0

I've set up a Windows Server 2019 box with IIS, PHP 8 and SQL Drivers, and SQL Server 2019 Express. I created a test PHP application and corresponding application pool, then set up a test database. When trying to connect using sqlsrv_connect, I get the following error:

Login failed for user 'NT AUTHORITY\IUSR'.

(There is more there in the SQL error but it's just the raw error array output and Stack Overflow doesn't like it.)

Now, I believe I have everything configured correctly to use the application pool identity instead of NT AUTHORITY\IUSR. I copied the setup from another older (Server 2012) web server. Screenshots of my setup:

Anonymous Authentication using App pool identity in IIS

App pool identity added on database in SQL Server

Am I missing a setting somewhere, or does Server 2019 handle application pool identities differently than server 2012? I've tried following instructions like on this excellent SO page:

IIS AppPool to SQL Server permissions (adding NT AUTHORITY\IUSR)

But it's like the server doesn't care that I've told it to use the application pool.

UPDATE EDIT: MYSTERY SOLVED

Apologies all, this was a case of extreme user error. I put the "test" directory under wwwroot, ala c:\inetpub\wwwroot\test. I was accessing it as www.domain.com/test, when what I needed to do was set it to run as test.domain.com. It was running under the wwwroot app pool (which in this case was using IUSR) because that is how I was accessing it. Thank you everyone who helped me troubleshoot this!

DHoll
  • 1
  • 4
  • Are you sure your app is running in the correct AppPool? – David Browne - Microsoft Sep 17 '21 at 17:24
  • As far as I can tell, IIS says it's in the "test" AppPool: https://i.imgur.com/TadMdAH.png – DHoll Sep 17 '21 at 17:29
  • Is PHP even hosted in the App Pool process? Or does it use CGI? – David Browne - Microsoft Sep 17 '21 at 17:31
  • I'm using CGI, but PHP seems to be installed and running correctly. I'm able to get phpinfo() to run - https://i.imgur.com/VRbuEmW.png – DHoll Sep 17 '21 at 17:46
  • And what's the CGI "Imersonate User" setting? – David Browne - Microsoft Sep 17 '21 at 18:10
  • It is set to "True" (the default). I set it to "False" but that did not appear to make a difference just now, so I have set it back to false. – DHoll Sep 17 '21 at 18:17
  • What you've shown in the second screenshot are database-level users. Have you also created IIS APPPOL\test at the service-level logins and mapped it to the database user? – AlwaysLearning Sep 17 '21 at 23:12
  • I believe I've done so correctly - https://i.imgur.com/ix9D1mY.png – DHoll Sep 20 '21 at 13:36
  • It is difficult to reproduce your problem, I suggest you open a case via: https://support.microsoft.com. – samwu Sep 21 '21 at 09:58
  • Apologies all, this was a case of extreme user error. I put the "test" directory under wwwroot, ala c:\inetpub\wwwroot\test. I was accessing it as www.domain.com/test, when what I needed to do was set it to run as test.domain.com. It was running under the wwwroot app pool because that is how I was accessing it. Thank you for everyone who helped me troubleshoot this. – DHoll Sep 24 '21 at 18:57
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Sep 24 '21 at 23:00

1 Answers1

0

Apologies all; this was a case of extreme user error.

I put the test directory under wwwroot, i.e., c:\inetpub\wwwroot\test. I was accessing it as www.domain.com/test, when what I needed to do was set it to run as test.domain.com. It was running under the wwwroot application pool (which, in this case, was using IUSR) because that is how I was accessing it.

Thank you everyone who helped me troubleshoot this!

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
DHoll
  • 1
  • 4