 180.76.6.136 HTTP/1.1 Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) - - wwww.faboh.com 200 0 64 458752 236 4409
2015-01-01 00:15:54 W3SVC5 FABOH2008 184.168.105.182 GET /robots.txt - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+bingbot/2.0;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 1156 265 49
2015-01-01 00:16:01 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/03-resources/members/becoming-a-member - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+bingbot/2.0;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 6933 316 997
2015-01-01 00:25:28 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 69.253.215.179 HTTP/1.1 Mozilla/5.0+(iPad;+CPU+OS+8_1_1+like+Mac+OS+X)+AppleWebKit/600.1.4+(KHTML,+like+Gecko)+Version/8.0+Mobile/12B435+Safari/600.1.4 - http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28589106.html faboh.com 200 0 64 0 446 5414
2015-01-01 00:27:10 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 500 0 64 0 20250 72383
2015-01-01 00:36:53 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25 - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 301 0 0 397 588 468
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 200 0 0 599 589 3377
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/info.php - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 200 0 0 14897 597 1356
2015-01-01 00:37:31 W3SVC5 FABOH2008 184.168.105.182 HEAD / - 80 - 208.93.104.7 HTTP/1.1 http://www.yellowpages.com/about/legal/crawl - - faboh.com 200 0 0 382 94 1027
2015-01-01 00:45:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 200 0 64 0 20570 31704
0
 

Author Comment

by:domgarofalo
Comment Utility
I did a search for 'defines.php' in the log and could not find it. There is already a site running in the root of this domain just fine. When I move the folders and files from the 'faboh25' folder to the root I get the same error. I need to get it to work in the 'faboh25' folder before I move it to the root or I will end up with the same problem.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Your issue is a direct result of the defines.php file try accessing it directly, it will prompt you login credentials.
The  current defines.php does not prompt for authentication.
Try reapplying the permissions from faboh25 down to the child objects.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Defines.php is motte quested by the browser, the index.php and related errors should be in the Iis/php error log

You should remove/disable access to the info.php page.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:domgarofalo
Comment Utility
Arnold, what would be the steps to reapply those permissions?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
The includes folder seems to be the one missing access rights.

Using explorer navigate to the faboh25 folder.
Right click on the includes folder and select properties, advanced, make sure it has inherit permission from parent.
Then see.

When you ran icacls,
Presumably the current defines.php file should be the same as the faboh25.
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, I tried that and I am still having the same problem.
0
 

Author Comment

by:domgarofalo
Comment Utility
Sorry for the delay between posts. I spilled acetone all over the keyboard of my MacBook Air and it totally wrecked it. I am back with a different computer.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Double check the permissions on the includes that currently work versus the ones on the one that does not.

Do you have faboh25 setup as a virtual directory or is the data loaded there
How about the includes?
Trying to figure out the source of the login prompt to the includes within faboh25

If they are virtual directories, make sure anonymous access is allowed, security tab.
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, is there any way I could give you access to my server without posting the credentials here?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You could email me: aktrader2 at excite.com. Ip and password for a new temporary username  eexchange as the username whose logon hours you could limit to a short window (1-2hours) after your post here that email was sent.
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, sorry for the delay. I will email you those credentials today.
0
 

Author Comment

by:domgarofalo
Comment Utility
I have send you the information.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
Dom,

The issue is that all the directories and their contents under the faboh25 directory are marked as encrypted.
IIS when accessing these can not decrypt them which is why it generates a prompt to the viewer for authentication.  The system can not generate an authentication request to a non-interactive session which is what index.php's include includes/defines.php tries to do. in this server transaction the result is immidiate, access denied. and the error is displayed in the browser.

http://www.faboh.com/faboh25/media and any other directory there will generate the same prompt.
0
 

Author Comment

by:domgarofalo
Comment Utility
Thank you! Is there a way to unencrypt the files. I wonder if my Mac did this when I generated the .zip file.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Are the files encrypted on your mac?
open the zip rather than uncompressing it and see what attributes there are reflected for files in the media folder.

I can not answer what the source of the encryption is.
See whether you can upon login view the contents of the files directly, if you can, that means your user has decryption rights, which means you can uncheck the encrypt (properties of file/directory, advanced, uncheck the encrypt files for security) and apply that should decrypt the files.
make sure to try on a single file if successful run it on the directories. within the faboh25.
0
 

Author Comment

by:domgarofalo
Comment Utility
I lost that .zip file with my other computer. I am going to try a couple of things in the server with .zip files and I'll let you know what happens.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Before you go looking at the zip file, check whose certificate is referenced as the encryptor properties of an encrypted file, advanced, details it should tell you whose EFS certificate is allowed to decryp this file.

The encrypt might have been a simple error i.e. the user with which you logged in and unzipped the files, could be the user for whom the system generated and created the EFS cert and whose cert was used to decrypt.

I remember you mentioned spilling acetone on the keyboard, is the mac done for?

Do you have the zip file on this system still where you uncompressed the data?
0
 

Author Comment

by:domgarofalo
Comment Utility
I checked for the certificate in the encryptor properties, couldn't find anything.

As far as I know, Mac doesn't encrypt the files when it creates a .zip file unless you specifically add it.

Yes, the Mac is done for. The .zip file is on the desktop, I took it out of the Recycle Bin.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
look at the rdp connection under the username you sent me.  The encryption was done by domgarofalo.
Login as that user, and you should be able to decrypt those files.

Under the user you provided, I did not have access to the Zip.

properties of a file, advanced, detail will show you who encrypted the files.
0
 

Author Comment

by:domgarofalo
Comment Utility
Arnold, I logged in and decrypted the files. Same error still. Good news though, in IIS Manager under Authentication I disabled Windows Authentication and the faboh26 folder works now! I still have no ideal how the files in faboh25 were encrypted.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
It looks like the user when creating the faboh25 folder, you might have checked the encrypt contents option it could have been through the app you were using to unzip/uncompress the zip file.  no way to know. i.e. the app has an option to set attributes on the folders to which it is extracting data one of which is encrypt contents.

The difficulty to explain why the decrypted files resulted in the same error is not clear. i.e. whether not all files decrypted or the attempt did not go well, or something else is still interferring with the access .......

glad you have it resolved by using a new directory tree with.
Windows authentication is only an issue when anonymous access is not automatically granted.
0
 

Author Closing Comment

by:domgarofalo
Comment Utility
Great Expert!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now