Problem:
Have a UAT box which runs Win 2008 R2, IIS 7.5. Have anonymous authentication disabled and both ASP.Net impersonation and windows authentication enabled. Application is connecting to remove sql server which is using windows only authentication and has ssl enabled. We have created a forest level service account to connect between IIS and SQL. This should work but keep getting access errors on SQL saying that account DOMAIN\MachineName$ does not have access to sql server. I really was not sure what was happening since I have set up impersonation and knew that the service account was correct and had dbo roles in the database. The issue turned out to be the application pool identity on IIS for this application. It was set to use the default local network account on IIS. This has no access to the SQL box. I set the app pool identity to the service account and restarted iis. It now connects and passes through the sql requests without error.
Solution:
1.) in IIS : set up impersonation in IIS application. Disable anonymous auth. Require windows logon. Set the impersonation account to use the service account
2.) in SQL: add required dbo roles to the service account
3.) Check the IIS app pool identity
The issue turned out to be the application pool identity on IIS for this application.
No comments:
Post a Comment