I'm a bit new to asp, so forgive me if it's a simple error.
We used to have this all working fine on our SBS2011 (sql, iis, asp site -all one location), reading and writing to shared local drive.
We've just upgraded off sbs2011 to multiple servers (1x DC & file, 1x exchange, 1x IIS & SQL etc.). now the asp isnt working.
sPath="\\SERVER1\SHARED_Folder\"
sPath=sPath & jobnum
if fs.FolderExists(sPath & " " & jname) then
response.write("Folder already exists!")
else
sPath=sPath & " " & jname
fs.CopyFolder "\\SERVER1\SHARED_Folder\200\new project template", "\\SERVER1\SHARED_Folder\new project template"
fs.MoveFolder "\\SERVER1\SHARED_Folder\new project template", sPath
Server1 is the file server.
if i change server1 to the iis/asp site server , it works!
ive checked permissions on the share and in the security.
IIS IUSRS, Everyone, Domain Users, Domain Admin, Users - All have Full permissions.
i have debugging - send to browser on, and all i get is:
Server Error
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
With debug to server on, I get:
"Microsoft VBScript runtime error: Permission denied"
whilst the fs.copyfolder line is highlighted.
Im left scratching my head!
*Edit - forgot to mention this is an internal site only
Cheers
This will be a tricky one for us to solve, as a few mins of clicking around on the server would be worth hours of to & fro on here.
However, when you talk about permissions - I think you're on the right track. When you look at the permissions, don't forget that there's the advanced section that details what permissions are inherited. You may find that there is a inherited deny permission.
I've also seen the need for IUSRS and IUSR_ to be given permissions individually. Especially if the machine name has changed. The IUSR account that's used could be the old one. (because no new one was created.)
The other thing here, is that you appear to be dealing with local users from the IIS/SQL machine, wanting to exercise permissions on the DC/File machine.
Does that give you any useful food for thought?
Now, questions:
Do the equivilant users on the two machines have the same user ID?
Is the DC machine aware of the users from the IIS machine?
Related
When I logged in to the same IIS using different alias, the name on the local host is different. I didn't change or do anything differently since the creation of this IIS. How it shows different names on different login account is unexplainable.
May I know if I make change on my end to match the one on the role account, it will not break things on this server. I checked with other admins, they see what the role account sees. I am the only person that has name mismatched (it shows DEV instead of PROD).
This is what I see when I log in as me under IIS connection DEVAPP01 (.../Luu). And this is what I see when I log in as a role account PRODAPP01 (..../roleAccountp1 So sorry the website doesn't allow me to post image yet. I'm new to stackoverflow and hope I can get some advice here.
Changing the label is easy but I would like to make sure it doesn't break anything since this is PROD environment. Thx
Regards,
I figured this out (with the help from our cloud team of course). I was told that at one point, the server was named DEVAPP01, later it was renamed to something else and I still connected to the wrong name on the same server. To solve this problem, I:
In the IIS under connection, select Connect to Server and put in the right IIS name which is PRDAPP01, once I got in there, I saw two IIS 1) DEVAPP01 and 2) PRDAPP01
Select the wrong IIS name which was DEVAPP01 and right click and select Remove Connection (this option seated below Refresh)
Problem solved!!!
Thanks to my great cloud team from my company.
I have two schedule task which is running in coldfusion administrator. They are giving 403 forbidden error when run through coldfusion administrator. Here is the log which i get.
"Information","DefaultQuartzScheduler_Worker-8","02/22/17","10:11:00","","Task default.example - Get detail Dev triggered."
"Information","DefaultQuartzScheduler_Worker-4","02/22/17","10:11:00","","Task default.example - Get detail Live triggered."
"Error","DefaultQuartzScheduler_Worker-8","02/22/17","10:11:00","","403 Forbidden "
"Error","DefaultQuartzScheduler_Worker-4","02/22/17","10:11:00","","403 Forbidden "
The task url is running good through browser. It seems that it is something related to permission problem. I have checked the permission of coldfusion Application 'log on as' user on the CFIDE directory and task url directory. It has full control.
Can anyone guide me to solve this problem.
This post is a little old but I've happened across the same problem and I thought I'd share our solution here.
We're running ColdFusion 2016 on a dedicated Windows 2012R2 box. We have several client sites on our box and we're completely locked down using Peter Freitag's lockdown guide.
This is was a new server migration from a CF10 server on another box. Once I set up the scheduled task exactly as we had done before, I received several "403 Forbidden" responses.
The only real way to troubleshoot this is to activate the "Save output to a file" option on the scheduled task itself and save the file to a directory where your CFUser has write access to. "CFUser" of course is the Windows user your CF service uses.
My first test of the URL was through Chrome on the server and it worked just fine so my URL was valid and of public access.
When I fired the scheduled task, it said "The scheduled task ran successfully" however the results of the output file showed it didn't. In our case, an outside service called "Cloudflare" was blocking our request. The error from Cloudflare asked us to enable cookies which we can't do in a scheduled task request. In our case, our hosting provider must provide an exception for requests made from our server's dedicated IP.
Most of the time, these error are generated because of file permission issues on Windows. If you're sure that your CFUser has read & execute permission to the requested template, then you need to output the scheduled task result to fully understand the error.
Umbraco 7.1.8 running as an Azure web app has yo'yo'ed a couple of times, the logs show the following error message:
ClassName": "System.UnauthorizedAccessException",
"Message": "Access to the path 'D:\\home\\site\\wwwroot\\App_Data\\TEMP\\ExamineIndexes\\Internal\\Index\\segments.gen' is denied.
