Solved

Windows Server 2008 Permission Problem

Posted on 2014-12-31
38
114 Views
Last Modified: 2015-01-06
On the following site:

http://faboh.com/faboh25/

There is a permissions error in the folder that does not allow the folder open a stream and prevents the site from loading. I can connect to the server through Plesk or RDC. Permissions look good from what I can tell. This is site was running on my computer and migrated it to the remote server.

What else should I be checking?
0
Comment
Question by:domgarofalo
  • 20
  • 16
  • +1
38 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 40525838
what is line 18 in the PHP code what does it try to access and where is that file located?
It is likely a path related error that you missed
i.e. require or include "path/to/the/file" which works on your home system, but on this system the path/to/the/file is incorrect.
look at the file contents then see whether the required/include item is available on the remote system.

C:\Inetpub\vhosts\faboh.com\httpdocs\faboh25/includes/defines.php
does this file exist as listed on the server where it is generating the error?
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 40525839
Do you know what line 18 of that PHP script reads?
0
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 40525853
As a test, you could give the "Everyone" group full control and see what happens.  That will enable you to determine if it really is the permissions on this folder.  I've had it be the inetpub folder or the C:\Windows\System32\inetsrv folder before.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:domgarofalo
ID: 40525916
Arnold, here is the code for line 18:

      require_once JPATH_BASE.'/includes/defines.php';

I have confirmed that the file is there.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40525933
Run icacls on the includes and the file separately.
To see the permissions on includes does it inherit permissions from parent?

What are the contents of defines? Does it try to include/require a module that is not available on this system?
0
 

Author Comment

by:domgarofalo
ID: 40525934
Michael,

I don't have an 'Everyone' group that shows up in Group or Usernames on the Security tab.
Is there a way that I could add it?
0
 

Author Comment

by:domgarofalo
ID: 40525940
Arnold, could you give me an example of what icacl command to run? I am not very familiar with it.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526059
on the command line(start, run, cmd) navigate to c:\inetpub\vhosts\faboh.com\httpdocs\faboh25\includes\defines.php
when in vhosts
icaclc faboh.com
cd faboh.com
icacls httpdocs
cd httpdocs
icacls faboh25
cd faboh25
icacls includes
cd includes
icacls defines.php
0
 

Author Comment

by:domgarofalo
ID: 40526144
Thanks Arnold. I'll do that right away.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526148
What you are looking for is IUSR_systemname having rights.
Compare the results on your home system.

Is your site based in the same location?
Compare the website config on the home system to the one on the server.
0
 

Author Comment

by:domgarofalo
ID: 40526150
Ok, I did it. Still the same thing. Everything processed correctly.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526152
Try php empy page
<? Phpinfo();
?>
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526161
All icacls does is return the permission information, you need to see whether IIS has the requisite permissions.  The other thing is to check what defines.php does.

Does your IIs log, look at the error log to see what is going on.
0
 

Author Comment

by:domgarofalo
ID: 40526228
Arnold, here is what the info page says.

http://faboh.com/faboh25/info.php
0
 

Author Comment

by:domgarofalo
ID: 40526230
Here is what the defines.php says.

<?php
/**
 * @package            Joomla.Site
 * @subpackage      Application
 * @copyright      Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
 * @license            GNU General Public License version 2 or later; see LICENSE.txt
 */

// No direct access.
defined('_JEXEC') or die;

/**
 * Joomla! Application define.
 */

//Global definitions.
//Joomla framework path definitions.
$parts = explode(DIRECTORY_SEPARATOR, JPATH_BASE);

//Defines.
define('JPATH_ROOT',                  implode(DIRECTORY_SEPARATOR, $parts));

define('JPATH_SITE',                  JPATH_ROOT);
define('JPATH_CONFIGURATION',      JPATH_ROOT);
define('JPATH_ADMINISTRATOR',      JPATH_ROOT . '/administrator');
define('JPATH_LIBRARIES',            JPATH_ROOT . '/libraries');
define('JPATH_PLUGINS',                  JPATH_ROOT . '/plugins'  );
define('JPATH_INSTALLATION',      JPATH_ROOT . '/installation');
define('JPATH_THEMES',                  JPATH_BASE . '/templates');
define('JPATH_CACHE',                  JPATH_BASE . '/cache');
define('JPATH_MANIFESTS',            JPATH_ADMINISTRATOR . '/manifests');
0
 

Author Comment

by:domgarofalo
ID: 40526240
Here's the log from today.

