IIS 401.3 - Unauthorized on only 1 server out of 3 set up for network load balancing

Posted by Tony on Server Fault See other posts from Server Fault or by Tony
Published on 2012-03-22T19:07:26Z Indexed on 2012/03/31 23:34 UTC
Read the original article Hit count: 410

Over the weekend our Server Admin set up two virtual Windows 2008 machines with IIS installed and set them up under NLB. I came in and changed the application pool the website was running under to our domain account that has proper access to the database and the file share hosting our .NET web application Sitefinity, and changed it to .NET 4 Integrated. NLB and everything was running fine on both servers. He brought up the third server for our cluster on Tuesday and I performed the same actions.. The only difference was that I was given admin rights for the third server so I could set it up remotely instead of going to his office.

He has full control over the share and NTFS perms on \\hostname\Sitefinity and I believe I only had read access. I pointed the web site to the same \\hostname\Sitefinity\sitename share that the others were on and the authentication/authorization test settings passed. I hit the site from http://localhost (like I did successfully from the other two before trying the cluster's IP address) and I received a HTTP Error 401.3 - Unauthorized. I've verified many times that the application pool is running under the same service account.

I tried hitting just a simple test.htm.. works fine on both of the first two servers but I get the same 401.3 on the third. I copied my dev project to the local inetpub directory and re-pointed the website and that ran perfectly.

I turned on Failed Request Tracing and it acts like it's still running the local IUSR account I guess (instead of my domain account)? Here is an excerpt of the File Cache Access Start and the error from the trace:

FileName
\\hostname\sitefinity\sitename\test.htm 
 UserName
IUSR 
 DomainName
NT AUTHORITY 

----------

Successful
false 

 FileFromCache
false 

 FileAddedToCache
false 

 FileDirmoned
true 

 LastModCheckErrorIgnored
true 

 ErrorCode
2147942405 

 LastModifiedTime

 ErrorCode

Access is denied. (0x80070005)

----------

ModuleName
IIS Web Core 

 Notification
2 

 HttpStatus
401 

 HttpReason
Unauthorized 

 HttpSubStatus
3 

 ErrorCode
2147942405 

 ConfigExceptionInfo

 Notification

AUTHENTICATE_REQUEST

ErrorCode

Access is denied. (0x80070005)

----------

My personal AD account was then granted read/write perms to the share so I created a new application pool and set the site under it in case there was an issue with the application pool but no success.

I created another under my own account and it still failed. It just seems like maybe it's not trying to access the files under the account my application pools are running under although that's the only way I've done things before. I set the Physicial Path Credentials in Advanced Settings on the site to the service account and it threw a 500 error of some sort so I assume that's not the answer (and I don't have to do it on the other servers). It's like somehow I'm trying to force impersonation on the IUSR account or something?

© Server Fault or respective owner

Related posts about http

Related posts about iis7.5