"Mark" <maryesme@shore.net> wrote in message
news:cf5333d.0405061001.642db6b7@posting.google.com...
> Okay, here's the story:
>
> Win2K, IIS5
>
> We have several ASP pages that access Access databases located on a
> Novell server. We had the Novell server's administrator add an
> account with the same name as the account we have registered in the
> AD. We coordinated the passwords. I added this account to the
> Administrators group and was able to have an ASP page on the web
> server connect to an Access database on the Novell server (I changed
> the anonymous user to be the user we created and had it use its
> password). I made a test ASP.NET page to connect to the same database
> from the same folder on the web server. Added the code into
> web.config to have it impersonate. All of this worked fine. Now, the
> kicker. I don't want the account in the Administrators group for
> obvious reasons... So I move it to another group. Starting with full
> access rights (hoping to be able to reel those rights back in as much
> as functionally possible). No dice. The ASP classic page fails to
> connect to the database. The ASP.NET page, on the other hand, with
> the impersonation in place, appears to connect without a hitch, even
> when I take the accounts rights away. So, what is happening here?
> How can I fix this? What am I missing?
>
> I would appreciate any hints you guys can give me.

> 8. In IIS, made the changes to the web app to all anonymous and changed
> the anonymous user to the above webuser from the AD, using the now
> synchronized password.

"Mark Lybrand" <markyesme@yahoo.com> wrote in message
news:OaIe8V7MEHA.3208@TK2MSFTNGP10.phx.gbl...
>
> Thanks for the quick response.
>
> I must be the thickest person on the face of the earth, but that ASPFAQ
> article did not appear to directly address my issue (but would have been
> a big help in the first phase of the issue).
>
> Maybe I can further clarify what I have successfully accomplished and
> what I haven't.
>
> 1. On Win2k, IIS5.
> 2. This machine is part of our organization's Active Directory. Let's
> call the organization "department"
> 3. I had our network folks create a user in the AD; let's call him
> "webuser".
> 4. Also had the administrator of the Novell server in question create a
> user called "webuser" and gave that user full rights to resources in
> question.
> 5. Passwords were synchronized in both the AD and on the Novell server.
> 6. Added user, picked from AD, to the Administrators group on Win2k box.
> 7. Set up share through Gateway Services for NetWare (to establish the
> necessary connection between this box and the Novell box).
> 8. In IIS, made the changes to the web app to all anonymous and changed
> the anonymous user to the above webuser from the AD, using the now
> synchronized password.
> 9. Changed connection string in ASP page to use the fully qualified UNC.
> 10. Successfully connected and processed page!!!
> 11. Didn't want webuser in Administrators group (too many rights). So
> placed him in a group with fewer rights on the Win2k box.
> 12. Failure. Checked to make sure that that group had access to
> Inetpub/wwwroot/applcition. Failure (but the ASP.NET test version began
> working again at this point)
> 13. Changed connection string to point to another box (Win2k, to make
> sure the whole Novell thing is not the issue). No dice. But the
> ASP.NET version still works (Oh, BTW, first thing I do with every
> failure is to start and stop IIS, in case that is an issue).
>
> I had expected the ASP.NET version to break too, but it kept working....
> So, I am assuming that there is some other folder that is being accessed
> by IIS alone when establishing the connection, that ASP.NET bypasses
> (hence the breakage when groups are changed). It's unforunate, because
> the ASP.NET error message would have been infinitely more useful than
> the ASP message. Am I on the right track? What folders should I be
> looking at? Am I just refusing to see the solution that I have already
> been shown?
>
> Thanks again for your willingness to help.
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

"Mark Lybrand" <markyesme@yahoo.com> wrote in message
news:OaIe8V7MEHA.3208@TK2MSFTNGP10.phx.gbl...
>
> Thanks for the quick response.
>
> I must be the thickest person on the face of the earth, but that ASPFAQ
> article did not appear to directly address my issue (but would have been
> a big help in the first phase of the issue).
>
> Maybe I can further clarify what I have successfully accomplished and
> what I haven't.
>
> 1. On Win2k, IIS5.
> 2. This machine is part of our organization's Active Directory. Let's
> call the organization "department"
> 3. I had our network folks create a user in the AD; let's call him
> "webuser".
> 4. Also had the administrator of the Novell server in question create a
> user called "webuser" and gave that user full rights to resources in
> question.
> 5. Passwords were synchronized in both the AD and on the Novell server.
> 6. Added user, picked from AD, to the Administrators group on Win2k box.
> 7. Set up share through Gateway Services for NetWare (to establish the
> necessary connection between this box and the Novell box).
> 8. In IIS, made the changes to the web app to all anonymous and changed
> the anonymous user to the above webuser from the AD, using the now
> synchronized password.
> 9. Changed connection string in ASP page to use the fully qualified UNC.
> 10. Successfully connected and processed page!!!
> 11. Didn't want webuser in Administrators group (too many rights). So
> placed him in a group with fewer rights on the Win2k box.
> 12. Failure. Checked to make sure that that group had access to
> Inetpub/wwwroot/applcition. Failure (but the ASP.NET test version began
> working again at this point)
> 13. Changed connection string to point to another box (Win2k, to make
> sure the whole Novell thing is not the issue). No dice. But the
> ASP.NET version still works (Oh, BTW, first thing I do with every
> failure is to start and stop IIS, in case that is an issue).
>
> I had expected the ASP.NET version to break too, but it kept working....
> So, I am assuming that there is some other folder that is being accessed
> by IIS alone when establishing the connection, that ASP.NET bypasses
> (hence the breakage when groups are changed). It's unforunate, because
> the ASP.NET error message would have been infinitely more useful than
> the ASP message. Am I on the right track? What folders should I be
> looking at? Am I just refusing to see the solution that I have already
> been shown?
>
> Thanks again for your willingness to help.

>> 8. In IIS, made the changes to the web app to all anonymous and changed
>> the anonymous user to the above webuser from the AD, using the now
>> synchronized password.
> and that account was granted logon rights on the IIS box ? such
> as by adding it to the machine local Users group ??? in general
> there are other User Rights the backend account(s) also need . . .
>

"Mark Lybrand" <markyesme@yahoo.com> wrote in message
news:OoFJ$UqNEHA.1388@TK2MSFTNGP09.phx.gbl...
> Okay. Here is the exact error message and connection string:
>
> Error:
>
> Error Type:
> Microsoft JET Database Engine (0x80004005)
> '\\server_name\path\CNs.mdb' is not a valid path. Make sure that the
> path name is spelled correctly and that you are connected to the server
> on which the file resides.
> /webpath/Default.asp, line 35
>
> Connection string:
>
> Provider=Microsoft.Jet.OLEDB.4.0; Data
> Source=\\server_name\path\CNs.mdb;
> (this string is all on one line -- in case you are viewing it broken).