2015-01-01 00:01:56 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 200 0 0 236 10437 556
2015-01-01 00:02:13 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 123.125.71.78 HTTP/1.1 Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) - - www.faboh.com 200 0 64 0 179 1290
2015-01-01 00:03:30 W3SVC5 FABOH2008 184.168.105.182 GET /proxy.php - 80 - 195.91.243.81 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0 param1=CookieString RefererString chek.zennolab.com 404 0 64 0 399 215
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 - - faboh.com 200 0 0 4860 178 1478
2015-01-01 00:07:01 W3SVC5 FABOH2008 184.168.105.182 POST /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 a9f53da081d866baf6db826a08490c96=7fb3c86877d5b622dec25ba4eed3cbf8 - faboh.com 303 0 0 391 476 835
2015-01-01 00:07:03 W3SVC5 FABOH2008 184.168.105.182 GET /administrator/index.php - 80 - 37.115.189.44 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:29.0)+Gecko/20100101+Firefox/29.0 a9f53da081d866baf6db826a08490c96=7fb3c86877d5b622dec25ba4eed3cbf8 - faboh.com 200 0 0 4960 463 1338
2015-01-01 00:09:52 W3SVC5 FABOH2008 184.168.105.182 GET / - 80 - 54.224.177.116 HTTP/1.1 Mozilla/5.0+(compatible;+linkdexbot/2.0;++http://www.linkdex.com/bots/) - - faboh.com 200 0 0 6800 175 2874
2015-01-01 00:10:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 500 0 64 0 21896 91022
2015-01-01 00:12:41 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/02-about-us - 80 - 66.249.65.46 HTTP/1.1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.faboh.com 200 0 0 7373 358 4115
2015-01-01 00:14:07 W3SVC5 FABOH2008 184.168.105.182 GET /docs/October2013.pdf - 80 - 180.76.6.136 HTTP/1.1 Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html) - - wwww.faboh.com 200 0 64 458752 236 4409
2015-01-01 00:15:54 W3SVC5 FABOH2008 184.168.105.182 GET /robots.txt - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+bingbot/2.0;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 1156 265 49
2015-01-01 00:16:01 W3SVC5 FABOH2008 184.168.105.182 GET /index.php/03-resources/members/becoming-a-member - 80 - 157.55.39.79 HTTP/1.1 Mozilla/5.0+(compatible;+bingbot/2.0;++http://www.bing.com/bingbot.htm) - - www.faboh.com 200 0 0 6933 316 997
2015-01-01 00:25:28 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 69.253.215.179 HTTP/1.1 Mozilla/5.0+(iPad;+CPU+OS+8_1_1+like+Mac+OS+X)+AppleWebKit/600.1.4+(KHTML,+like+Gecko)+Version/8.0+Mobile/12B435+Safari/600.1.4 - http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_28589106.html faboh.com 200 0 64 0 446 5414
2015-01-01 00:27:10 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 500 0 64 0 20250 72383
2015-01-01 00:36:53 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25 - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 301 0 0 397 588 468
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/ - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 200 0 0 599 589 3377
2015-01-01 00:36:56 W3SVC5 FABOH2008 184.168.105.182 GET /faboh25/info.php - 80 - 65.29.161.116 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_10_1)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/39.0.2171.95+Safari/537.36 becd650dad895babdaf7064434268714=86794ea85232b6a10446664b01411aff;+__utma=24957741.1867704672.1419987415.1420055430.1420066119.4;+__utmc=24957741;+__utmz=24957741.1419987415.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) - faboh.com 200 0 0 14897 597 1356
2015-01-01 00:37:31 W3SVC5 FABOH2008 184.168.105.182 HEAD / - 80 - 208.93.104.7 HTTP/1.1 http://www.yellowpages.com/about/legal/crawl - - faboh.com 200 0 0 382 94 1027
2015-01-01 00:45:29 W3SVC5 FABOH2008 184.168.105.182 POST /templates/atomic/css/blueprint/plugins/buttons/icons/simple.php - 80 - 82.118.18.168 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/34.0.1847.131+Safari/537.36 - - faboh.com 200 0 64 0 20570 31704
0
 

Author Comment

by:domgarofalo
ID: 40526243
I did a search for 'defines.php' in the log and could not find it. There is already a site running in the root of this domain just fine. When I move the folders and files from the 'faboh25' folder to the root I get the same error. I need to get it to work in the 'faboh25' folder before I move it to the root or I will end up with the same problem.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526280
Your issue is a direct result of the defines.php file try accessing it directly, it will prompt you login credentials.
The  current defines.php does not prompt for authentication.
Try reapplying the permissions from faboh25 down to the child objects.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526282
Defines.php is motte quested by the browser, the index.php and related errors should be in the Iis/php error log

You should remove/disable access to the info.php page.
0
 

Author Comment

by:domgarofalo
ID: 40526330
Arnold, what would be the steps to reapply those permissions?
0
 
LVL 77

Expert Comment

by:arnold
ID: 40526334
The includes folder seems to be the one missing access rights.

