[No relevant source lines]

TheMSsForum.com: The Microsoft Software Forum

WS2008 box using IIS7 on subnet 192.168.100.x is trying to connect to a
storage array on 192.168.200.x.

I have an IP, 192.168.100.220, that allows me read-only access from the .100
subnet to the storage array on the .200 subnet. I can map a drive through
this link and read any files on the storage array.

Now I'm trying to get http access to these files via IIS7 using a UNC as the
path. I was able to create a virtual directory using the UNC and a common
userid/password for authentication. I was able to place a web.config on the
UNC and I enabled Directory Browsing.

This was all working fine, for about 5 minutes! I was able to browse to the
VD and it was working... I swear it was working.

I tried the http connection this morning and am now getting the following
error.

Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.

Parser Error Message: An error occurred loading a configuration file: Failed
to start monitoring changes to '\\ptlpsrv04\bkodbc' because access is denied.

Source Error:

[No relevant source lines]


Source File: \\ptlpsrv04\bkodbc\web.config Line: 0




--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:2.0.50727.1434;
ASP.NET Version:2.0.50727.1434

The last thing I did last night before leaving was to install the IIS7
throttling app and the IIS7 playlist app CTP2.

Can anyone tell me why this would work one minute and not the next? I can
set up a local path as a VD and it works fine so I strongly suspect that it
is a security issue. But why would it work in the evening, I thried it
several times and from multiple machines, and then fail in the morning?

Thanks in advance for any hair you can save on my head!

--
stullhe104
Top

Re: [No relevant source lines] by Ken

Ken
Sun Apr 27 00:45:30 CDT 2008

Hi,

Beginning with IIS 7.0, the worker process identity also needs read
permission to the remote UNC share to be able to read config files. Have you
verified this?

Cheers
Ken

"Herb" <stullhe104@newsgroup.nospam> wrote in message
news:7EB518A7-7F74-4D52-A3E1-A96E8EB58237@microsoft.com...
> WS2008 box using IIS7 on subnet 192.168.100.x is trying to connect to a
> storage array on 192.168.200.x.
>
> I have an IP, 192.168.100.220, that allows me read-only access from the
> .100
> subnet to the storage array on the .200 subnet. I can map a drive through
> this link and read any files on the storage array.
>
> Now I'm trying to get http access to these files via IIS7 using a UNC as
> the
> path. I was able to create a virtual directory using the UNC and a common
> userid/password for authentication. I was able to place a web.config on
> the
> UNC and I enabled Directory Browsing.
>
> This was all working fine, for about 5 minutes! I was able to browse to
> the
> VD and it was working... I swear it was working.
>
> I tried the http connection this morning and am now getting the following
> error.
>
> Configuration Error
> Description: An error occurred during the processing of a configuration
> file
> required to service this request. Please review the specific error details
> below and modify your configuration file appropriately.
>
> Parser Error Message: An error occurred loading a configuration file:
> Failed
> to start monitoring changes to '\\ptlpsrv04\bkodbc' because access is
> denied.
>
> Source Error:
>
> [No relevant source lines]
>
>
> Source File: \\ptlpsrv04\bkodbc\web.config Line: 0
>
>
>
>
> --------------------------------------------------------------------------------
>
> Version Information: Microsoft .NET Framework Version:2.0.50727.1434;
> ASP.NET Version:2.0.50727.1434
>
> The last thing I did last night before leaving was to install the IIS7
> throttling app and the IIS7 playlist app CTP2.
>
> Can anyone tell me why this would work one minute and not the next? I can
> set up a local path as a VD and it works fine so I strongly suspect that
> it
> is a security issue. But why would it work in the evening, I thried it
> several times and from multiple machines, and then fail in the morning?
>
> Thanks in advance for any hair you can save on my head!
>
> --
> stullhe104

Top

Re: [No relevant source lines] by stullhe104

stullhe104
Sun Apr 27 06:30:00 CDT 2008

Hello Ken and thanks for the response.

Yes sir I can read files from the storage array as stated below where I say
"I can map a drive through this link and read any files on the storage array."

This drive mapping is done from the common userid that is used for
authentication to the storage array.

When I look at permissions fir the Virtual Directory I see that Everyone has
read/execute, read and list folder contents marked.

Is there something else that I'm missing?

Thanks again for your assistance...
Herb


--
stullhe104


"Ken Schaefer" wrote:

> Hi,
>
> Beginning with IIS 7.0, the worker process identity also needs read
> permission to the remote UNC share to be able to read config files. Have you
> verified this?
>
> Cheers
> Ken
>
> "Herb" <stullhe104@newsgroup.nospam> wrote in message
> news:7EB518A7-7F74-4D52-A3E1-A96E8EB58237@microsoft.com...
> > WS2008 box using IIS7 on subnet 192.168.100.x is trying to connect to a
> > storage array on 192.168.200.x.
> >
> > I have an IP, 192.168.100.220, that allows me read-only access from the
> > .100
> > subnet to the storage array on the .200 subnet. I can map a drive through
> > this link and read any files on the storage array.
> >
> > Now I'm trying to get http access to these files via IIS7 using a UNC as
> > the
> > path. I was able to create a virtual directory using the UNC and a common
> > userid/password for authentication. I was able to place a web.config on
> > the
> > UNC and I enabled Directory Browsing.
> >
> > This was all working fine, for about 5 minutes! I was able to browse to
> > the
> > VD and it was working... I swear it was working.
> >
> > I tried the http connection this morning and am now getting the following
> > error.
> >
> > Configuration Error
> > Description: An error occurred during the processing of a configuration
> > file
> > required to service this request. Please review the specific error details
> > below and modify your configuration file appropriately.
> >
> > Parser Error Message: An error occurred loading a configuration file:
> > Failed
> > to start monitoring changes to '\\ptlpsrv04\bkodbc' because access is
> > denied.
> >
> > Source Error:
> >
> > [No relevant source lines]
> >
> >
> > Source File: \\ptlpsrv04\bkodbc\web.config Line: 0
> >
> >
> >
> >
> > --------------------------------------------------------------------------------
> >
> > Version Information: Microsoft .NET Framework Version:2.0.50727.1434;
> > ASP.NET Version:2.0.50727.1434
> >
> > The last thing I did last night before leaving was to install the IIS7
> > throttling app and the IIS7 playlist app CTP2.
> >
> > Can anyone tell me why this would work one minute and not the next? I can
> > set up a local path as a VD and it works fine so I strongly suspect that
> > it
> > is a security issue. But why would it work in the evening, I thried it
> > several times and from multiple machines, and then fail in the morning?
> >
> > Thanks in advance for any hair you can save on my head!
> >
> > --
> > stullhe104
>
>
Top

