Monday, February 20, 2017
  • Home
  •             

IIS in Workgroup, Clustered File Server in a Domain – Access Denied

February 28th, 2014 by Jabez Gan [MVP]

Environment:

IIS Servers in a DMZ Zone, configured in a Workgroup.

Clustered File Servers in the corporate network, in a Domain environment.

All servers are running Windows Server 2008 R2.

 

Problem:

When IIS web app tries to access the clustered file server hosted in the domain, it shows Access Denied.

 

Path to Solution:

On running Procmon.exe, w3wp.exe shows that it is trying to authenticate using whichever account. So I check my IIS Config and make sure that it is using an account which has rights to access the cluster file server in the domain.

Solution 1 – Ensure that your IIS is configured correctly with a user account that has the access rights to the cluster file server.

Specify the correct user account under Identity in the Advanced Setting

 

 

 

 

 

 

 

 

Select the Application Pool that this web application should use.

If the above does not solve the problem, please continue with Solution 2.

 

Solution 2 – Ensure that the username and password is the same between the domain server and the Workgroup IIS Server

If my clustered file server is using the following name:

User: domain\webapp
Password: Pa$$w0rd

Then my Workgroup IIS Server should have a local user created with the following name:

User: IISSERVER\webapp
Password: Pa$$w0rd

(IISSERVER is the name of the IIS Server)

(Make sure that all of your IIS Servers have the same username and password created as well)

 

Solution 3 – Use ICACLS.EXE to provide the rights to the clustered files

Now that you have the same user created on both server (Domain and Workgroup), we will have to use ICACLS.exe to provide the permission (No, using the GUI does not work):

1. Map the shared cluster to Y: Drive

2. Open Command Prompt and execute the following:

icacls y:\SHAREDFOLDER /grant WEBAPP:(OI)(CI)RXW /T

(Replace the SHAREDFOLDER to the folder that your web application needs to access; Replace the WEBAPP with the username that you created in Solution 2)

 

Hope this helps someone out there!

Posted in MS News | Comments Off on IIS in Workgroup, Clustered File Server in a Domain – Access Denied