Using explorer navigate to the faboh25 folder.
Right click on the includes folder and select properties, advanced, make sure it has inherit permission from parent.
Then see.

When you ran icacls,
Presumably the current defines.php file should be the same as the faboh25.
0
 

Author Comment

by:domgarofalo
ID: 40529845
Arnold, I tried that and I am still having the same problem.
0
 

Author Comment

by:domgarofalo
ID: 40529846
Sorry for the delay between posts. I spilled acetone all over the keyboard of my MacBook Air and it totally wrecked it. I am back with a different computer.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40529872
Double check the permissions on the includes that currently work versus the ones on the one that does not.

Do you have faboh25 setup as a virtual directory or is the data loaded there
How about the includes?
Trying to figure out the source of the login prompt to the includes within faboh25

If they are virtual directories, make sure anonymous access is allowed, security tab.
0
 

Author Comment

by:domgarofalo
ID: 40529929
Arnold, is there any way I could give you access to my server without posting the credentials here?
0
 
LVL 77

Expert Comment

by:arnold
ID: 40530155
You could email me: aktrader2 at excite.com. Ip and password for a new temporary username  eexchange as the username whose logon hours you could limit to a short window (1-2hours) after your post here that email was sent.
0
 

Author Comment

by:domgarofalo
ID: 40531420
Arnold, sorry for the delay. I will email you those credentials today.
0
 

Author Comment

by:domgarofalo
ID: 40531614
I have send you the information.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 40531881
Dom,

The issue is that all the directories and their contents under the faboh25 directory are marked as encrypted.
IIS when accessing these can not decrypt them which is why it generates a prompt to the viewer for authentication.  The system can not generate an authentication request to a non-interactive session which is what index.php's include includes/defines.php tries to do. in this server transaction the result is immidiate, access denied. and the error is displayed in the browser.

http://www.faboh.com/faboh25/media and any other directory there will generate the same prompt.
0
 

Author Comment

by:domgarofalo
ID: 40531899
Thank you! Is there a way to unencrypt the files. I wonder if my Mac did this when I generated the .zip file.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40531928
Are the files encrypted on your mac?
open the zip rather than uncompressing it and see what attributes there are reflected for files in the media folder.

I can not answer what the source of the encryption is.
See whether you can upon login view the contents of the files directly, if you can, that means your user has decryption rights, which means you can uncheck the encrypt (properties of file/directory, advanced, uncheck the encrypt files for security) and apply that should decrypt the files.
make sure to try on a single file if successful run it on the directories. within the faboh25.
0
 

Author Comment

by:domgarofalo
ID: 40532062
I lost that .zip file with my other computer. I am going to try a couple of things in the server with .zip files and I'll let you know what happens.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40532080
Before you go looking at the zip file, check whose certificate is referenced as the encryptor properties of an encrypted file, advanced, details it should tell you whose EFS certificate is allowed to decryp this file.

The encrypt might have been a simple error i.e. the user with which you logged in and unzipped the files, could be the user for whom the system generated and created the EFS cert and whose cert was used to decrypt.

I remember you mentioned spilling acetone on the keyboard, is the mac done for?

Do you have the zip file on this system still where you uncompressed the data?
0
 

Author Comment

by:domgarofalo
ID: 40532464
I checked for the certificate in the encryptor properties, couldn't find anything.

As far as I know, Mac doesn't encrypt the files when it creates a .zip file unless you specifically add it.

Yes, the Mac is done for. The .zip file is on the desktop, I took it out of the Recycle Bin.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40532477
look at the rdp connection under the username you sent me.  The encryption was done by domgarofalo.
Login as that user, and you should be able to decrypt those files.

Under the user you provided, I did not have access to the Zip.

properties of a file, advanced, detail will show you who encrypted the files.
0
 

Author Comment

by:domgarofalo
ID: 40533545
Arnold, I logged in and decrypted the files. Same error still. Good news though, in IIS Manager under Authentication I disabled Windows Authentication and the faboh26 folder works now! I still have no ideal how the files in faboh25 were encrypted.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40533633
It looks like the user when creating the faboh25 folder, you might have checked the encrypt contents option it could have been through the app you were using to unzip/uncompress the zip file.  no way to know. i.e. the app has an option to set attributes on the folders to which it is extracting data one of which is encrypt contents.

The difficulty to explain why the decrypted files resulted in the same error is not clear. i.e. whether not all files decrypted or the attempt did not go well, or something else is still interferring with the access .......

glad you have it resolved by using a new directory tree with.
Windows authentication is only an issue when anonymous access is not automatically granted.
0
 

Author Closing Comment

by:domgarofalo
ID: 40534024
Great Expert!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question