none
Mount Azure File Store For IIS Application Pool

    Question

  • This probably should go somewhere else, but I don't see where else to put it, so here goes.

    I am moving an old web service to Azure before we start to rewrite it. The service is in a web farm. The service reads and writes to files currently on a network path.

    I would like to store the files in Azure in blob storage, so I created an Azure File Storage. It doesn't appear that I can get a UNC path for the File Storage; however, I can map a network drive.

    My web service runs in an application pool under a domain user account. That account cannot log onto the device locally, it is only there for access to other resources.

    How do I mount the Azure File Storage as a drive for a user that cannot log in and only exists for the IIS application pool usage?

    Friday, September 30, 2016 8:04 PM

All replies

  • Is it an actual VM you are moving to Azure running IIS? Why can't you use the UNC path that you used to map the network drive? eg when you click on Connect for the file storage you get "> net use [drive letter] \\storage.file.core.windows.net\test /u:username [storage account access key]" UNC in bold then add your username and access key.

    Theres a few good links here to where you can connect to the UNC path in IIS with your username and access key.

    https://blogs.iis.net/davidso/azurefile

    http://fabriccontroller.net/mounting-your-azure-file-shares-on-premises-through-webdav/

    Friday, September 30, 2016 10:29 PM
  • Michael

    have you tried adding a string registry entry to

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

    that would contain the net use command?

    This is not ideal since it will configure drive mapping for all users - so you'd need to determine whether this is an acceptable workaround.

    Alternatively, you can try the following:
    - grant the domain in question temporary permissions to log on locally
    - log on as that user and create drive mapping
    - store the Azure storage account credentials in the Credential Manager by using cmdkey for that user
    - revoke the log on locally credentials

    Another approach (not very elegant) would be to map the drive within the application code

    hth
    Marcin


    Saturday, October 1, 2016 12:38 PM
  • It's an actual VM, and I have mounted the drive with the net use command; however, the app pool user cannot logon to the machine to map the drive and even if they could, I don't think the app pools technically "logon".
    Monday, October 3, 2016 4:05 PM
  • Good suggestion, but that didn't work. I set it to run on machine startup, as the admin, even if no is logged on, and at highest priority. It says it ran successfully, but the web site still errors out trying to access the mapped drive.

    I think this is more of an app pool / IIS issue. Think I'm going to have to find another solution, and it will probably be something I won't like nearly as much as the blob file storage.

    Monday, October 3, 2016 4:08 PM
  • I think this is more of an app pool / IIS issue. Think I'm going to have to find another solution, and it will probably be something I won't like nearly as much as the blob file storage.

    Did you try the link I posted above? https://blogs.iis.net/davidso/azurefile

    Or is that not what you're looking for?
    Monday, October 3, 2016 9:04 PM
  • I did, but it just won't connect to Azure to export the data or to read the data once I exported locally and copied it over.

    Tuesday, October 4, 2016 2:39 PM
  • Which server OS are you running? Can you test this on Server 2012? The Azure File storage supports SMB 3.0 which is on Windows 8/Server 2012. 
    Tuesday, October 4, 2016 11:02 PM
  • I'm on server 2012, but every time I tried to set the shared configuration to point to the Azure file share, it wouldn't prompt me for anything, it just told me that my password or account was wrong. I'm quire sure they were both correct.

    I just went with a file share on another machine and a backup script. Not the solution I would like, but it's temporary until we can update the services, so...

    Wednesday, October 5, 2016 5:20 PM
  • Michael,

    just to make sure - are you saying that you are getting this error message (about password/account wrong) even when you attempt to create a drive mapping from the command prompt within an interactive session?

    hth
    Marcin

    Wednesday, October 5, 2016 6:36 PM
  • No, I can map a drive with an interactive session fine. I trying to get the web service to be able to access the Azure File Store using a UNC path be trying to set up a shared configuration for IIS in the Azure File Storage and it wouldn't work.

    Wednesday, October 5, 2016 6:41 PM
  • Try this first:

    https://blogs.msdn.microsoft.com/chiranth/2016/02/29/keyset-does-not-exist-exception-from-hresult-0x8009000d-while-changing-application-pool-identity-in-iis/

    And then you should be able to change the app pool user account.

    The problem seems to be with the Windows Server 2016 image/IIS Machine Keys 

    Monday, March 13, 2017 5:37 PM
  • Hi

    I know it's been a while since this issue was reported, I'm experiencing it and was wondering if is already solved.

    Thanks!

    Monday, May 7, 2018 6:11 PM
  • Hi Pablo ,

    Could you little bit elaborate your scenario.

    Wednesday, May 9, 2018 9:14 PM
    Moderator