Q206281: Upload to Distribution or Admin server fails

Symptoms

When performing an upload from a Distribution server to another Distribution or the Admin server running Windows 2008 Server this fails and the following information can be found in the upload.log log file.

Error 0xE0500016:
Error 0xE050044D: Failed to create remote directory /ManageSoftRL
Error 0xE0690099: Specified remote directory is invalid, or could not be created
ERROR: Remote directory is invalid
Ignoring failover locations for upload on a distribution server
Uploading finished
************************************************************
Program exited with code 1
In addition to this the following line will also appear in the Internet Information Services (IIS) log file on the server where the upload is taking place.
MKCOL /ManageSoftRL - 443 - 10.193.156.237 Enterprise+Deployment+Suite/8.6+(Windows+x86) 401 2 5 31

The HTTP 401 error in bold confirms the authentication error when uploading to the upload location "anageSoftRL"

Cause

This is caused by the way IIS 7 shipped with Windows Server 2008 handles Anonymous Authentication, this is prohibited for file uploads and WedDAV for all domains, and has been updated from previous versions of IIS. More information on how this can be found below:

http://learn.iis.net/page.aspx/360/what39s-new-for-webdav-and-iis/

Specifically:
o Anonymous PROPFINDs are allowed for file listings, but file uploads and WebDAV-based GET requests require an authenticated user. This is a change from IIS 6.0, where anonymous WebDAV file uploads/downloads could be enabled by opening up your security. In WebDAV for IIS 7.0 we changed this behaviour so that all WebDAV activity would require authentication, but we allow for the use of anonymous PROPFINDs for backward-compatibility with some WebDAV clients. (More specifically, the PUT, MKCOL, PROPPATCH, COPY, MOVE, DELETE, and WebDAV-based GET requests all require authentication.)

The following information describes steps on how to identify and resolve the issue.

Resolution

Identification:
1. Confirm if the servers are on different domains or the same domain by reviewing the system information.
2. Compare the IP address from the server to the IIS log and confirm there is an issue uploading to "/ManageSoftRL" and the HTTP 401 error is present.

 

Resolution:
Servers on the same domain:
1. Enable Integrated Windows Authentication (IWA).
2. Disable Anonymous Authentication.

 

Servers on a different domain
1. Enable ASP.NET Impersonation on the server, IWA cannot be used as the credentials will not be recognised by the domain controller.
2. Set the account under which this runs to a be service account which will also have access to the database.
3. Disable Anonymous Authentication.

 

Alternatively Basic Authentication could be enabled but this will display any usernames and passwords in plain text and is not recommended.

Comments

Powered by Zendesk