Ravendb hosted in IIS

[steveoh]

OK, I need some advice. I've downloaded ravendb 2261. Created a folder called c:\inetpub\ravendb and put the bin and web.config files from the web folder from the 2261 inside. I set up a new website in iis. I called it ravendb, made a net 4.0 integrated app pool and set the credentials to the account I login to this machine with. I edited my host file by adding 127.0.0.1 and mapped it to localhost-raven. I made the host header for the new site localhost-raven. I also enabled windows auth for the websites.

This machine is a guest windows server 2008 r2 x64 os vm running in fusion 5. It is joined to a domain, and the domain user I login as is an administrator on the machine. I explicitly gave the c:\inetpub\ravendb full access. I can navigate to http://localhost-raven and see that all the files and folders are created within that directory (databases, analyzers, etc). I get the raven studio and it prompts me to create a database. I go to add a new database and get the error below. Where did I foul up?

If I click on system database, it warns me that fooling around will screw up stuff. Then it shows 0 documents.

I've tried creating a local user, adding them to the administrators group, changing the app pool to run as them and I have the same problem.

I've also tried creating an application and virtual directory under the default website to point at the same folder and I get 404 errors.

 

Could not get authorization for this command.

If you should have access to this operation contact your admin and check the Raven/AnonymousAccess or the Windows Authentication settings in RavenDB 

Server sent:

   at Raven.Studio.Infrastructure.InvocationExtensions.Catch(Task parent, Func`2 func)

   at Raven.Studio.Infrastructure.InvocationExtensions.Catch(Task parent, Action`1 action)

   at Raven.Studio.Infrastructure.InvocationExtensions.Catch(Task parent)

   at Raven.Studio.Commands.CreateDatabaseCommand.<>c__DisplayClassa.<>c__DisplayClassc.<Execute>b__6(List`1 bundlesData)

   at Raven.Studio.Infrastructure.InvocationExtensions.<>c__DisplayClass14`1.<>c__DisplayClass16.<ContinueOnSuccessInTheUIThread>b__13()

   at AsyncCtpThreadingExtensions.<>c__DisplayClass4.<InvokeAsync>b__3()

   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

   at System.Delegate.DynamicInvokeImpl(Object[] args)

   at System.Windows.Threading.DispatcherOperation.Invoke()

   at System.Windows.Threading.Dispatcher.Dispatch(DispatcherPriority priority)

   at System.Windows.Threading.Dispatcher.OnInvoke(Object context)

   at System.Windows.Hosting.CallbackCookie.Invoke(Object[] args)

   at System.Windows.RuntimeHost.ManagedHost.InvokeDelegate(IntPtr pHandle, Int32 nParamCount, ScriptParam[] pParams, ScriptParam& pResult)

Client side exception:

System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]

Arguments: NotFound

Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?linkid=106663&Version=5.1.10411.0&File=System.Windows.dll&Key=HttpWebRequest_WebException_RemoteServer

   at System.Net.Browser.ClientHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at System.Func`2.Invoke(T arg)

   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise)

[racielrod]

Do you have Windows Authentication enabled?

[steveoh]

 I've enabled windows auth for the websites in IIS.

[Oren Eini (Ayende Rahien)]

And you still get this error?

Did you setup the user you are trying to connect as inside the studio?

--
You received this message because you are subscribed to the Google Groups "ravendb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[steveoh]

I didn't think I needed to setup any users inside the studio. Turning on windows auth for the site gives me a different error. I was looking for that blog post you posted, oren, where you talk about how raven tries to figure out if you're an admin? Since it seems now that it doesn't think my user is an admin.

Could not get authorization for this command.

If you should have access to this operation contact your admin and check the Raven/AnonymousAccess or the Windows Authentication settings in RavenDB 

Server sent:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml"> 

<head> 

<title>IIS 7.5 Detailed Error - 401.1 - Unauthorized</title> 

<style type="text/css"> 

<!-- 

body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} 

code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} 

.config_source code{font-size:.8em;color:#000000;} 

pre{margin:0;font-size:1.4em;word-wrap:break-word;} 

ul,ol{margin:10px 0 10px 40px;} 

ul.first,ol.first{margin-top:5px;} 

fieldset{padding:0 15px 10px 15px;} 

.summary-container fieldset{padding-bottom:5px;margin-top:4px;} 

legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} 

legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; 

 border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; 

 border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;font-size:1em;} 

a:link,a:visited{color:#007EFF;font-weight:bold;} 

a:hover{text-decoration:none;} 

h1{font-size:2.4em;margin:0;color:#FFF;} 

h2{font-size:1.7em;margin:0;color:#CC0000;} 

h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} 

h4{font-size:1.2em;margin:10px 0 5px 0; 

