Quick query regarding a knowledge base error if anyone can help with this one please.
After performing an iis reset the automatic knowledge searches (on the incident window) have stopped returning results for our integrated login versions of console.
Checking the server reports errors saying:
Access to the path '\\servername\lucene\index' is denied
We have not changed anything to my knowledge from the day before; any ideas as to exactly what specifically needs to be granted access to the lucene folder?
Many thanks for any help.
I think this uses the account which IIS is running under (by default this is the network service account).
Does the network service account have access to the Lucene directory.
Thanks for the response.
I've checked the Lucene folder and the 'Index' folder within there, they both have 'Network Service' listed under the security for both with full access given to this.
Is there anything else I could perhaps check?
Does the search work when logged in explicitly?
If so do the IIS directories/ application pools have different authentication setting to the explicit tps directory?
When logged in explicitly the automatic searches seem to work okay, integrated login is where they're not working at the moment.
I've checked both tps files on each server (see below) and they look to be the same apart from the parts I've pasted in below, each login policy is also correctly
set to 'IntegratedOnly' or 'ExplicitOnly' depending on the tps file in question.
itbmapp2 Server (Explicit Logons):
<add key="FreeTextSearchIndexPath" value="C:\Program Files (x86)\LANDesk\Lucene" />
itbmweb2 Server (Integrated Logons):
<add key="FreeTextSearchIndexPath" value="\\itbmapp2\lucene" />
Does anything look wrong with the above?
You asked if the iis directories / application pools have different authentication settings to our tps directories; could you please go into a little more detail as
to where I should be checking this and what I'm looking for exactly?
Many thanks for all your help with this.
Yes that looks ok, as long as the share can be accessed by the Network Service (\\itbmapp2\lucene).
Which version of IIS are you using? I will show you where the authenication settings can be found.
I cannot see any 'Authenticated Users' listed under security for the Lucene folder; here's what's listed at the moment:
Network Service - Full access
Administrators (itbmapp2\administrators) - Full access
Users (itbmapp2\users) - Read/Execute
IIS_IUSRS (itbmapp2\IIS_IUSRS) - Full Access
Is this perhaps what's causing the issue with our integrated logins?
When opening IIS Manager there should be a list of the virtual directories if you select the TPS directory then click on Authentication it will give you a list of the authentication options.
These setting should be the same on Explicit and Integrated tps directories. This problem could be caused if IIS is picking up an 'authenticated user' and trying to access the directory with this user instead of the network service.
If you right on the application pool (being used) in the tree it will show an advanced option which shows the user that is being used by IIS (the default is the network service).
I've looked within iis manager but I'm not sure if I'm looking in the correct place, regarding what you mentioned to look for at least.
Please see the attached screenshot, that is what's listed for me when opening up iis manager.
As for adding a user as an individual to test; do you mean just to add them as an individual to the Lucene folder, under the security tab?
Many thanks, the server / iis side of things are not my strong point as you can tell!
Yes that is the right area further down in the security category there is an icon for the authentication settings.
The virtual directory that is being used can be found by selecting Help and About in Console.
Yes that was what I meant. I think Christian was suggesting this when he said "Authenticated User".
If this does not work I would suggest contacting your Support Provider so someone can check the settings to see why the integrated tps is not connecting to the folder.
Give them the link to this thread so they can see what we have tried so far.
IIS could be one thing but the other thing is security permissions on the folders. Try to modify the "lucene" folder an add the "authenticated user", its a built in windows account, to this folder. Do an iisreset and try the backgroundsearch. If this is not working, give "everyone" rights on this folder so you can see, if it is a ntfs permission problem or not. After that, you can go on with IIS.