Permissions issue with virtual directory to UNC path
I have a virtual directory in my site (test environment). It is a UNC share which is also used as a public FTP.
It is configured to connect as a domain admin account and “Test settings” says everything appears to be working. However when I try to connect to it I get:
500 – “Failed to start monitoring
changes on
INTRANETFTPtestweb.config because
access was denied”
This is an ASP.NET YSOD. I am not sure why ASP.NET is getting involved at all as it’s a static .jpg file I’m requesting.
I tried turning on failed request tracing and this is the specific error:
- ModuleName WindowsAuthentication
- Notification 2
- HttpStatus 500
- HttpReason Internal Server Error
- HttpSubStatus 0
- ErrorCode 0
- ConfigExceptionInfo
- Notification AUTHENTICATE_REQUEST
- ErrorCode The operation completed successfully. (0×0)
If I change the “Physical Path Logon Type” from ClearText to Network. I get the following IIS error:
HTTP Error 500.19 – Internal Server
Error The requested page cannot be
accessed because the related
configuration data for the page is
invalid.Detailed Error Information
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0×80070005
Config Error Cannot read configuration
file due to insufficient permissions
Config File ?UNCINTRANETFTPtestweb.config
Requested URL
http://test.mydowmain.com:80/uploads/images/ca49acf6-6174-412e-8abd-59fab983e931.jpgPhysical Path
INTRANETFTPtestimagesca49acf6-6174-412e-8abd-59fab983e931.jpgLogon Method Not yet determined
Logon User Not yet determined
Failed Request Tracing Log Directory C:inetpublogsFailedReqLogFiles
This does not generate a failed request log strangely enough – I have set the failed request tracing to trace errors with error codes 400-999.
Also worth noting is that if I open the Configuration feature from within IIS I see an access denied error.
I have exactly the same set up on my local dev machine to the same UNC path and the same user it works. Just on the test server it does not.
What am I doing wrong?
The fact that it’s an ASP.net app is probably exactly what the issue is here. Your application pool identity has to have rights (not necessarily the IIS identity; by default, the app pool identity is the local Network Service account.) You also probably need to run caspol.exe on your IIS machine.
http://msdn.microsoft.com/en-us/library/cb6t8dtz%28v=vs.80%29.aspx
http://learn.iis.net/page.aspx/50/aspnet-20-35-shared-hosting-configuration/
%windir%Microsoft.NETFrameworkv2.0.50727caspol -m -ag 1. -url "file://\remotefileservercontent$*" FullTrust
Check more discussion of this question.
Related posts:
- IIS 6 – how to create virtual directory like /my/custom/path
- How to split parent path of a unc path by using powershell?
- IIS7: How to restrict virtual directory access to specific IP
- How to give PHP permissions to write to files without globally opening up permissions to the directory
- Basic IIS7 permissions question
Leave a comment
Recent Posts
- What is the easiest way to upgrade my existing Perl 5.14 to Perl 5.16 on FreeBSD 9 using the ports system?
- Know if mysql has done its job
- Redirect https .com to https .co.uk without a valid SSL cert on .com without DNS change
- Why is it a bad idea to use customer email as from address
- 100% packets dropped on first RX queue on 3/5 raid6 iSCSI NAS devices using intel igb (resolved)