I have checked all file permissions and they all seem solid.
What are the permissions on the files?
If your web site uses anonymous authentication, then typically you need to grant access to the IUSR account. If the site authenticates the client user, then you need to grant access to the IIS worker process account. Typically that would be the IIS_IUSRS group. If the site authenticates and impersonates the client then you need to grant access to some group that identifies the client user accounts. Sometimes "everyone" is used in that case.
Trace access with Process Monitor.
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
https://www.bing.com/videos/search?q=how+to+use+process+monitor&FORM=HDRSC4
Add a filter for "path contains" that references the directory that your site cannot access. Trace the error. Look for "Access denied" in the Result column. Double click on that entry and look at the Process tab. That will show you the account being used.
If you don't find an error, remove the filter and trace everything. Again look for Access Denied.