Skip to main content

Problems when using domain application pool identities

Permanently deleted user
Essentials 3.15.1 (I know...) & ArcGIS Server 10.3.1

 

Hi all,

 

I'm trying to configure Essentials to use secured map services, and as per the Essentials 3.15 Admin Guide section 7.4.1 I have configured both Essentials application pools to run under Windows domain users. Both users have log on as a service and log on as a batch job rights.

 

I am no longer able to edit viewer configurations, nor can I change the REST application settings; I get "An error occurred while processing your request. The cause of this error is unknown". There are no meaningful REST Manager logs (logging at info level), but the IIS logs show a 500 error against the relevant URL. If I change the EssentialsAdministrationAppPool4 back to run under the NetworkService identity again then it works fine.

 

Also, the first time I try to run a workflow after starting up a viewer application I get an error "The remote server returned an error: NotFound". The second time I run the workflow it works fine. The REST app log says "...Authorization failure: Geocortex.ApplicationServices.Security.Enforcement.AuthorizationException: The current user cannot access the desired resource". Again, If I change the EssentialsAppPool4 to run under NetworkService again then it works fine.

 

I suspect these problems are caused by the same underlying issue. The REST app is set up for anonymous and Windows authentication and RestManager is set up for anonymous and forms authentication. Removing anonymous from REST doesn't make any difference. I have also tried explictly adding the app pool domain users to the allowed users in the site's security config. I have also gone through and applied the same folder permissions within both C:\inetpub\wwwroot\Geocortex and C:\Program Files (x86)\Latitude Geographics\Geocortex Essentials to the domain users as what NetworkService already had. I could have missed something I guess..?

 

Apologies for the lengthy post. Any ideas?

 

Cheers

 

Rob
0

Comments

2 comments

Date Votes
  • Mike Ketler
    Hi,

     

    Can you try running the post installer and finishing it? This should reapply required permissions to the Essentials folder structure.

     

    Thanks,

     

    Mike Ketler
    0
  • Permanently deleted user
    Hi Mike, thanks for your reply.

     

    I ran the post installer and created new application pools under the domain users*. I can confirm that the applications are running under the new pools and that the permissions for both users have been set on the various folders.

     

    This has fixed the REST application settings - I can now change them from within Essentials Manager. However, I'm still getting the issue when running a workflow for the first time (except now it's much less frequent, say 1 in 10 times instead of 1 in 2). I still occasionally get a workflow error "The remote server returned an error: NotFound" which is reflected in the REST logs as "...Authorization failure: Geocortex.ApplicationServices.Security.Enforcement.AuthorizationException: The current user cannot access the desired resource". It runs fine most times I start the viewer app, but every now and then it will fail, although if I run it a second time then it's fine.

     

    * I entered the user as domain\user. Like last time when I manually changed the application pool identities, I had to use the shortened pre-Win 2000 names instead of their full names. With the full names I got a warning "The specified user does not appear to exist. Would you like to try and create the user ... now?". With the pre-2000 name I got a warning "The supplied credentials do not appear to be valid. Would you like to continue anway?", but since Essentials is still accepting the secured services I assume everything is OK.

     

    Thanks again for your help

     

    Rob
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post