IIS Virtual Directory to remote server shared folder: The path might not exist and could not be verified

Bruce Long picture Bruce Long · May 8, 2017 · Viewed 8.6k times · Source

I cannot get the virtual directory on my IIS website to point to a shared physical folder on a remote file server for love nor money. I set up the same (same name and password) admin users on the web site computer and the file server computer, made that user the application pool identity owner on the IIS site application pool for the website, and gave that user permission to access the shared folder on the REMOTE file server, and shared with that specific user. When I try to create a virtual directory in my website pointing to the remote file server share folder using IIS on the web server computer, the authentication works fine every time but the path cannot be found. I have tried many combinations of UNC, and even a firewall rule.

No good.

I have a dev box and a production web server both running the same IIS .NET website (using IIS 10 Version 1607 on my dev box, and IIS 7 on the production server). (Note that the web and file server production boxes are running as/on VMWare Virtual machines.)

I have a securely shared folder I need the web server(s) to put files in on a separate/other remote Windows 2012 server.

The following applies to both the case where my web server is on my dev system (Windows 10), and where it is on the production server (Windows Server 2012 R2). I did the following:

1. Set up an administrative accounts with the same name and same password on both the web server(s) and the remote 2012R2 file server system.

enter image description here

1. I shared a folder on the remote 2012R2 file server system to a specific person - the administrative user mentioned in 1.

enter image description here

2. I made this administrative user the application pool owner on the IIS web site on the web server(s)

enter image description here

3. I attempted to create a virtual directory from the web server to point to the shared folder on the remote file server using its IP address as the server name, and using both the pass through authentication (remember the IIS pool identity is the same administrative user that exists on both computers) and specific user login options (i.e. I tried both)

enter image description here

5. I get this error consistently:

enter image description here

What IS this? Do I need a firewall rule on the remote file server? The MS docs DON'T say that I do. The word 'firewall' does not even appear once on this page: https://support.microsoft.com/en-us/help/308150/how-to-create-a-virtual-directory-on-an-existing-web-site-to-a-folder-that-resides-on-a-remote-computer And the word 'firewall' does not appear once on this page either: https://msdn.microsoft.com/en-us/library/bb763173.aspx

There is nothing in this page about firewalls or remote physical directories either: https://technet.microsoft.com/en-us/library/cc771804.aspx

So, having followed the instructions I am stumped with regards to what I missed.

I have tried lots of combinations of UNC (maybe I still missed one?):

\\XXX.XXX.XXX.XXX\servername\_files
\\XXX.XXX.XXX.XXX\_files
\\XXX.XXX.XXX.XXX\subf\_files
\\XXX.XXX.XXX.XXX\\_files
\\XXX.XXX.XXX.XXX\\subf\_files
\\XXX.XXX.XXX.XXX\_files
//XXX.XXX.XXX.XXX/servername/_files
//XXX.XXX.XXX.XXX/subf/_files
//XXX.XXX.XXX.XXX/_files

_files (file://servername/_files)

No good.

enter image description here

I also:

  1. Made the Web2012Tx user the OWNER of the shared folder in folder->properties->security->advanced
  2. Made the Web2012Tx user the OWNER of the shared folder's parent folder.
  3. Shutdown and restarted the IIS website and recycled the application pool multiple times.

NOwhere does it say that I should share the parent folder of the shared folder, and in fact the MS sharing instructions say not to do so.

Unfortunately this IIS7 Accessing Network Share did nothelp.

So to summarise, the Web2012Tx user is an admin on all systems with the same password on all, with full security access and ownership of the shared folder on the file server, and is assigned as the IIS application pool owner for the websites on the web server computers. The folder on the file server is specifically shared with that specific user. There is no authentication problem, but the IIS virtual directory still cannot be created because the shared folder is apparently not visible??`

Do I need a firewall rule? What kind? Do I need IIS on the file server (I do not think this is right at all) Is it my UNC structure? (this is possible)

The only other thing I can think of is that the production Web and file servers are on VMWare VMs, but that should be transparent to the task at hand.

UPDATE:

This did not help (installing share resource manager on file server Windows 2012 R2 box where the shared folder is):

enter image description here

Nor did this (opening up the network share visibility appropriately):

enter image description here

Nor did these adjustments to the firewall work:

enter image description here

UPDATE:

So now on the production box web server I get good authentication/credential and folder access test, but still no access through IIS!

enter image description here enter image description here

We have strong security with and a very small well securfed surface area, but I need this secure share for function.

Answer

g_uk_2001 picture g_uk_2001 · Jul 12, 2017

Just curious, did you get this resolved? I encountered a similar problem, it was due to the use of DFS on the NAS i.e. a DFS alias was used as the UNC path (The DFS alias gets repointed to the backup storage during a failover scenario).

When I changed the connection to point to the relative storage path it worked fine e.g. instead of \DFS12345\x\y\z\myshare I used \NASFiler12345\myshare$ etc

However in a failover scenario this might not be ideal i.e. if you have storage across datacentres with different UNC paths for each. For development purposes then possibly it doesn't matter.

DFS can be problematic - that's if you are using that(?), try adding the user account to the root level DFS group if you are.

A quick test to identify this problem:

Open a cmd prompt and run these commands (the uncpath = your path obviously)

mkdir \uncpath\test1 *this should work

mkdir \uncpath\test2\test3\test4 **this may fail

If when running the multiple directory creation the result returned is: 'The directory or file cannot be created', then I suspect you have a DFS permission problem. The workaround is to use the relative storage path, or create a DNS alias to the storage path, or add the user account to the top level DFS group.

Hope this helps :-)