ASP.NET/IIS7.5 Writing Log File Not Working (Permissions, UAC, Config., ???)
Question
We're having trouble migrating our ASP.NET applications to Windows Server 2008 R2 x64 and IIS7.5. The problem is that our ASP.NET apps write log files, and these log files are not being written. The only way the apps write their log files is if I'm logged into the server as the local Administrator user or if I right click and run IE as Run as Administrator, neither of which is an acceptable solution for us.
Our platform is: Windows Server 2008 R2 x64 (UAC setting is the default setting) IIS7.5 ASP.NET 4.0 (using Windows authentication and impersonation, both on in web.config)
Our app gets installed to: D:[appname] [appnameWebSite] (all the .aspx, .dll, etc. files are in here) \\Log (the app tries to write the log file to this folder)
On the server: Created new App Pool (name: [appname], .NET 4.0, Managed Pipeline Mode: Classic, Identity: ApplicationPoolIdentity, Load User Profile: False, all other properties are the defaults) Created IIS application pointing to D:[appname][appnameWebSite] and added it the the new App Pool (Full trust level) Have a domain user in local Administrators group
With all the configuration and default settings listed above, the ASP.NET app will not write the log file. The app appears to work fine in the browser, but no log.txt file.
To try to "fix" this issues, we've tried many things: Tried Application Pool setting: Managed Pipeline Mode: Integrated Tried Application Pool setting: Identity: NetworkService Tried Application Pool setting: Identity: LocalSystem Tried Application Pool setting: Load User Profile: True Gave Users group full control to file system for our application folder structure (tried appname folder, tried Log folder only, tried appnameWebSite and Log folders only) Gave IIS AppPool[appname] (matching the new App Pool) user full control to file system for our application folder structure (tried appname folder, tried Log folder only, tried appnameWebSite and Log folders only)
None of these things helped. Again, the app would run fine, just no log file created.
As mentioned above, the only way that the log file is created when the app runs is if we log into the server using the local Administrator account (which makes sense since he's a super user) or if we run IE as administrator and elevate privileges.
Any suggestions? Help? Questions?
Thanks!
4 answers
solution1
9 2015-05-07 19:42:23
I tried granting every permission possible and still wasn't getting any log files. Finally I came across this which suggested changing the ownership of my logfiles directory. I checked, and the directory ownership was set to SYSTEM. I changed it to Administrators and applied the change recursively. I bounced IIS, hit a webpage from the site in the browser, and now I have log files. Hooray!
Note: the thing that tipped me off was checking the System event log. I was getting 15006 errors saying "Owner of the log file or directory C:\\inetpub\\logfiles\\W3SVC1\\some.log is invalid. This could be because another user has already created the log file or the directory."
solution2
5 ACCPTED 2011-05-17 22:44:12
Well, after days of trying every IIS option, user and group accounts, file system permissions, Process Explorer, etc., I think we got it working:
- We reset all our IIS app pool and web site settings to their default values
- We also reset the folder/file system permissions on our Log folder to the default settings
- Then we turned off Internet Explorer Enhanced Security Configuration on the server
And success! The log file is written as expected no matter what user is using the ASP.NET application, and no matter if they're running it on the server itself or from a workstation.
I don't know if turning off Internet Explorer Enhanced Security Configuration on the server is the "correct" thing to do or if it violates any best practices, but it seems to work for us.
Does anyone have anything to add?
solution3
3 2011-05-13 00:38:00
I struggled with this one for a while. The ApplicationPoolIdentity is a member of the Users group and the Users group has limited access.
From Explorer, right-click on the folder where you are trying to write and go to Security. Click the Advanced button. you will see that Users have Read and Execute permission and the Users group may or may not have Special permissions. If not, Click on Change Permissions and give Users the ability to Create files / write data and Create folders / append data . This is restricted to this folder. I usially use a subfolder so that I not provide write access to my whole website.
Try creating log files again. This is the only permission that I needed to set to make it work.
solution4
0 2018-07-01 03:29:55
For me the trick was giving write access for SYSTEM and Administrators not only to the log folder itself, but also every folder in the path . This is not how permissions usually work in Windows, but IIS appears to be really rather particular about it. Not that there is a good reason to remove these two from the ACLs to begin with.
If you suspect this to be the problem, check the Event Log under Windows Logs / System. This issue manifests itself as an Error entry from source HttpEvent, and reads "Unable to create log file C:\\path\\to\\logs\\W3SVC1\\u_extend1.log. Make sure that the logging directory is correct and this computer has write access to that directory."
PS This is true for IIS 10 but may apply to other versions too.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.