UNC Based Virtual Directory on IIS

How To Setup a UNC Based Virtual Directory on IIS

Creating a UNC Based Virtual Directory in your website that maps to a remote UNC file path is a nice feature in IIS. It’s also a common configuration in IIS. For large repositories of static HTML, Images, or File Downloads, keeping them one file share rather than deploying to all your file servers can simplify your configuration and save on storage. But there are a few things to keep in mind before setting up a UNC Based Virtual Directory in IIS to prevent problems later. We’ll walk through the setup and a few common errors in this article.

Prerequisites

Before you open up IIS Manager you need to gather the following information to setup a UNC Based Virtual Directory:

  1. Obtain the full UNC path to be used. You may want to think about your DR strategy here. Does the File Server have replication for DR recovery? If so, you may want to use a DNS alias that can be pointed at the DR server. A DFS Share would work well for this solution.
  2. Obtain a domain account that has at a minimum read and browse access to the share. Ideally, you want to use a service account that is dedicated to this, or at least dedicated for IIS use.
  3. Check your network layout and ensure there are no firewalls between your IIS server and the File Server. If you are running in Azure or AWS, each server could have distinct network rules in place. Depending on the File Server you’re using you may need to configure SMB Protocol access, TCP Ports 137, 139, 445.

Configuration Steps

  1. Add the domain account to the IIS server’s IIS_IUSRS group.
  2. Open IIS Manager and navigate to the parent website or virtual directory where you want to add the new UNC Based Virtual Directory. Click Add Virtual Directory.
    9-26-2013_1-17-14_PM
  3. Fill in the Alias name and the full UNC path to be used.
    9-26-2013_1-17-42_PM
  4. Click the Connect as button.
  5. Populate the User name and Password fields.
    9-26-2013_1-18-22_PM
  6. Click Ok three times to complete the setup.
  7. At this point you should see the contents of the share inside IIS Manager if your personal account has access to it.
  8. Test the UNC Based Virtual Directory by accessing the URL in a browser.

Known Errors for UNC Based Virtual Directory

  • Access to Path Denied in IIS Manager
    9-26-2013_1-19-47_PM

    • If your personal account does not have access to the share, you’ll see this error when setting up the UNC Based Virtual Directory. As long as the Connect As account has access, it’s not a concern.
  • ¬†HTTP Error 500.19 – Cannot read configuration file
    • 9-26-2013_2-18-13_PM
    • If you’re using a Custom Application Pool Identity, and the app pool identity does not have access to the share you will get this error. To resolve use a domain account that has access or switch to the AppPoolIdentity virtual account in your Application Pool.

Further Reading

Virtual Directory Documentation on IIS.net.

My name is Edgar Frost, I have 40 years of experience working in Information Technology. Starting with the mainframe, and also working with distributed technologies, LDAP, and Siteminder. My goal is to bring an Enterprise mindset to technology.

Tags:

We will be happy to hear your thoughts

      Leave a reply