1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Permissions problems running applications (asp.net, php, etc)

Discussion in 'Plesk 9.x for Windows Issue, Fixes, How-To' started by ShonnG, Jul 11, 2010.

  1. ShonnG

    ShonnG Guest

    0
     
    I am having problems getting web applications on any web site running. Clicking any of the links in the Test Pages section of a new site's default page pops up a login request. Clicking cancel then shows a 401.2 - Unauthorized error.

    I used Procmon to track it down and the IWAM_plesk account doesn't have the correct access. It seems that although web sites are configured with IUSR_domain the app pool is under IWAM_plesk and that is the account used for access. Adding access to IWAM_plesk changes the error messages, usually to not having access to a file needed by the script processor.

    I found a kb about adding permissions to the gac for asp.net but that only fixes access to the assemblies.

    I tried running through all the reconfigurator steps without any success and it seems that it backs out any permissions that I had added including the gac fix. Is this a problem with running Plesk on 2008 R2? Is there a fix?

    Thank you,
    Shonn


    Windows 2008 R2
    Plesk 9.5.1
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,557
    Likes Received:
    1,242
    Location:
    Novosibirsk, Russia
    Make sure that for "plesk(default)(2.0)(pool)" default Identity is IWAM_plesk(default). For DefaultAppPool - NetworkService
     
  3. ShonnG

    ShonnG Guest

    0
     
    plesk(default)(2.0)(pool) was already IWAM_plesk(default) and DefaultAppPool was ApplicationPoolIdentity. I changed DefaultAppPool to NetworkService but it didn't make a difference since all the web sites are configured to use plesk(default)(2.0)(pool).

    IWAM_plesk(default) is a member of psacln

    The httpdocs folder has the following permissions:
    - IWAM_plesk(default) - list folder contents only
    - ftp_subaccounts - delete
    - {domain} - full
    - IUSR_{domain} - list/read
    - Administrators - full

    sub files of httpdocs have:
    - System - full
    - {domain} - full
    - IUSR_{domain} - read
    - Administrators - full

    The web site:
    Anonymous access under IUSR_{domain}
    App pool: plesk(default)(2.0)(pool)
    Intergrated mode
    path: d:\ServerData\Domains\{domain}\

    running Procmon shows that it's using the app pool's credentials (IWAM_plesk(default)) to access the files. Since IWAM_plesk(default) or psacln don't have access to anything it's reverting to Basic Authentication.

    I could tweak the permissions to make it work for existing domains but the reconfigurator seems to want it like this and any new domains would be broken.
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,557
    Likes Received:
    1,242
    Location:
    Novosibirsk, Russia
    Well. I think it would be better if you contact Parallels support team and they will check your permissions directly on your server.
     
  5. ShonnG

    ShonnG Guest

    0
     
    Okay thanks, I'll submit a ticket.
     
Loading...