Warning: Authorization – Cannot verify access to path (C:\inetpub\wwwroot\).

I’m sure you have seen the below warning message many times with IIS 7+

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Now, you are getting this message, when you clicked on the ‘Test Connection’ button while you adding new site or virtual directory. I have seen quite many posts regarding this misleading message 🙂

First of all, this is not an error but warning message instead, next the warning message is pretty self explained, and no need to be extra alarm about it. Anyway, in short because the default application pool identity is NetworkService account, which is a built-in account + default authentication mode is pass-through, hence IIS can’t verify ‘simulate’ or verify the access when you clicked the button. Hmm…. ha! well that’s exactly what’s written in the warning message 🙂 haha! if you put in a custom account, IIS will take it and access using the account SID, for built-in account, ‘things’ will kick in at run time. Next, if the resource is readible by user, NetworkService account should have no issue reading the file as well.

Anyway, if you do experience access problem later when you test to access the content path, IIS log file – request status code + sub status code is your best friend, if it is permission related you should be getting 401.3 error. You can also get procmon to help troubleshooting access related errors.

Leave a Reply

Your email address will not be published. Required fields are marked *