CFF KB - Carrz-Fox-Fire Promotions Knowledge Base

CFF KB is all about 1 thing: The Sharing of Knowledge and the Power we gain from it.

Knowledge Base

Breadrumbs:
>>Web, Mail & Media Servers >> Wed Servers >> IIS (Internet Information Services)
IIS - Unable to connect to server - Cannot read from configuration file due to insufficient permissions

CFF Knowledge Base - Share on Stumble Upon It

Share With Friends ^{(Updated 6-8-2010)}

Article ID:
220
Date Created
Wednesday, March 18, 2020
This Article Has been Viewed
454 times
Short Desc
When assigning a new identity to an AppPool, you may encounter the insufficient permissions error if the user assigned does not have the right to read from the wwwroot folder.
Details
When assigning domain users the right to interact with a web server, you have to make sure they have the appropriate permission to access specific top-level folders. In this case, we are working with the wwwroot.
Assigning a domain-user to an application pool (or) AppPool Identity is something not enough. Depending on what the web application needs to do, it will depend on what rights assigned to the domain-user.
In this article, we will go over how to recreate the subject error, and then how to resolve it.
Recreate Issue
Recreate this issue.

In IIS - Application Pools
Choose an AppPool and click on [Advance Settings]
Choose [Identity] = Click on the ellipse button beside the [ApplicationPoolIdentity][...]
Click on [Custom account] then click [Set...]
Type in the: domainname\domainuser
Type in the password, then confirm the password.
Click [OK] then [OK] and then [OK] to close out of the [Advance Settings] dialog box.

Go into the IIS Server that you want to use to connect to this server with, and choose to connect a server.
Right Click on the [Start Page]
Choose [Connect to a Server...]
Type in the [Server Name]
Click [Next]
Type in user name: domainname\domainuser
Then the password.
Click on [Next]

You should see the following message

Failed to connect

There was an error when trying to connect. Do you want to retype your credentials and try again?

Details:

Filename: MACHINE/WEBROOT
Error: Cannot read configuration file due to insufficient permissions.

[Yes] [No]
Resolve Issue
Resolve this issue.

Make sure you assign the appropriate roles to the user inside of [Active Directory Users and Computers] on the DC (Domain Controller)
The below list is what we use in our Domain for all our users.
Simply copy these, and paste into the [Select Groups] dialog under: [Enter the object names to select] field

Administrators; DnsAdmins; Domain Admins; Domain Computers; Domain Controllers; Enterprise Admins; Remote Desktop Users; Schema Admins; Server Operators; IIS_IUSRS

Click OK, [Apply], then [OK] to close out of the dialog.

Next, go into the web servers WEB drive.
example of mine:
G:\Inetpub\
Right Click on [wwwroot]
Choose [Properties]
Click on the [Security] tab
Click on the [Advanced] button on the bottom right.
On the top of the dialog box, click on [Change] for the owner.
Type in the domainuser you set up with the permissions above.
Click on [OK]
Then click on [Apply]
(Click OK on the question asked)
Then click [OK] then [OK] again to close out of the wwwroot properties dialog.

Now...
Go into the IIS Server that you want to use to connect to this server with, and choose to connect a server.
Right Click on the [Start Page]
Choose [Connect to a Server...]
Type in the [Server Name]
Click [Next]
Type in user name: domainname\domainuser
Then the password.
Click on [Next]
Click [OK] on the Certificate not being the correct one for this server.
Click on [Finish]

You should now be able to administer your webserver from this server.

All Topics

Coming Soon - Knowledge Exchange

CFF KB - Carrz-Fox-Fire Promotions Knowledge Base

IIS - Unable to connect to server - Cannot read from configuration file due to insufficient permissions

Recent Articles

All Topics

Trending Articles