RE: Failed to start monitoring changes to

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Steven Cheng[MSFT] (v-schang_at_online.microsoft.com)
Date: 08/09/04 

Date: Mon, 09 Aug 2004 07:35:44 GMT

Hi kimpton,

Thanks for your response. Regarding on your further description, I've done
some tests on my side, and found that the problem is acutally caused by
permission issue. Since the sub web folder is point to a remote shared
folder. And the ASP.NET will use the default processAcount (machine\aspnet
for iis 5 or networkservice for iis6) to do the folder monitor. However,
since the default process account is a local account, it'll failed on logon
remote mahcine no matter the remote folder has been grant "Full Control"
to everyone or not. That's the problem you encountered. (You can find the
error in the remote machine's eventlog).

Currently, I think you need to specify another Account which can be
authenticated on the remote machine as the local's ASPNET worker process
account, you can use either a
Domain User Account or an mapping local account( which exists on both the
local and remote machine and have same username and passworld).

Then, use the following means to speicify it as the ASP.NET's process
account:
1. In machine.config, find the <processModel> element and change the
"userName" and "password"
attributes to the certain account's value

2. You can also specify it for only a certain web application(rather than
the whole machine) in the web.config via the <identity impersonate="true"
userName=".." password=".."/>
This is more recommended.

In addition, do make sure that the account has powerful permssions on the
local machine( to run asp.net application, you can make it in the
administrators group) and has sufficient control to the remote folder on
the remote machine. and the following tech article is also helpful:

#How To Create a Custom Account to Run ASP.NET
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html
/secmod15.asp

Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Relevant Pages

  • Re: IIS 6.0 with Mapped Drives
    ... The user account that IIS is impersonating needs to have permissions to ... permissions to the remote resource. ... folder on local drive on the server, this local folder is Virtual Directory ...
    (microsoft.public.inetserver.iis)
  • Re: User Share Permissions NOT WORKING!
    ... I tried setting a new security group called "customers" and added it to ... changed the permission at the folder to deny listing folder contents. ... account, I changed two options three items in the account properties. ... Remote Access determine) ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote user authentication
    ... to the Windows account usage design. ... admin on the remote machine where the account lives, ... have need to "authenticate", something like the following. ...
    (microsoft.public.win2000.security)
  • Re: UnauthorizedAccessException when Writing to a Remote Registry
    ... > I'm trying to run under my domain account, which has Admin rights on the ... > remote machine. ... > locally on that remote box, and it successfully sets the key ... >>> I am trying to set a registry key value on a remote machine. ...
    (microsoft.public.dotnet.security)
  • RE: Failed to start monitoring changes to
    ... Since the sub web folder is point to a remote shared ... > since the default process account is a local account, ... > local and remote machine and have same username and passworld). ...
    (microsoft.public.dotnet.framework.aspnet)