}#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; 

 color:#FFF;background-color:#5C87B2; 

}#content{margin:0 0 0 2%;position:relative;} 

.summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} 

.config_source{background:#fff5c4;} 

.content-container p{margin:0 0 10px 0; 

}#details-left{width:35%;float:left;margin-right:2%; 

}#details-right{width:63%;float:left;overflow:hidden; 

}#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; 

 background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; 

 font-size:1em;color:#FFF;text-align:right; 

}#server_version p{margin:5px 0;} 

table{margin:4px 0 4px 0;width:100%;border:none;} 

td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:bold;border:none;} 

th{width:30%;text-align:right;padding-right:2%;font-weight:normal;} 

thead th{background-color:#ebebeb;width:25%; 

}#details-right th{width:20%;} 

table tr.alt td,table tr.alt th{background-color:#ebebeb;} 

.highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} 

.clear{clear:both;} 

.preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} 

--> 

</style> 

 

</head> 

<body> 

<div id="header"><h1>Server Error in Application "RAVENDB"</h1></div> 

<div id="server_version"><p>Internet Information Services 7.5</p></div> 

<div id="content"> 

<div class="content-container"> 

 <fieldset><legend>Error Summary</legend> 

  <h2>HTTP Error 401.1 - Unauthorized</h2> 

  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> 

 </fieldset> 

</div> 

<div class="content-container"> 

 <fieldset><legend>Detailed Error Information</legend> 

  <div id="details-left"> 

   <table border="0" cellpadding="0" cellspacing="0"> 

    <tr class="alt"><th>Module</th><td>WindowsAuthenticationModule</td></tr> 

    <tr><th>Notification</th><td>AuthenticateRequest</td></tr> 

    <tr class="alt"><th>Handler</th><td>All</td></tr> 

    <tr><th>Error Code</th><td>0xc000006d</td></tr> 

     

   </table> 

  </div> 

  <div id="details-right"> 

   <table border="0" cellpadding="0" cellspacing="0"> 

    <tr class="alt"><th>Requested URL</th><td>http://localhost-raven:80/admin/databases/WSUT</td></tr> 

    <tr><th>Physical Path</th><td>C:\inetpub\ravendb\admin\databases\WSUT</td></tr> 

    <tr class="alt"><th>Logon Method</th><td>Not yet determined</td></tr> 

    <tr><th>Logon User</th><td>Not yet determined</td></tr> 

     

   </table> 

   <div class="clear"></div> 

  </div> 

 </fieldset> 

</div> 

<div class="content-container"> 

 <fieldset><legend>Most likely causes:</legend> 

  <ul> <li>The username supplied to IIS is invalid.</li> <li>The password supplied to IIS was not typed correctly. </li> <li>Incorrect credentials were cached by the browser.</li> <li>IIS could not verify the identity of the username and password provided.</li> <li>The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.</li> <li>The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.</li> <li>Invalid Kerberos configuration may be the cause if all of the following are true:</li> <ul> <li>Integrated authentication was used.</li> <li>the application pool identity is a custom account.</li> <li>the server is a member of a domain.</li> </ul> </ul> 

 </fieldset> 

</div> 

<div class="content-container"> 

 <fieldset><legend>Things you can try:</legend> 

  <ul> <li>Verify that the username and password are correct, and are not cached by the browser.</li> <li>Use a different username and password.</li> <li>If you are using a custom anonymous account, verify that the password has not expired.</li> <li>Verify that the authenticating user or the user's group, has not been denied login access to the server.</li> <li>Verify that the account was not locked out due to numerous failed login attempts.</li> <li>If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.</li> <li>Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click <a href="http://go.microsoft.com/fwlink/?LinkID=66439">here</a>. </li> </ul> 

 </fieldset> 

</div> 

 

 

<div class="content-container"> 

 <fieldset><legend>Links and More Information</legend> 

  This error occurs when either the username or password supplied to IIS is invalid, or when IIS cannot use the username and password to authenticate the user. 

