I have a web application that runs using the NETWORK SERVICE
account and which has a Virtual Directory to a shared folder (containing images) on an EMC VNX NAS/SAN Unified Storage file server.
I don't know much about those file servers that's why I am asking here on serverfault.
When I configure the web application to access the shared folder using my domain account, the application can load the images, however when I set the application use the NETWORK SERVICE
account, (which would translate to the web server's DOMAIN\MACHINE$
account), I am unable to access the files. Of course I have added the DOMAIN\MACHINE$
account to the shared folder permissions as well as the NTFS permissions. I've even tested accessing shared folders on other Windows Servers using the NETWORK SERVICE
account and they work.. I am unable to connect only to the EMC file server in this way.
I also ran Process Monitor on the web server and I see that the NT AUTHORITY\NETWORK SERVICE
user gets a 0xC0000199 Result when trying to access the \fileserver\sharedfolder path.
I googled that status result and I get things like:
STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
"The account
used is a Computer Account. Use your global user account or local user
account to access this server."
and other results that seem to suggest that the problem is that I am using a computer account not a user account.
Also the Event Viewer from the file server, shows these two Failure Audits in the "Security" tab:
Event ID: 681
The logon to account: MACHINE$
by: EMC NTLMSPP
from workstation: MACHINE
failed. The error code was: CIFS error: DC AUTH ERROREvent ID: 533
Logon Failure:
Reason: User not allowed to logon at this computer
User Name: MACHINE$
Domain: DOMAIN
Logon Type: 3
Logon Process: CIFS error: DC AUTH ERROR
Authentication Package: EMC NTLMSSP
Workstation Name: MACHINE
I do not know what configurations I need to put in place to allow computer accounts and I am assuming a lot of you server professionals have faced this issue before so if anyone can help me out I would appreciate it. Thanks!
Best Answer
Reconfigure the service to run as an actual service account, and assign the correct NTFS permissions to that account on the fileshare.