7

I have machines EXTERNAL and INTERNAL (lets call them EXT and INT). Both machines are not part of AD (no network accounts, only local ones) and both machines have Administrator accounts using different credentials (hence forget about pass-thru).

Now what I did is following

  • Created directory C:\shareme on INT
  • Shared this directory for all administrator accounts
  • Opened explorer on EXT and typed \INT\shareme
  • Entered credentials of the INT account (INT\Admin and password), all good, I see contents
  • here comes the problem...
  • Opened IIS on EXT, clicked Add virtual directory
  • alias: remote, physical path: \\INT\shareme, Connect as: Specific user, Username: INT\Admin + password
  • Test settings fails, it says Logon failure: unknown user name or bad password
  • I can explore in IIS but it's only because I authenticated already in windows explorer
  • Accessing http://localhost/remote returns error 500.19

Apparently IIS won't care for network credentials. It whines about unknown user name because it probably checks accounts on local machine instead of authenticating with the remote one.

Changing logonMethod doesn't help (Interactive, ClearText etc) Any ideas?

Improve this question
2
  • You don't have to configure the application pool to run under the same account as the one for the remote path. You can connect the virtual directory with that account using "Connect as" from Basic Settings for the Virtual directory.
    – Lynn
    Commented Feb 10, 2015 at 19:09
  • @Lynn:That's what he did - it's in the 7th bullet point.
    – Greg Sansom
    Commented Apr 13, 2016 at 3:10

2 Answers 2

Reset to default
3

The user account that the application pool is running under also needs access to the UNC path. I believe the default in IIS 7 is "NETWORK SERVICE", which won't have access to the remote computer. You'll need to configure the application pool to run as an account that exists on both systems w/ the same credentials.

Improve this answer
4
  • Thanks. I quite don't get it. What does apppool has to do with virtual directory which is as per my understanding not an application is it really necessary to create separate users just to share a folder? that's ridiculous.
    – Mike
    Commented Oct 17, 2014 at 13:02
  • It's an architectural change in IIS 7, which uses the web.config files sprinkled all over the filesystem versus the old-style central configuration database (the Metabase). Have a look here: support.microsoft.com/kb/934515
    – Evan Anderson
    Commented Oct 17, 2014 at 13:07
  • Thanks for the reference. I'll mark this as an answer as it does resolves the problem although I must say I disapprove method MS forces me to use (passthru -- meaning, creating duplicate accounts on both machines).
    – Mike
    Commented Oct 17, 2014 at 13:15
  • Thanks for this information, this solved my issue in 2017 on a pair of Windows Server 2012 R2 VMs.
    – Dragonsdoom
    Commented Oct 18, 2017 at 21:17
0

Technically, if you want to avoid duplicating users over multiple servers, you could set up a very basic Active Directory server (it could be installed on an existing server). That way you could use one domain user on multiple servers.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .