I am running Directory Services from AWS and have created an EC2 Windows instance in this Domain. This EC2 instance is serving a webapplication through IIS.
The webapplication is connected to the active directory and users have to login first.
I can create users in the Active Directory. But I have to set their passwords and the users have no change to change their password. When I set the option "users have to change password on next login" they are not able to login.
How can I get a kind of portal, that the users can set their password and change it?
Related
How to differentiate between users created via GCDS sync from Ldap server and user created in Google workspace by Admin console or using APIs.
I have created some users in Google Workspace using Admin Console and I used GCDS and synced some users from LDAP Server. Is there any way to find which users are created by GCDS.
Checked if there is any user attribute in Google workspace to differentiate on-prem synced user or Admin console created user, but no luck.
I've got EC2 instance with IIS and mapped FSx file system on AWS. All in one VPC in one subnet.
IIS config works perfectly as long as it's configured with local drive. When I change config to use path from that mapped FSx I've got an error. Even for just a test static page.
All current users have full access to those files. Do I need to set up any special users for IIS on Domain Controller? Any special permissions? I would appreciate any ideas...
First of all, you need to figure out the substatus code of your IIS server and detailed error message. So please enable IIS detailed error message for your website.
I assume this issue happened just because your identity don't have permission to access configuration file.
1.Please Ensure your IIS site->basic settings->connect as..->set your domain account that have permission to accessyour FSX
2.Please set your application pool identity to your domain account that have access to the FSx.
3.Please grant permission for that application pool account.
4.Please set your authentication user to use application pool identity. For example, if you are using anonymous authentication. Then go to->anonymous authentication->edit..->Application pool identity.
If you don't know how to troubleshooting this issue. Prcoss monitor would help.
You only have to create a filter "RESULT=Access denied & Processname="w3wp.exe".
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
SOLTUION: you can not use the drive letter must be full DNS name for fsx console \DNS_NAME\share
I am having this exact issue. Drive is available on ec2 instance but authorization in IIS fails. Browse directory from IIS workd but can not get authorization to pass test. I have tried admin on EC2 and admin on active directory as users in IIS virtual drive.
It seems that you need to configure the IIS application pool identity to use a domain account that has access to the FSx file system. By default, the application pool identity is a local account that does not have any permissions on the network share.
To change the application pool identity, follow these steps:
Open IIS Manager and select the application pool that hosts your website.
Click on Advanced Settings in the Actions pane.
Under Process Model, click on Identity and then on the ellipsis (...) button.
Select Custom account and enter the domain user name and password that has access to the FSx file system. Click OK to save the changes.
Restart the application pool and the website.
Alternatively, you can use the command line tool appcmd.exe to set the application pool identity. For example, to set the identity to domain\user for the DefaultAppPool, you can run:
appcmd.exe set config /section:applicationPools /[name='DefaultAppPool'].processModel.identityType:SpecificUser /[name='DefaultAppPool'].processModel.userName:domain\user /[name='DefaultAppPool'].processModel.password:password
You can also use PowerShell to set the application pool identity. For example, to set the identity to domain\user for the DefaultAppPool, you can run:
Import-Module WebAdministration
Set-ItemProperty IIS:\AppPools\DefaultAppPool -Name processModel -Value #{identityType="SpecificUser";userName="domain\user";password="password"}
For more information, see this article on how to access FSx file shares from IIS.
WAS is configured to use an Active Directory to authenticate, but the default admin account was left on the local file repository. When the AD connection is working we are able to login to the admin console using the default admin account, but when AD is down we are not able to use the default admin account to login. Any ideas as to why this is happening?
Any help would be greatly appreciated.
Check this link Unable to authenticate when a repository is down. You didnt write which version you are running, but by default if one of the federated repos is down you will not be able to log in.
You can use updateIdMgrRealm wsadmin command to set the –allowOperationIfReposDown parameter to true. This will allow you to log in with the user from working repository.
I have an application that has to save an uploaded file to 2 different servers for load balancing purpose. The first server (serv01) is the same server as the application that I'm building, so no problem. But when the code execute the upload process to the second server (serv02) using the following path;
\\serv02\path\path\
I get this exception "Logon failure: unknown user name or bad password.".
I suppose I have to add permission to asp.net user on the serv01 to this network location, but how? If I tried to add permission, it always asks users from serv02. Is there anyone who can help me with this?
Thanks
Are you running in a workgroup or a domain?
If a workgroup then setup the same account that your using for your AppPool account on both servers (matching username & password) so that workgroup networking will work.
If it's a domain it should just be a case of configuring your AppPool to use a domain user account that has permissions to write to the share on each server.
Is there a way to access a folder on network share with a service account?
I am using Windows 7 ent.
Is there a way to access a folder on network share with a service
account?
YES
It should prompt you for the credentials when you try to access it, and in there you will enter your Domain username and password.
If your account does not have sufficient security permissions, then you won't be able to access it. Ask your network admin to check to see if you have sufficient permission.