IIS 401.3 - Unauthorized on only 1 server out of 3 set up for network load balancing
Posted
by
Tony
on Server Fault
See other posts from Server Fault
or by Tony
Published on 2012-03-22T19:07:26Z
Indexed on
2012/03/31
23:34 UTC
Read the original article
Hit count: 410
Over the weekend our Server Admin set up two virtual Windows 2008 machines with IIS installed and set them up under NLB. I came in and changed the application pool the website was running under to our domain account that has proper access to the database and the file share hosting our .NET web application Sitefinity, and changed it to .NET 4 Integrated. NLB and everything was running fine on both servers. He brought up the third server for our cluster on Tuesday and I performed the same actions.. The only difference was that I was given admin rights for the third server so I could set it up remotely instead of going to his office.
He has full control over the share and NTFS perms on \\hostname\Sitefinity
and I believe I only had read access. I pointed the web site to the same \\hostname\Sitefinity\sitename
share that the others were on and the authentication/authorization test settings passed. I hit the site from http://localhost
(like I did successfully from the other two before trying the cluster's IP address) and I received a HTTP Error 401.3 - Unauthorized. I've verified many times that the application pool is running under the same service account.
I tried hitting just a simple test.htm.. works fine on both of the first two servers but I get the same 401.3 on the third. I copied my dev project to the local inetpub directory and re-pointed the website and that ran perfectly.
I turned on Failed Request Tracing and it acts like it's still running the local IUSR account I guess (instead of my domain account)? Here is an excerpt of the File Cache Access Start and the error from the trace:
FileName
\\hostname\sitefinity\sitename\test.htm
UserName
IUSR
DomainName
NT AUTHORITY
----------
Successful
false
FileFromCache
false
FileAddedToCache
false
FileDirmoned
true
LastModCheckErrorIgnored
true
ErrorCode
2147942405
LastModifiedTime
ErrorCode
Access is denied. (0x80070005)
----------
ModuleName
IIS Web Core
Notification
2
HttpStatus
401
HttpReason
Unauthorized
HttpSubStatus
3
ErrorCode
2147942405
ConfigExceptionInfo
Notification
AUTHENTICATE_REQUEST
ErrorCode
Access is denied. (0x80070005)
----------
My personal AD account was then granted read/write perms to the share so I created a new application pool and set the site under it in case there was an issue with the application pool but no success.
I created another under my own account and it still failed. It just seems like maybe it's not trying to access the files under the account my application pools are running under although that's the only way I've done things before. I set the Physicial Path Credentials in Advanced Settings on the site to the service account and it threw a 500 error of some sort so I assume that's not the answer (and I don't have to do it on the other servers). It's like somehow I'm trying to force impersonation on the IUSR account or something?
© Server Fault or respective owner