467,077 Members | 974 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,077 developers. It's quick & easy.

Problems accessing files on another server

Development environment: Windows 2003 Server running IIS6 and the same
server running as a domain controller, DNS and DHCP servers.

Production environment: Windows 2000 Server SP4 running IIS5 and not used
to provide domain control or name services.

The two environments are on different networks with no trust relationship
between them. In both environments the web server is set up to disallow
anonymous access and to use integrated Windows authentication. The
application is vanilla ASP (i.e. not .NET) VBScript.

In the development environment, the following code runs flawlessly no
matter whether "myUNCPath" points to a share on the web server or a share
on another server in the same domain.

Set objFilesys = Server.CreateObject("Scripting.FileSystemObject")
If Not objFileSys.FolderExists(myUNCPath) Then
Set objFolder = objFileSys.CreateFolder(myUNCPath)
End If

However, in the production environment it falls over with a permission
denied error when "myUNCPath" is on another server and further testing
shows that the FolderExists method is returning false even when
"myUNCPath" exists. The network share is configured to give full control
to the Everyone group.

I've found http://support.microsoft.com/kb/207671 which although
referring to IIS4 suggests that the issue could be the authentication
method (I'm assuming that integrated Windows authentication is close
enough to NT Challenge/Response and so might generate a token that cannot
access network resources). I'm not sure of this is the problem because if
it were then the code shouldn't work in my development environment.

Any ideas on what's going wrong and how to access the network resources
in the production environemt?

TIA,

--
Geoff
May 18 '07 #1
  • viewed: 3009
Share:
4 Replies
Geoff Lane wrote:
Development environment: Windows 2003 Server running IIS6 and the same
server running as a domain controller, DNS and DHCP servers.
Everything I know about this issue is summarized here:
http://www.aspfaq.com/show.asp?id=2168
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
May 18 '07 #2
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcomwrote in news:#Dvns
$T*********@TK2MSFTNGP02.phx.gbl:
Everything I know about this issue is summarized here:
http://www.aspfaq.com/show.asp?id=2168
Thanks for that - much appreciated.

Your page led me to KB article 197964, which in a nutshell told me to run
the web server with anonymous access. This is something that I cannot do
because other pages in the same application make use of
Request.ServerVariables("AUTH_USER") and switching to anonymous access
would break them.

Additionally, attempting to force anonymous access for only the pages that
are affected by this issue won't work because (from the notes in KB article
264921) "When your browser establishes a connection with a Web site by
using Basic or Windows Integrated authentication, it does not fall back to
Anonymous during the rest of that session with the server. If you try to
connect to a Web page that is marked for Anonymous only after
authenticating, you are denied."

Because this issue doesn't appear in my development environment, I wonder
whether one of switching the DCs to Server 2003 and/or switching the web
server host to Server 2003 and/or upgrading from IIS5 to IIS6 would be a
long-term solution?

Thanks again,

--
Geoff
May 18 '07 #3
Geoff Lane wrote:
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcomwrote in news:#Dvns
$T*********@TK2MSFTNGP02.phx.gbl:
>Everything I know about this issue is summarized here:
http://www.aspfaq.com/show.asp?id=2168

Thanks for that - much appreciated.

Your page led me to KB article 197964, which in a nutshell told me to
run the web server with anonymous access. This is something that I
cannot do because other pages in the same application make use of
Request.ServerVariables("AUTH_USER") and switching to anonymous access
would break them.

Additionally, attempting to force anonymous access for only the pages
that are affected by this issue won't work because (from the notes in
KB article 264921) "When your browser establishes a connection with a
Web site by using Basic or Windows Integrated authentication, it does
not fall back to Anonymous during the rest of that session with the
server. If you try to connect to a Web page that is marked for
Anonymous only after authenticating, you are denied."

Because this issue doesn't appear in my development environment, I
wonder whether one of switching the DCs to Server 2003 and/or
switching the web server host to Server 2003 and/or upgrading from
IIS5 to IIS6 would be a long-term solution?
You might consider either of these solutions:
- creating a web service on the remote server.
- using ServerXMLHTTP to get results from a page on the remote server
(http://www.aspfaq.com/show.asp?id=2173)
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
May 18 '07 #4
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcomwrote in
news:uZ**************@TK2MSFTNGP04.phx.gbl:
You might consider either of these solutions:
- creating a web service on the remote server.
- using ServerXMLHTTP to get results from a page on the remote server
Much appreciated.

The application is intended to manage files on the remote server (actually,
multiple servers). It records which server and share stores the files for
each of a number of items and the routine that's failing is part of the
item setup. Searching the 'net suggests that server.transfer will fail for
the same reasons that cause this issue, so I'd have to pass the required
information to the remote server via the request object. Messy, but it
should work.

That said, the work-around I'm currently in the process of implementing is
to schedule the directory creation and have a scheduled task run some VBS
outside of IIS to actually do the deed.

In the meantime, I've discovered that my development network is using
Kerebos authentication and suspect the production environment uses NT
Challenge/Response. I'm waiting for the production network guru to call me
back with the relevant information. If it turns out that this would sort
out the situation, I can use the scheduled task for the time being and re-
implement to handle the directory creation in real-time once the production
network has completed migrating to Server 2003 etc.

Thanks again,

--
Geoff
May 18 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

32 posts views Thread by jp29@cox.net | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.