Share via

Windows Server 2016 DLL not able to access files

Josh Curry 0 Reputation points
2023-05-09T20:21:21.0066667+00:00

We have a custom DLL that inserts .tif images into pdf files programmatically. I am posting

here because we have ruled out code. This has worked for 2 years on windows server 2016 R2,

also still currently working on all of our development machines. Server has not been modified in

over 6 months. No code has been changed in 2 years. All of the other functions

the dll performs are all still working on the server as well. I have checked all file permissions

and they all seem solid. I turned off windows defender firewall just to check, no go. I added

local policy file auditing to see when the file is accessed. The audit shows success every time

i run the app. First it shows the handle to an object was requested, showing the tif image and

using the process w3wp.exe (IIS). Next success on an attempt was made to access an object, last

success on handle to an object was closed. I guess i am asking if we ruled out code all together,

what other methods could i use to troubleshoot this further. This is boggling my brain.

Any help would be appreciated as all of our scanning uses this method and its currently down.

Thanks.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,497 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MotoX80 33,461 Reputation points
    2023-05-09T23:32:34.91+00:00

    I have checked all file permissions and they all seem solid.

    What are the permissions on the files?

    If your web site uses anonymous authentication, then typically you need to grant access to the IUSR account. If the site authenticates the client user, then you need to grant access to the IIS worker process account. Typically that would be the IIS_IUSRS group. If the site authenticates and impersonates the client then you need to grant access to some group that identifies the client user accounts. Sometimes "everyone" is used in that case.

    Trace access with Process Monitor.

    https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

    https://www.bing.com/videos/search?q=how+to+use+process+monitor&FORM=HDRSC4

    Add a filter for "path contains" that references the directory that your site cannot access. Trace the error. Look for "Access denied" in the Result column. Double click on that entry and look at the Process tab. That will show you the account being used.

    If you don't find an error, remove the filter and trace everything. Again look for Access Denied.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.