  <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=401,1,0xc000006d,7600">View more information &raquo;</a></p> 

  <p>Microsoft Knowledge Base Articles:</p> 

 <ul><li>907273</li><li>871179</li><li>896861</li></ul> 

 

 </fieldset> 

</div> 

</div> 

</body> 

</html> 

   at Raven.Studio.Infrastructure.InvocationExtensions.Catch(Task parent, Func`2 func)

   at Raven.Studio.Infrastructure.InvocationExtensions.Catch(Task parent, Action`1 action)

   at Raven.Studio.Infrastructure.InvocationExtensions.Catch(Task parent)

   at Raven.Studio.Commands.CreateDatabaseCommand.<>c__DisplayClassa.<>c__DisplayClassc.<Execute>b__6(List`1 bundlesData)

   at Raven.Studio.Infrastructure.InvocationExtensions.<>c__DisplayClass14`1.<>c__DisplayClass16.<ContinueOnSuccessInTheUIThread>b__13()

   at AsyncCtpThreadingExtensions.<>c__DisplayClass4.<InvokeAsync>b__3()

   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)

   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

   at System.Delegate.DynamicInvokeImpl(Object[] args)

   at System.Windows.Threading.DispatcherOperation.Invoke()

   at System.Windows.Threading.Dispatcher.Dispatch(DispatcherPriority priority)

   at System.Windows.Threading.Dispatcher.OnInvoke(Object context)

   at System.Windows.Hosting.CallbackCookie.Invoke(Object[] args)

   at System.Windows.RuntimeHost.ManagedHost.InvokeDelegate(IntPtr pHandle, Int32 nParamCount, ScriptParam[] pParams, ScriptParam& pResult)

Client side exception:

System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]

Arguments: NotFound

Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?linkid=106663&Version=5.1.10411.0&File=System.Windows.dll&Key=HttpWebRequest_WebException_RemoteServer

   at System.Net.Browser.ClientHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at System.Func`2.Invoke(T arg)

   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise)

[steveoh]

Also, every time i try to 'Add User Settings' they never persist. I save changes and it wants a user/pass and I can't give it anything it will accept. I wonder if it's some weird AD rules our dept has setup. Would you suggest I go the local user route, and add them to the administrators group? Then use that to run the app pool etc?

[steveoh]

found the blog post.

• If you are logged in using Windows Auth, we make the following assumption:
• If you are a Windows Admin, you are an administrator (ouch!).
• If you are running on the same user as the one RavenDB is using, you are an administrator (debug / dev scenarios).

I am logged in as the same user as the one raven is running if that user is the app pool identity. I wonder if UAC is getting in the way here.

[Chris Marisic]

On Monday, February 25, 2013 2:52:09 PM UTC-5, steveoh wrote:

I am logged in as the same user as the one raven is running if that user is the app pool identity. I wonder if UAC is getting in the way here.

 You run your application pool identity as a domain user and not ApplicationPoolIdentity?

[steveoh]

I'll try anything once.

[steveoh]

What do I do to get raven to think I am an admin? This is really frustrating.

[Oren Eini (Ayende Rahien)]

Either be an admin on the machine / domain.

Run RavenDB with the same user that you are running on.

Note that AppPoolIdentity won't work for that.

--

[Oren Eini (Ayende Rahien)]

Note that you may want to just run the db in console mode, setup the permissions, then move the db to IIS mode.

[steveoh]

good note, that worked for me thanks.

[steveoh]

would you mind skyping with me sometime this week to get this figured out. I get 401's while trying to create indexes.

[Oren Eini (Ayende Rahien)]

I am on ayenderahien in skype, ping me.

[steveoh]

i sent you an instant message.

[Oren Eini (Ayende Rahien)]

I'm not available until tomorrow

[steveoh]

What are the implications of doing this?

On Monday, February 25, 2013 1:29:17 PM UTC-7, Chris Marisic wrote:

[Oren Eini (Ayende Rahien)]

Of running the app pool as a domain user? Not much, it is just that it has the same access as that user.

--

[steveoh]

The problem was I had setup in IIS a new web site and mapped it to localhost port 80. This was the root of the problem. You can’t authenticate against the local server using anything except the local server name. Unless, you do a registry hack outlined http://ayende.com/blog/16385/more-auth-issues-0xc000006d-on-windows-2008-r2. Without doing the registry hack, i changed the binding to 8082 and removed the host name on the website and changed my connection strings to the machine name. I was then able to authenticate with my domain account users and with the app pool identities that the sites using raven db were running as.

thanks Oren for your help.