IIS prompting for domain login on /scp but not root site

jkeegan

I've been racking my head on this one. I installed osTicket on IIS 7 everything is working correctly, emails are going out, and coming in. Everything is fine except when I go to the admin section /scp folder to login, I'm prompted in my browser window to authenticate with my domain. All the file level permissions are the same throughout the app and only one file is marked as read only (/include/ost-config.php). I have checked at least 20 times to be sure and checked each individual file. So I'm confident that there's no file level issues. I have also moved the entire folder (that contains the app) over to another drive and reset the file level permissions again to be sure there wasn't a corruption on that drive causing an issue. I guess my question is,... what could osTicket be doing in /scp that would cause it to act so differently from the main section (I mean index.php and users accessing tickets and submitting tickets with no prompt for domain credentials)? I just don't know where I'd look from here. Any ideas?

Thanks in advance for any help. )

ntozier

When you say that you are prompted to log in with domain credentials, do you mean you get a pop up box like "Windows Security"? Or do you mean OST's login page?

If you mean the former, then you want to check the following:

1. If you open the web.config file in the directory /path/to/osticket/scp

Look to see if someone set manual password protection. It would look something like:

<configuration>

<system.webServer>

<security>

<authorization>

<add accessType="Deny" users="?" />

</authorization>

</security>

</system.webServer>

</configuration>

2. If someone hasn't set manual password protection then make sure that anonymous user has access to that directory. If they do not then one has to authenticate to get the credentials necessary to load the page contained in said directory.

Fire up inetmgr (IIS Manager), in the left pane drill down to the directory under the website. (ie /site/scp). In the middle pane double click "Authorization Rules". The resulting screen should have a list of Authorization Rules. Mine says:

mode: Allow

Users: All Users

Entry Type: Inherited

You can change things in here to permit specific users, groups, etc to be the ones capable of accessing it.

I hope this points you in the right direction. :)

jkeegan

Thanks. The authentication I'm speaking of is the Windows one. The OS Ticket authentication works fine. It's just that the Windows/Domain authentication keeps popping up. Even if I enter the correct credentials, and in fact it doesn't matter even if I do or don't, because os ticket still navigates through the pages even when I click cancel to the authentication. I'm running IIS 6 actually, so my screens are different than you described, but I do have the IUSR_XX with read and execute rights. The same as my default site and the root osticket directory where I don't have this issue. I have installed osticket previously on an Apache server (another client) and have no issues. This is my first time using IIS with it, and it's been quite a nightmare so far. It even starts working once in a while when neither me nor anyone else in doing anything on the server config. We just working away, and then all of a sudden it works for about an hour. It's like IIS is flaking out on the session or something? Or maybe with the php _isapi. I'm not sure.

So I still have the issue. Any other thoughts, I'd be happy to try pretty much anything to resolve this, but so far, I'm leaning towards putting it on a dedicated Apache server.

ntozier

I ran OST under IIS6 (and migrated to IIS7) and didn't ever have the problem your describing.

Have you tried going into IIS6 (inetmgr) and removing the site? Then re-adding it? Because it really sounds to me that IIS6 is misbehaving. (Like a .htaccess is sitting in /scp/ ... too bad IIS6 would just ignore it anyway.) Or better, renaming it to something else. Then creating the site with the old name and configuring it.

It sounds like a permissions thing to me.

Does IUSR_ have permissions to the directory?

Is this site a sub site under another site? ie

main site

- ticket site