KBA-01093: Web Application Log File is not Created

Question:

Why is the Web Application Log File I specified on the Admin subtab under sfPMS in ICTool not created?   Why does the first user to open the dashboard get Access to the path ‘path-from-ICtool‘ is denied?

Answer:

When a log file has been specified on the Admin subtab under sfPMS in ICTool, but the Windows credentials that IIS is using to run sfPMS have not been granted appropriate access to the file system, an error occurs when sfPMS starts and an attempt is made to create the log file.  Only the first session will see this error message–afterward, logging is disabled and the application continues normally.
An example of the message follows:

Exception Details: System.UnauthorizedAccessException: Access to the path ‘C:Program FilesSpitfireLogssfpms5.log‘ is denied. 

Additional Comments:

The ASP.NET error text includes a detailed explanation:

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

However, to remedy the situation, you should grant access to the folder instead of the file: C:Program FilesSpitfireLogs in the example above:

  1. Open Windows Explorer and find the path.
  2. Righ-click the file in Explorer.
  3. Choose Properties and select the Security tab.
  4. Click Add to add the appropriate user or group.
  5. For IIS 5.x (including prototypes hosted on Windows XP) the default is machineNameASPNET.
  6. For IIS 6, the default is Network Service.
  7. Rarely, if the application has been reconfigured to impersonate the connected user, the default becomes IUSR_MACHINENAME.
  8. If IIS has been configured to run sfPMS in a non-default application pool, then check the configuration of the application pool.
  9. Highlight the newly added account, and check the boxes for the desired access (modify, read, write, list).

Note: Similar conditions apply to the folder where view state and page data state are maintained.


KBA-01093; Last updated: November 11, 2016 at 12:16 pm;
Keywords:  missing log file, vspd; log file missing