migrated to Domain Controller

[ekrauska]

We just migrated our Vault server. It is now on a domain controller and we have issues getting to the page. Whenever we pull up the url to the vaultservice folder, we get a popup username prompt. It's the standard IE one prompting for a username and password. Is there a configuration issue on a W2K3 domain controller that I need to change in order to get the service working?

Thanks!

[ekrauska]

I believe I am on the right track of finding out what the problem is. The Permissions for the VaultService folders has 2 SID's listed instead of names, so my guess is the permissions are off. Can someone tell me what permissions each folder within VaultService should have?

Thanks!

[lbauer]

The installer should have set the proper permissions for the account used by the Vault Service. The account used by Vault needs the following permissions:

FULL CONTROL - %WINDIR%\Microsoft.NET\Framework\<version>\Temporary ASP.NET Files

READ - .Net Framework hierarchy (%WINDIR%\Microsoft.NET\Framework\<version>)

READ - %WINDIR%\assembly
This is the global assembly cache. You cannot directly use Windows Explorer to edit ACLs for this folder. Instead, use a command Windows and run the following command:
Code: cacls %windir%\assembly /e /t /p domain\useraccount:R

FULL CONTROL - %SYSTEMDRIVE%\Inetpub\wwwroot\VaultService

FULL CONTROL - %SYSTEMDRIVE%\Inetpub\wwwroot\VaultService\VaultShadowFolder

READ / WRITE / MODIFY - %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys

To determine which account Vault is using, look for "Identity" in the System started section of the sgvault.log file in %windir%\temp\sgvault.

[ekrauska]

Thank you for the help. I made these adjustments and it helped - I got different errors. I fixed the new errors and have gotten it to work, but I have a feeling there is a problem with .NET 2.0 now. Even after new Applications are configured, they still want to inherit settings from the root web.config file.

Thanks again for the help.