Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Classic ASP vs MS Access folder permissions. Microsoft OLE DB Provider for ODBC Drivers error '80004005'

Posted on 2015-02-03
10
Medium Priority
?
126 Views
Last Modified: 2015-08-04
Hi

On Friday I moved a legacy MSAccess mdb database to a new server. Monday morning I had a few gremlins that needed ironing out, but nothing too taxing.

My one remaining issue is some classic asp reports I wrote in the dark ages. I understand that my issue is folder permissions based. My IIS server (different box still running S2003, - being retired soon) doesn't have read/write permissions on the new database directory.

Incidentally, if I change the path in my connect string to \\servername\Blah\Blah\Blah\Any\Old\Rubbish.mdb I get the exact same error.


Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot open the file '(unknown)'. It is already opened exclusively by another user, or you need permission to view its data.

/intranet/reports/timelog/default2.asp, line 45


I have copied the permissions from my old directory (I note I had added an IUSR account in there), and even gave Everyone full access to the new directory but still get the same error.

My inetinfo / IIS service runs on my server as 'Local Account'. I believe this is where my problem lies.

Just for info, here is an example of my connect string / connection.

     DSN="Driver={Microsoft Access Driver (*.mdb)};Dbq=\\SERVERNAME\ShareName$\Databases\dbname.mdb;"
      Conn.Open DSN


Any ideas because I am running out of them!!

Many thanks
0
Comment
Question by:noooodlez
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40585916
In another question, we found that you can't give IIS permissions on a folder on another computer using share name.  It simply won't do it.  The only thing that may have worked is to create a mapped drive so that you have a local drive letter that you can use.  Even then you will probably have to give 'Everyone' read/write permissions so it is basically wide open to anyone.
0
 
LVL 7

Expert Comment

by:Robert Sherman
ID: 40586035
Since you've likely tried numerous things and are running out of ideas...

I would try setting security auditing on the folder that the MDB file is in on the server.   Set both Success and Failure auditing for Everyone.  You may need to also turn on Auditing in Local Security Policy.   Once you've done this, try accessing the ASP page that calls the database in question.  After you receive the error message, open up the event viewer on the server and check the security log to see if you have either success or failure events for your MDB file.  This would confirm that it is in fact a permissions issue and not some other oddity.

If you don't see any events in the security log related to the MDB file, do a quick sanity check by opening the database file locally on that machine just to confirm that you get a Success event in the log (to make sure auditing is working).  

Once you're satisfied with the result, don't forget to return the auditing settings back to their previous configuration.

It's been awhile since I've dealt with IIS to Access over network issues, but I seem to recall some unusual behaviours in the past.  My initial instinct when I read that error was "is the server even trying to hit that file?" so I feel like I've encountered this before... :D
0
 
LVL 34

Expert Comment

by:Big Monty
ID: 40586667
To expand on Dave's suggestion, you can create a virtual folder from a network share, which you will then be able to access like any other folder within your site. You'll also need to set permissions to that virtual folder, assuming you use the default App Pools, give access to your IUSR account, as well as your NETWORK SERVICES account
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 29

Expert Comment

by:Dan McFadden
ID: 40586676
Have you tried running your AppPool with a named domain account instead of the local account.

I would try the following:

1. create an account in the domain (user only, not an admin in domain or locally)
2. add this account to the local iis server's "IIS_IUSRS" group
3. configure your site's AppPool with this domain account
4. grant this domain account read/write access on the share
5. test site

I would also check that you can see the full details of the errors your page is returning:

link:  http://www.dondraper.com/2011/01/500-internal-server-error-from-iis-7-5-on-windows-2008-r2/

The settings are the same for IIS7 onward.

Dan
0
 

Author Comment

by:noooodlez
ID: 40628449
Hi, sorry for delay.
This is what I have tried.

1) Mapped drive doesn't work.

2) Turned on Auditing and viewed the failed attempt hitting the file.

An account failed to log on.

Subject:
	Security ID:		DOMAIN\administrator
	Account Name:		administrator
	Account Domain:		DOMAIN
	Logon ID:		0x126860

Logon Type:			3 (network)

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		Guest
	Account Domain:		AXSERVER

Failure Information:
	Failure Reason:		Account currently disabled.
	Status:			0xc000006e
	Sub Status:		0xc0000072

Process Information:
	Caller Process ID:	0x5ac
	Caller Process Name:	C:\Windows\explorer.exe

Network Information:
	Workstation Name:	AXSERVER
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested

Open in new window


Not sure what useful information I can glean from this but at least I know it is hitting the file.

3) I have created a virtual folder. I don't profess to be an IIS expert but how did I not know about that?!! This seems to have got us the closest as I can now browse the network directory as though it were local (resolving my network security issues). The issue is that my connect string syntax does not like a http://virtualtDir/databases/db.mdb path.

I do get a different odbc error though. [Microsoft][ODBC Microsoft Access Driver] Not a valid file name.

Do you happen to know if I can use file://xxxxx in my connect string. I have tried various iterations and has failed on every attempt!

example connect string..... DSNtest="Driver={Microsoft Access Driver (*.mdb)};Dbq=http://webserver/databases/db.mdb;"

4) I tried Dan's method. Whilst I find this tidiest, I broke my production environment changing Application pool users and had to roll back my iis config due to time constraints.


I would like to progress the virtual folders method. This seems 99% there but I don't know if I can get my connect string to accept the datasource. I suppose SMB and http are fundamentally different!?

Thanks for all of your help,
0
 
LVL 34

Expert Comment

by:Big Monty
ID: 40628455
treat your virtual folder like you would any other folder within your site, so try:

DSNtest="Driver={Microsoft Access Driver (*.mdb)};Dbq=/databases/db.mdb;"
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40628892
SMB and http are fundamentally different
Yes.  SMB can have read/write access which you need for an MDB.  HTTP does not provide similar access.  It is usually only read access which would not allow you to make change to the database.
0
 

Accepted Solution

by:
noooodlez earned 0 total points
ID: 40646370
I think the simest solution this is to move my web server.

I may try setting a junction point first but don't think these will work on network locations.
0
 
LVL 34

Expert Comment

by:Big Monty
ID: 40647773
does the virtual folder idea not work for you?
0
 

Author Closing Comment

by:noooodlez
ID: 40913059
Hi All. Apologies, just spotted I missed closing this thread. Eventually, after much messing with folder redirects, junction points and permissions, I migrated my iis setup so it was local to the databases.

Never found a work around to the original problem, but as soon as the mdb was local all worked fine.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Traditionally, the method to display pictures in Access forms and reports is to first download them from URLs to a folder, record the path in a table and then let the form or report pull the pictures from that folder. But why not let Windows retr…
Explore the ways to Unlock VBA Project Password Excel 2010 & 2013 documents. Go through the article and perform the steps carefully to remove VBA Excel .xls file.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question