Problems accessing files on another server
Problems accessing files on another server
am 18.05.2007 12:38:36 von Geoff Lane
Development environment: Windows 2003 Server running IIS6 and the same
server running as a domain controller, DNS and DHCP servers.
Production environment: Windows 2000 Server SP4 running IIS5 and not used
to provide domain control or name services.
The two environments are on different networks with no trust relationship
between them. In both environments the web server is set up to disallow
anonymous access and to use integrated Windows authentication. The
application is vanilla ASP (i.e. not .NET) VBScript.
In the development environment, the following code runs flawlessly no
matter whether "myUNCPath" points to a share on the web server or a share
on another server in the same domain.
Set objFilesys = Server.CreateObject("Scripting.FileSystemObject")
If Not objFileSys.FolderExists(myUNCPath) Then
Set objFolder = objFileSys.CreateFolder(myUNCPath)
End If
However, in the production environment it falls over with a permission
denied error when "myUNCPath" is on another server and further testing
shows that the FolderExists method is returning false even when
"myUNCPath" exists. The network share is configured to give full control
to the Everyone group.
I've found http://support.microsoft.com/kb/207671 which although
referring to IIS4 suggests that the issue could be the authentication
method (I'm assuming that integrated Windows authentication is close
enough to NT Challenge/Response and so might generate a token that cannot
access network resources). I'm not sure of this is the problem because if
it were then the code shouldn't work in my development environment.
Any ideas on what's going wrong and how to access the network resources
in the production environemt?
TIA,
--
Geoff
Re: Problems accessing files on another server
am 18.05.2007 13:28:43 von reb01501
Geoff Lane wrote:
> Development environment: Windows 2003 Server running IIS6 and the same
> server running as a domain controller, DNS and DHCP servers.
>
Everything I know about this issue is summarized here:
http://www.aspfaq.com/show.asp?id=2168
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Re: Problems accessing files on another server
am 18.05.2007 14:15:35 von Geoff Lane
"Bob Barrows [MVP]" wrote in news:#Dvns
$TmHHA.4240@TK2MSFTNGP02.phx.gbl:
> Everything I know about this issue is summarized here:
> http://www.aspfaq.com/show.asp?id=2168
Thanks for that - much appreciated.
Your page led me to KB article 197964, which in a nutshell told me to run
the web server with anonymous access. This is something that I cannot do
because other pages in the same application make use of
Request.ServerVariables("AUTH_USER") and switching to anonymous access
would break them.
Additionally, attempting to force anonymous access for only the pages that
are affected by this issue won't work because (from the notes in KB article
264921) "When your browser establishes a connection with a Web site by
using Basic or Windows Integrated authentication, it does not fall back to
Anonymous during the rest of that session with the server. If you try to
connect to a Web page that is marked for Anonymous only after
authenticating, you are denied."
Because this issue doesn't appear in my development environment, I wonder
whether one of switching the DCs to Server 2003 and/or switching the web
server host to Server 2003 and/or upgrading from IIS5 to IIS6 would be a
long-term solution?
Thanks again,
--
Geoff
Re: Problems accessing files on another server
am 18.05.2007 14:27:19 von reb01501
Geoff Lane wrote:
> "Bob Barrows [MVP]" wrote in news:#Dvns
> $TmHHA.4240@TK2MSFTNGP02.phx.gbl:
>
>> Everything I know about this issue is summarized here:
>> http://www.aspfaq.com/show.asp?id=2168
>
> Thanks for that - much appreciated.
>
> Your page led me to KB article 197964, which in a nutshell told me to
> run the web server with anonymous access. This is something that I
> cannot do because other pages in the same application make use of
> Request.ServerVariables("AUTH_USER") and switching to anonymous access
> would break them.
>
> Additionally, attempting to force anonymous access for only the pages
> that are affected by this issue won't work because (from the notes in
> KB article 264921) "When your browser establishes a connection with a
> Web site by using Basic or Windows Integrated authentication, it does
> not fall back to Anonymous during the rest of that session with the
> server. If you try to connect to a Web page that is marked for
> Anonymous only after authenticating, you are denied."
>
> Because this issue doesn't appear in my development environment, I
> wonder whether one of switching the DCs to Server 2003 and/or
> switching the web server host to Server 2003 and/or upgrading from
> IIS5 to IIS6 would be a long-term solution?
>
You might consider either of these solutions:
- creating a web service on the remote server.
- using ServerXMLHTTP to get results from a page on the remote server
(http://www.aspfaq.com/show.asp?id=2173)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Re: Problems accessing files on another server
am 18.05.2007 16:44:09 von Geoff Lane
"Bob Barrows [MVP]" wrote in
news:uZuxZfUmHHA.3520@TK2MSFTNGP04.phx.gbl:
> You might consider either of these solutions:
> - creating a web service on the remote server.
> - using ServerXMLHTTP to get results from a page on the remote server
Much appreciated.
The application is intended to manage files on the remote server (actually,
multiple servers). It records which server and share stores the files for
each of a number of items and the routine that's failing is part of the
item setup. Searching the 'net suggests that server.transfer will fail for
the same reasons that cause this issue, so I'd have to pass the required
information to the remote server via the request object. Messy, but it
should work.
That said, the work-around I'm currently in the process of implementing is
to schedule the directory creation and have a scheduled task run some VBS
outside of IIS to actually do the deed.
In the meantime, I've discovered that my development network is using
Kerebos authentication and suspect the production environment uses NT
Challenge/Response. I'm waiting for the production network guru to call me
back with the relevant information. If it turns out that this would sort
out the situation, I can use the scheduled task for the time being and re-
implement to handle the directory creation in real-time once the production
network has completed migrating to Server 2003 etc.
Thanks again,
--
Geoff