• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Permissions problems running applications (asp.net, php, etc)

S

ShonnG

Guest
I am having problems getting web applications on any web site running. Clicking any of the links in the Test Pages section of a new site's default page pops up a login request. Clicking cancel then shows a 401.2 - Unauthorized error.

I used Procmon to track it down and the IWAM_plesk account doesn't have the correct access. It seems that although web sites are configured with IUSR_domain the app pool is under IWAM_plesk and that is the account used for access. Adding access to IWAM_plesk changes the error messages, usually to not having access to a file needed by the script processor.

I found a kb about adding permissions to the gac for asp.net but that only fixes access to the assemblies.

I tried running through all the reconfigurator steps without any success and it seems that it backs out any permissions that I had added including the gac fix. Is this a problem with running Plesk on 2008 R2? Is there a fix?

Thank you,
Shonn


Windows 2008 R2
Plesk 9.5.1
 
Make sure that for "plesk(default)(2.0)(pool)" default Identity is IWAM_plesk(default). For DefaultAppPool - NetworkService
 
plesk(default)(2.0)(pool) was already IWAM_plesk(default) and DefaultAppPool was ApplicationPoolIdentity. I changed DefaultAppPool to NetworkService but it didn't make a difference since all the web sites are configured to use plesk(default)(2.0)(pool).

IWAM_plesk(default) is a member of psacln

The httpdocs folder has the following permissions:
- IWAM_plesk(default) - list folder contents only
- ftp_subaccounts - delete
- {domain} - full
- IUSR_{domain} - list/read
- Administrators - full

sub files of httpdocs have:
- System - full
- {domain} - full
- IUSR_{domain} - read
- Administrators - full

The web site:
Anonymous access under IUSR_{domain}
App pool: plesk(default)(2.0)(pool)
Intergrated mode
path: d:\ServerData\Domains\{domain}\

running Procmon shows that it's using the app pool's credentials (IWAM_plesk(default)) to access the files. Since IWAM_plesk(default) or psacln don't have access to anything it's reverting to Basic Authentication.

I could tweak the permissions to make it work for existing domains but the reconfigurator seems to want it like this and any new domains would be broken.
 
Well. I think it would be better if you contact Parallels support team and they will check your permissions directly on your server.
 
You must log in or register to reply here.

Similar threads

C
Question Can Plesk run 2 applications with 2 different PHP versions?
Replies
0
Views
238
cinderjk
C
S
Question open_basedir and WordPress, general consensus needed, configured or none?
Replies
6
Views
4K
Duarte N
D
B
Question Google Permission Subdomain
Replies
2
Views
1K
BrainMS
B
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
7
Views
5K
grizlyadams
G
H
Resolved Nginx + non "plain" Wordpress Permalinks error.
2
Replies
22
Views
12K
tomandersen
T
Back
Top