"IIS Manager cannot verify whether the built-in account has access"

Asked 28/2, 2014 at 20:0 Answered 23/7, 2024 at 14:22

Ok, I'm designing a web app using asp.net and need to use the IIS Application Manager to control it. I have a server and all of that but when I tried to go into it and set everything up I got a warning saying:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

When I tried to browse my app using the IIS, it timed out, I don't know anything about IIS really outside from research I've done online. Just looking for some clarification on it. Thanks for any help.

Hakluyt answered 28/2, 2014 at 20:0 Comment(2)

Are you attempting to browse using //localhost/ or your external IP? – Bruges 13/7, 2014 at 5:11

3 years later, and I'm having this same problem too. My app pool ID is Network Service and I've added that to the IIS_IUSRS group and ensure that group has modify rights (Read, Write, Modify). I set up the local hostname in my host file and when I ping the hostname, I get the correct loopback IP. IIS responds to localhost by showing the default web site, but it doesn't appear to work for other sites. All bindings are correct and confirmed. – Triad 30/6, 2017 at 16:49

The server is configured to use pass-through authentication [you can verify this by selecting the site, choosing basic settings -> Connect as... -> {and you should see Application User (pass-through authentication) is set}]. The built in account is set on the app pool's settings. The error message is telling you that the account on the app pool can't access the folder set on the activated application. The normal group you need to put onto a folder is IIS_USERS with Read, List, Read & Execute. IIS timed out because it couldn't initialize the site to load because the OS won't let it touch the files to see what it should load for the request. You might wonder why you didn't get a 401, but its because IIS can't get far enough to actually start giving you any sort of status on your requests.

Unmanned answered 1/12, 2014 at 5:22 Comment(3)

If that's not the account its using and you aren't certain what you have set for it to use, an easy [compared to guessing] way to find it is to either turn on file system auditing or us a tool like procmon from sysinternals. Both tools would capture what account was being used to access and would then give you what you'd need to add access to. – Unmanned 7/8, 2015 at 14:58

@NathanDaniels Your answer helped me understand the situation. I'm struggling with this. This is my question posted #46029535 Will thank you if you could give it a look, thanks! (I'm working with the Application User) but I believe all the users have the acccess to access this folder – Lothario 4/9, 2017 at 3:59

I couldn't find IIS_Users so I "looked up" using Find now option and found "IUSR" and "IIS_IUSRS" that resolved the whole issue, finally. No more investigation for me on this, real work begins now. :) – Week 15/10, 2019 at 16:37

I've found an microsoft article which says that IUSR needs to have the proper rights for both NTFS side and the network side:

https://learn.microsoft.com/en-us/iis/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis

I was setting up the tomcat mod_jk and got it working with these instructions.

Pyrrhotite answered 6/9, 2017 at 10:44 Comment(0)

Got stuck on this for a day... My solution, after trying to go the accounts route with no luck, was to open 'Turn Windows Features On' > then Find IIS and add all the development features. This did the trick for me.

Blowzy answered 5/3, 2020 at 20:57 Comment(1)

In addition to the user permission answers in the top voted answer, it still didn't work for me and I also had to turn on all the options under Application Development. I assume because of a feature within my application running in IIS. – Zendejas 26/8, 2020 at 21:15

Hope this helps someone.

In my case, I had to add read access for IIS_IUSRS group.

Credits

Bookbinding answered 6/3, 2019 at 15:51 Comment(0)

I got the same error and this was the fix for me,

Lapstrake answered 1/6, 2021 at 13:16 Comment(0)

I also faced the same issue. It gets resolved once you give Read, List Folder contents, read and execute rights to IUSR user. Here is what you can do :

Go to properties of your folder where you have the code, click on security -> edit -> add.

Add IUSR User and give rights.

Brisling answered 23/7, 2024 at 14:22 Comment(0)

Recommended topics

Hot tags