Problems accessing files on another server

G

Geoff Lane

Development environment: Windows 2003 Server running IIS6 and the same
server running as a domain controller, DNS and DHCP servers.

Production environment: Windows 2000 Server SP4 running IIS5 and not used
to provide domain control or name services.

The two environments are on different networks with no trust relationship
between them. In both environments the web server is set up to disallow
anonymous access and to use integrated Windows authentication. The
application is vanilla ASP (i.e. not .NET) VBScript.

In the development environment, the following code runs flawlessly no
matter whether "myUNCPath" points to a share on the web server or a share
on another server in the same domain.

Set objFilesys = Server.CreateObject("Scripting.FileSystemObject")
If Not objFileSys.FolderExists(myUNCPath) Then
Set objFolder = objFileSys.CreateFolder(myUNCPath)
End If

However, in the production environment it falls over with a permission
denied error when "myUNCPath" is on another server and further testing
shows that the FolderExists method is returning false even when
"myUNCPath" exists. The network share is configured to give full control
to the Everyone group.

I've found http://support.microsoft.com/kb/207671 which although
referring to IIS4 suggests that the issue could be the authentication
method (I'm assuming that integrated Windows authentication is close
enough to NT Challenge/Response and so might generate a token that cannot
access network resources). I'm not sure of this is the problem because if
it were then the code shouldn't work in my development environment.

Any ideas on what's going wrong and how to access the network resources
in the production environemt?

TIA,
 
G

Geoff Lane

Everything I know about this issue is summarized here:
http://www.aspfaq.com/show.asp?id=2168

Thanks for that - much appreciated.

Your page led me to KB article 197964, which in a nutshell told me to run
the web server with anonymous access. This is something that I cannot do
because other pages in the same application make use of
Request.ServerVariables("AUTH_USER") and switching to anonymous access
would break them.

Additionally, attempting to force anonymous access for only the pages that
are affected by this issue won't work because (from the notes in KB article
264921) "When your browser establishes a connection with a Web site by
using Basic or Windows Integrated authentication, it does not fall back to
Anonymous during the rest of that session with the server. If you try to
connect to a Web page that is marked for Anonymous only after
authenticating, you are denied."

Because this issue doesn't appear in my development environment, I wonder
whether one of switching the DCs to Server 2003 and/or switching the web
server host to Server 2003 and/or upgrading from IIS5 to IIS6 would be a
long-term solution?

Thanks again,
 
B

Bob Barrows [MVP]

Geoff said:
Thanks for that - much appreciated.

Your page led me to KB article 197964, which in a nutshell told me to
run the web server with anonymous access. This is something that I
cannot do because other pages in the same application make use of
Request.ServerVariables("AUTH_USER") and switching to anonymous access
would break them.

Additionally, attempting to force anonymous access for only the pages
that are affected by this issue won't work because (from the notes in
KB article 264921) "When your browser establishes a connection with a
Web site by using Basic or Windows Integrated authentication, it does
not fall back to Anonymous during the rest of that session with the
server. If you try to connect to a Web page that is marked for
Anonymous only after authenticating, you are denied."

Because this issue doesn't appear in my development environment, I
wonder whether one of switching the DCs to Server 2003 and/or
switching the web server host to Server 2003 and/or upgrading from
IIS5 to IIS6 would be a long-term solution?
You might consider either of these solutions:
- creating a web service on the remote server.
- using ServerXMLHTTP to get results from a page on the remote server
(http://www.aspfaq.com/show.asp?id=2173)
 
G

Geoff Lane

You might consider either of these solutions:
- creating a web service on the remote server.
- using ServerXMLHTTP to get results from a page on the remote server

Much appreciated.

The application is intended to manage files on the remote server (actually,
multiple servers). It records which server and share stores the files for
each of a number of items and the routine that's failing is part of the
item setup. Searching the 'net suggests that server.transfer will fail for
the same reasons that cause this issue, so I'd have to pass the required
information to the remote server via the request object. Messy, but it
should work.

That said, the work-around I'm currently in the process of implementing is
to schedule the directory creation and have a scheduled task run some VBS
outside of IIS to actually do the deed.

In the meantime, I've discovered that my development network is using
Kerebos authentication and suspect the production environment uses NT
Challenge/Response. I'm waiting for the production network guru to call me
back with the relevant information. If it turns out that this would sort
out the situation, I can use the scheduled task for the time being and re-
implement to handle the directory creation in real-time once the production
network has completed migrating to Server 2003 etc.

Thanks again,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,480
Members
44,900
Latest member
Nell636132

Latest Threads

Top