IIS Servers in a DMZ Zone, configured inÂ a Workgroup.
Clustered File Servers in the corporate network, in a Domain environment.
All servers are running Windows Server 2008 R2.
When IIS web app tries to access the clustered file server hosted in the domain, it shows Access Denied.
Path to Solution:
On running Procmon.exe, w3wp.exe shows that it is trying to authenticate using whichever account. So I check my IIS Config and make sure that it is using an account which has rights to access the cluster file serverÂ in the domain.
Solution 1 – Ensure that your IIS is configured correctly with a user account that has the access rights to the cluster file server.
If the above does not solve the problem, please continue with Solution 2.
Solution 2 – Ensure that the username and password is the same between the domain server and the Workgroup IIS Server
If my clustered file server is using the following name:
Then my Workgroup IIS Server should have a local user created with the following name:
(IISSERVER is the name of the IIS Server)
(Make sure that all of your IIS Servers have the same username and password created as well)
Solution 3 – Use ICACLS.EXE to provide the rights to the clustered files
Now that you have the same user created on both server (Domain and Workgroup), we will have to use ICACLS.exe to provide the permission (No, using the GUI does not work):
1. Map the shared cluster to Y: Drive
2. Open Command Prompt and execute the following:
icacls y:\SHAREDFOLDER /grant WEBAPP:(OI)(CI)RXW /T
(Replace the SHAREDFOLDER to the folder that your web application needs to access; Replace the WEBAPP with the username that you created in Solution 2)
Hope this helps someone out there!
Posted in MS News | Comments Off on IIS in Workgroup, Clustered File Server in a Domain – Access Denied