Re: IIS 6.0 CGI pipe broken...
From: Hoch (Hoch_at_fightspammers.com)
Date: Fri, 21 Nov 2003 22:01:21 +0100
Again, thank you for your help! :-)
But still no luck...
> When you changed the group membership of IUSR, can you restart IIS to be
> certain the change sticks before trying the request again?
Done. We still get the error giving IUSR administrator permissions and
> Is your CGI configured to use the process or impersonated identity
> (separate configuration from AppPool Identity)? By default, it should be
> impersonating (like IUSR for anonymous access).
We have the CGI app pool set to Local System. If we impersonate we have
to use an account from the IIS_WPG that, if I'm not wrong, has less
permissions than Local System.
> Can you check on the ACLs of the database Client EXE and ensure that they
> are valid for access by the identity that runs the CGI?
We gave System, Network service and local service full access permissions
the folders where the windows exe and the CGI are located and to all the
contained in that folder and we still get the error.
We also have set the windows and system32 folders read and execute
for IUSR. It allready had System permissions so Local System should be able
to execute wathever dll it needs?
> Does the CGI report/log the errors that it gets from the database Client?
No but it displays an error that means that it can't access its ini file.
In fact it reads the ini file once and then it stops with this error.
With Apache it reads maybe 10 or 15 times the ini file before giving a
answer to the server. This is what we see when we monitor file acces an
named pipes acces with Filemon.
There is a setting in the metabase, CreateCGIWithNewConsole, that maybe
could help? Although we are not using this with our IIS 4 setup.