Classic ASP vs MS Access folder permissions. Microsoft OLE DB Provider for ODBC Drivers error '80004005'

Hi

On Friday I moved a legacy MSAccess mdb database to a new server. Monday morning I had a few gremlins that needed ironing out, but nothing too taxing.

My one remaining issue is some classic asp reports I wrote in the dark ages. I understand that my issue is folder permissions based. My IIS server (different box still running S2003, - being retired soon) doesn't have read/write permissions on the new database directory.

Incidentally, if I change the path in my connect string to \\servername\Blah\Blah\Blah\Any\Old\Rubbish.mdb I get the exact same error.


Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot open the file '(unknown)'. It is already opened exclusively by another user, or you need permission to view its data.

/intranet/reports/timelog/default2.asp, line 45


I have copied the permissions from my old directory (I note I had added an IUSR account in there), and even gave Everyone full access to the new directory but still get the same error.

My inetinfo / IIS service runs on my server as 'Local Account'. I believe this is where my problem lies.

Just for info, here is an example of my connect string / connection.

     DSN="Driver={Microsoft Access Driver (*.mdb)};Dbq=\\SERVERNAME\ShareName$\Databases\dbname.mdb;"
      Conn.Open DSN


Any ideas because I am running out of them!!

Many thanks
noooodlezAsked:
Who is Participating?
 
noooodlezConnect With a Mentor Author Commented:
I think the simest solution this is to move my web server.

I may try setting a junction point first but don't think these will work on network locations.
0
 
Dave BaldwinFixer of ProblemsCommented:
In another question, we found that you can't give IIS permissions on a folder on another computer using share name.  It simply won't do it.  The only thing that may have worked is to create a mapped drive so that you have a local drive letter that you can use.  Even then you will probably have to give 'Everyone' read/write permissions so it is basically wide open to anyone.
0
 
Robert ShermanOwnerCommented:
Since you've likely tried numerous things and are running out of ideas...

I would try setting security auditing on the folder that the MDB file is in on the server.   Set both Success and Failure auditing for Everyone.  You may need to also turn on Auditing in Local Security Policy.   Once you've done this, try accessing the ASP page that calls the database in question.  After you receive the error message, open up the event viewer on the server and check the security log to see if you have either success or failure events for your MDB file.  This would confirm that it is in fact a permissions issue and not some other oddity.

If you don't see any events in the security log related to the MDB file, do a quick sanity check by opening the database file locally on that machine just to confirm that you get a Success event in the log (to make sure auditing is working).  

Once you're satisfied with the result, don't forget to return the auditing settings back to their previous configuration.

It's been awhile since I've dealt with IIS to Access over network issues, but I seem to recall some unusual behaviours in the past.  My initial instinct when I read that error was "is the server even trying to hit that file?" so I feel like I've encountered this before... :D
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
To expand on Dave's suggestion, you can create a virtual folder from a network share, which you will then be able to access like any other folder within your site. You'll also need to set permissions to that virtual folder, assuming you use the default App Pools, give access to your IUSR account, as well as your NETWORK SERVICES account
0
 
Dan McFaddenSystems EngineerCommented:
Have you tried running your AppPool with a named domain account instead of the local account.

I would try the following:

1. create an account in the domain (user only, not an admin in domain or locally)
2. add this account to the local iis server's "IIS_IUSRS" group
3. configure your site's AppPool with this domain account
4. grant this domain account read/write access on the share
5. test site

I would also check that you can see the full details of the errors your page is returning:

link:  http://www.dondraper.com/2011/01/500-internal-server-error-from-iis-7-5-on-windows-2008-r2/

The settings are the same for IIS7 onward.

Dan
0
 
noooodlezAuthor Commented:
Hi, sorry for delay.
This is what I have tried.

1) Mapped drive doesn't work.

2) Turned on Auditing and viewed the failed attempt hitting the file.

An account failed to log on.

Subject:
	Security ID:		DOMAIN\administrator
	Account Name:		administrator
	Account Domain:		DOMAIN
	Logon ID:		0x126860

Logon Type:			3 (network)

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		Guest
	Account Domain:		AXSERVER

Failure Information:
	Failure Reason:		Account currently disabled.
	Status:			0xc000006e
	Sub Status:		0xc0000072

Process Information:
	Caller Process ID:	0x5ac
	Caller Process Name:	C:\Windows\explorer.exe

Network Information:
	Workstation Name:	AXSERVER
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested

Open in new window


Not sure what useful information I can glean from this but at least I know it is hitting the file.

3) I have created a virtual folder. I don't profess to be an IIS expert but how did I not know about that?!! This seems to have got us the closest as I can now browse the network directory as though it were local (resolving my network security issues). The issue is that my connect string syntax does not like a http://virtualtDir/databases/db.mdb path.

I do get a different odbc error though. [Microsoft][ODBC Microsoft Access Driver] Not a valid file name.

Do you happen to know if I can use file://xxxxx in my connect string. I have tried various iterations and has failed on every attempt!

example connect string..... DSNtest="Driver={Microsoft Access Driver (*.mdb)};Dbq=http://webserver/databases/db.mdb;"

4) I tried Dan's method. Whilst I find this tidiest, I broke my production environment changing Application pool users and had to roll back my iis config due to time constraints.


I would like to progress the virtual folders method. This seems 99% there but I don't know if I can get my connect string to accept the datasource. I suppose SMB and http are fundamentally different!?

Thanks for all of your help,
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
treat your virtual folder like you would any other folder within your site, so try:

DSNtest="Driver={Microsoft Access Driver (*.mdb)};Dbq=/databases/db.mdb;"
0
 
Dave BaldwinFixer of ProblemsCommented:
SMB and http are fundamentally different
Yes.  SMB can have read/write access which you need for an MDB.  HTTP does not provide similar access.  It is usually only read access which would not allow you to make change to the database.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
does the virtual folder idea not work for you?
0
 
noooodlezAuthor Commented:
Hi All. Apologies, just spotted I missed closing this thread. Eventually, after much messing with folder redirects, junction points and permissions, I migrated my iis setup so it was local to the databases.

Never found a work around to the original problem, but as soon as the mdb was local all worked fine.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.