20.8.5.2  Workarounds - Accessing Remote Computers

One of the most common types of problems occurs when ASP attempts to access resources located on remote machines. A good example of this is using ADO to access either Microsoft SQL Server on a remote machine or a Microsoft Access .mdb file located on another Windows machine. The problems stem from the fact that ASP is operating in the context of the IUSR_MACHINE account. On servers that are not primary or backup domain controllers, the IUSR_MACHINE account is a local account. Since this local account is not recognized on the remote machine, access is denied to the database.

The two most common workarounds for this problem are:

1.       Change the anonymous logon account on the IIS server from IUSR_MACHINE to a domain account that is recognized by both machines and has sufficient permissions to the resource. In addition, be sure that this account has the log on locally user right on the IIS machine.  Recall that the anonymous logon account is configured through Internet Service Manager.

Note   If you later decide to change back to the IUSR_MACHINE account, be sure that the password provided in Internet Service Manager matches the password provided for this account in the User Manager tool. If the passwords do not match, you will encounter "Access Denied" errors.

2.       Add a local account to the remote machine that exactly matches the username and password of the IUSR_MACHINE account on the IIS machine, and give this account access to the database.

Note   This workaround is not recommended because it involves maintaining two separate accounts. If the passwords get “out of sync” at some point in the future, access will be denied to the database, and errors will occur.