Re: [No relevant source lines] by Ken

Ken
Sun Apr 27 20:34:50 CDT 2008

Hi,

I think you are missing the point. The identity of the "application pool"
needs to be able to read the remote share. By default this is "Network
Service". Network Service will connect using the Machine$ account. That
account probably does not have permission to the remote share.

Try changing the web app pool identity to a Domain user account. Verify that
the domain user account has Read permissions to the remote share, and then
try again.

Cheers
Ken

--
My IIS blog: http://adopenstatic.com/blog

"Herb" <stullhe104@newsgroup.nospam> wrote in message
news:48E9CBDD-8CC4-490F-8CCD-AB01A0EFB919@microsoft.com...
> Hello Ken and thanks for the response.
>
> Yes sir I can read files from the storage array as stated below where I
> say
> "I can map a drive through this link and read any files on the storage
> array."
>
> This drive mapping is done from the common userid that is used for
> authentication to the storage array.
>
> When I look at permissions fir the Virtual Directory I see that Everyone
> has
> read/execute, read and list folder contents marked.
>
> Is there something else that I'm missing?
>
> Thanks again for your assistance...
> Herb
>
>
> --
> stullhe104
>
>
> "Ken Schaefer" wrote:
>
>> Hi,
>>
>> Beginning with IIS 7.0, the worker process identity also needs read
>> permission to the remote UNC share to be able to read config files. Have
>> you
>> verified this?
>>
>> Cheers
>> Ken
>>
>> "Herb" <stullhe104@newsgroup.nospam> wrote in message
>> news:7EB518A7-7F74-4D52-A3E1-A96E8EB58237@microsoft.com...
>> > WS2008 box using IIS7 on subnet 192.168.100.x is trying to connect to a
>> > storage array on 192.168.200.x.
>> >
>> > I have an IP, 192.168.100.220, that allows me read-only access from the
>> > .100
>> > subnet to the storage array on the .200 subnet. I can map a drive
>> > through
>> > this link and read any files on the storage array.
>> >
>> > Now I'm trying to get http access to these files via IIS7 using a UNC
>> > as
>> > the
>> > path. I was able to create a virtual directory using the UNC and a
>> > common
>> > userid/password for authentication. I was able to place a web.config on
>> > the
>> > UNC and I enabled Directory Browsing.
>> >
>> > This was all working fine, for about 5 minutes! I was able to browse to
>> > the
>> > VD and it was working... I swear it was working.
>> >
>> > I tried the http connection this morning and am now getting the
>> > following
>> > error.
>> >
>> > Configuration Error
>> > Description: An error occurred during the processing of a configuration
>> > file
>> > required to service this request. Please review the specific error
>> > details
>> > below and modify your configuration file appropriately.
>> >
>> > Parser Error Message: An error occurred loading a configuration file:
>> > Failed
>> > to start monitoring changes to '\\ptlpsrv04\bkodbc' because access is
>> > denied.
>> >
>> > Source Error:
>> >
>> > [No relevant source lines]
>> >
>> >
>> > Source File: \\ptlpsrv04\bkodbc\web.config Line: 0
>> >
>> >
>> >
>> >
>> > --------------------------------------------------------------------------------
>> >
>> > Version Information: Microsoft .NET Framework Version:2.0.50727.1434;
>> > ASP.NET Version:2.0.50727.1434
>> >
>> > The last thing I did last night before leaving was to install the IIS7
>> > throttling app and the IIS7 playlist app CTP2.
>> >
>> > Can anyone tell me why this would work one minute and not the next? I
>> > can
>> > set up a local path as a VD and it works fine so I strongly suspect
>> > that
>> > it
>> > is a security issue. But why would it work in the evening, I thried it
>> > several times and from multiple machines, and then fail in the morning?
>> >
>> > Thanks in advance for any hair you can save on my head!
>> >
>> > --
>> > stullhe104
>>
>>

Top

Re: [No relevant source lines] by wjzhang

wjzhang
Mon Apr 28 04:02:31 CDT 2008

Hi Herb,

Another approach you try is using filemon to trace the I/O of WWW service.

http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx

1) Launch filemon,stop capture and click filter on its toolbar. Remove *
and input w3wp.exe;inetinfo.exe as the included string. (w3wp.exe is the
worker process of IIS. inetinfo.exe is the process of IIS Admin service.)

2) Change font if necessary(need restart filemon).

3) Start capture.

4) Try to login to the problem web site to reproduce the access denied
error.

5) Stop capture and save as the log.

Generally we should be able to find some access denied errors in the log
which may point out the root cause. Please send the filemon.log to me. I
will help review it.

My company email is: wjzhang@online.microsoft.com (please remove online.)

I look forward to your message.

Have a nice week.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


Top