remote file access fails

[Rene' Nielsen]

Context:
Running Windows 2003 Server on an intranet.

A web is configured with an anonymous access account that is a domain account that has been granted the desired access to a file on another server in the domain.

An asp page in the web attempts to open (or any other access) the remote file and fails.

Auditing is enabled on the remote system and for the file in question but no access denied records are being
recorded.

If the ASP is changed to access any file on the local server it works (regardless of location on the server).

Question: Why?

Is there a constraint that I am unaware of that precludes access to remote resources (via a redirector) through ASP? Or am I just missing something obvious?

Any suggestions on how to gather additional diagnostic info on this if it is possible?

TIA

 

[Ray at]

Plain text reply:

You're using a domain account for IIS, yes?
And the domain account has NTFS and share permissions to the resource, yes?
Is the IIS server able to resolve the servername?
When you log on to the IIS server as this account that you are using for IIS
and try to access the share via UNC, can you access it?
Are you getting an error?
How are you trying to access it?

Ray at work

Context:
Running Windows 2003 Server on an intranet.

A web is configured with an anonymous access account that is a domain
account that has been granted the desired access to a file on another server
in the domain.

An asp page in the web attempts to open (or any other access) the remote
file and fails.

Auditing is enabled on the remote system and for the file in question but no
access denied records are being
recorded.

If the ASP is changed to access any file on the local server it works
(regardless of location on the server).

Question: Why?

Is there a constraint that I am unaware of that precludes access to remote
resources (via a redirector) through ASP? Or am I just missing something
obvious?

Any suggestions on how to gather additional diagnostic info on this if it is
possible?

TIA

 

[Rene' Nielsen]

Thanks for your rapid reply.

Yes, I am using a domain account as the anonymous account for the web
hosting the ASP page.

Yes, the domain account has NTFS and share permissions to the remote
resource.

Yes, the IIS server is able to resolve the servername.

Yes, I can access the remote resource when logged onto the server hosting
IIS when I interactively use the domain account configured as the IIS web
anonymous account.

No, I am not receiving an error, at least not one I can find.

Here is a sample vbScript that has been tried on the ASP page that fails
silently:

If FSO.FileExists(\\remoteserver\sharename\firstfolder\afile.XML) Then
Request.Write("exists")
Else
Request.Write("no-go")
End If

This code returns "no-go" in with the configuration described. Also, if I
map the remote share to a local drive letter the behavior persists (in the
above case the path becomes "Q:\firstfolder\afile.XML"). However if the
path is "C:\foo.xml" the code returns "exists" as desired.

==========================================================================

 

[Ray at]

Here is a sample vbScript that has been tried on the ASP page that fails
silently:

If FSO.FileExists(\\remoteserver\sharename\firstfolder\afile.XML) Then
Request.Write("exists")
Else
Request.Write("no-go")
End If

Do you have an On Error Resume Next?

Try doing this:

Set f = FSO.GetFile("\\remoteserver\sharename\firstfolder\afile.xml")

If there's a permissions problem, you should receive an error.

This code returns "no-go" in with the configuration described. Also, if I
map the remote share to a local drive letter the behavior persists (in the
above case the path becomes "Q:\firstfolder\afile.XML"). However if the
path is "C:\foo.xml" the code returns "exists" as desired.

I don't believe the drive mapping will work anyway, because although the
drive may map when you log in as this account that you're using for IIS, I
don't think that the user's shell environment is loaded with the IIS
service. But it doesn't matter much. The UNC path should work.

Also, try changing the IWAM account to that same account for the sake of
seeing if that's an issue.

Ray at work

 

[Aaron Bertrand - MVP]

and fails.

What does "fails" mean?

Remember that ASP by default runs under a *local* account called
IUSR_machinename, and that this user is *not* in the "Everyone" group on a
different server, unless you disable password synchronization, set the
password for the local IUSR account, and create an identical local account
on the machine that is hosting the file share. For more info and some KB
article links, see http://www.aspfaq.com/2168