There is a very large stack trace I won't paste just yet, however it's starting with
at Lucene.Net.Store.SimpleFSDirectory.OpenInput(String name, Int32 bufferSize)
at Lucene.Net.Store.FSDirectory.OpenInput(String name)
No one has accessed any of the site files directly during the crashes FYI, nor has anything other than Umbraco content edit based changes / cache updates been made (though maybe they are key to the issue?)
Question is, is this a lock of some kind created by the website (umbraco e.g. during a publish / cache update) or is this something systematic with Azure / Web Apps / Server Setup / IIS that could cause segments.gen to lock / access denied? It's strange that it worked after a while with no intervention.
Any insight appreciated, if not to simply help work out the issue by deduction.
temp:=#DbLookup("Notes":"NoCache";"ARRoW/SSS":"sss/sssProj.nsf";"(Lookup for Community)";"State of Maine";2);
temp1:=#DbLookup("Notes":"NoCache";"ARRoW/SSS":"sss/sssProj.nsf";"(Lookup for Community)";"State of Maine";3);
temp2:=#DbLookup("Notes":"NoCache";"ARRoW/SSS":"sss/sssProj.nsf";"(Lookup for Community POC)";"State of Maine";4);
#If(#IsError(temp)|#IsError(temp1)|#IsError(temp2);"Error";temp + " " + temp1 + " " + temp2)
Hi this works on Lotus Notes Client but doesn't work on web Any help is welcome thanks in advance!
There are typically three types of root causes for something like this.
One type of problem is server trust. This only applies if there are two servers involved. I.e., the web server is ServerX/SSS and the code is trying to access ARRoW/SSS. You need to review ARRoW/SSS's server document and check whether "ServerX/SSS" is listed in the field for "Trusted servers". (Also note that if this is a really, really old version of Domino - before version 6 if I recall correctly - then the trusted servers feature is not there and you cannot make cross-server calls to #DbLookup in web code.)
The second type of problem is that the server where the code is running can not resolve the name of the server where the database lives. The code is accessing server ARRoW/SSS, but you haven't said whether ARRoW/SSS is the actual web server, so let's look at both cases.
Assuming that it is all happening on one server, there can still be a name resolution problem because of the way the formula is coded. Try specifying "":"sss/sssProj.nsf" instead of "ARRoW/SSS":"sss/sssProj.nsf". If that fixes your problem, great! But it means that you still have a problem either in your server document or with the DNS configuration on your Domino server and you should address that. You should probably continue with the troubleshooting that I give in the next paragraph. Just bear in mind that everything I say there is true even if ServerX/SSS is really the same as Arrow/SSS.
If the code is running on web server ServerX/SSS, then you need to make sure that ServerX can connect to ARRoW/SSS. The easiest way to do this is to bring up the console for ServerX and enter the command 'trace ARRoW/SSS'. If it fails, check the server documents and/or connection documents for correct IP addresses or host names, and open a command window on the server and try a ping using the exact information in the server documents. If it fails, you have a networking issue. One of the underlying causes I've seen for a problem like this is that there is no connection document (because the servers are in the same named network, but neither the IP address nor the fully-qualified host name is entered in the networks table in the server document, so Domino just asks DNS to resolve the common name 'ARRow' - but the DNS configuration on the web server does not include a default search path so the name is not resolved. But you need to check everything until you can get a 'trace' command to succeed.
The third type of problem is Access Control. This is a broad category that comes down to the fact that the identity that the code is running under either does not have access to the server ARRoW/SSS, the database sss/sssProj.nsf, the view (Lookup for Community)" or the document(s) with the key "State of Maine". There are a lot of things to check. If the code is running in a field formula, the identity is that of the user, and if the same user does not get the error through the web client then you need to look at the database properties for sss/sssProj.nsf and check the maximum web access level. If the code is running as an agent, you need to check the agent properties to determine what identity the agent is running under, and then review everything: the security settings in the server document, the database ACL, restrictions on the view, and reader names fields in the documents.
I had written a mini App in asp classic this week. It worked perfectly on the test server connecting to the test data base. Then yesterday evening I moved it from the test server to the live server updating the connection strings to the live db.
I published it as an application to the default website in the default app pool. Then I tested it and it worked perfectly.
This morning however both myself and another user receive a 500 -internal Server error when we try and save changes to the database(there appears to be no issue reading from the db) yet my two other collogues have no issue at all.
Even more odd is that the same thing is happening on the test server where the code hasn't been changed in weeks. But this morning I cannot commit to the db from there either.
I have attempt to enable more detailed error tracking and logging but the property options for the server are seem unavailable when i tried to set up custom Active Server Pages (ASP) error pages off online tutorials.
The server is used by a lot of people so I was wondering is their a permission issue depending on the user that restricts writting to the database. Or something else that may have changed to allow some users to write data and others to receive the error.
Im very knew to IIS so it may be something glaringly obvious that I haven't considered.
Thanks
This article should help you:
In earlier versions of IIS, error messages from classic ASP scripts
were sent to a Web browser, by default. Because these error messages
might reveal sensitive information to malicious users, IIS 7 and above
disables this feature by default. When your classic ASP scripts
encounter an error in IIS, you receive the following error message by
default:
An error occurred on the server when processing the URL. Please contact the system administrator.
If you are the system administrator please click here to find out more about this error.