Is it possible IIS is blocking requests from unknown user agents?
See http://www.dantor.com/support/misc/web-config-requestFiltering-user-agent.aspx I doubt that is it but it is worth a look maybe. Also what happens if you give the app pool identity full control in IIS (temporarily to check if it works)? From: [email protected] [mailto:[email protected]] On Behalf Of Charlie Arehart Sent: Tuesday, 17 November 2015 12:12 PM To: [email protected] Subject: RE: [cfaussie] CF11 Scheduled Task Not Running - 401 Unauthorized Well, I have four thoughts for you to consider: A) Focusing on it first as a scheduled task in CF, if the request works from a browser (including one like an incognito window) and yet it does not work in the scheduled task mechanism—for the exact same URL—then I would think there should be no problem with IIS. If there were, the request from the browser wouldn’t work. And CF would not itself cause the request to act differently in requesting the URL than the browser would—other than not being able to do Windows auth, which you’ve proven with the incognito window is not the problem. As such, I don’t know what is making that fail. B) As for the rest of your note, well, you can add authentication info in the app pool (in its advanced settings page), as well as at the site level (in its advanced settings page). Again, though, if the request works from a browser, then I’d not think you have a problem in IIS. I’ll just say that one can get lost in the weeds of permissions in IIS, at the app pool, site, and folder levels. If you’re needing to do all that sort of tweaking just in order for things to work, it could be sticky finding a solution. (But gain, if it works in a browser, then I’d not see how any such permissions issues would change how the EXACT SAME URL works from CF.) C) Actually, I just had a thought: when you say you are running the URL in a browser, are you running that browser on the same machine where CF is running? If not, beware that you may have a DNS or other issue, where the domain in the URL may resolve differently from your workstation to the destination server, than it may from the CF server to itself. (I’m assuming that the scheduled task URL is a CFM page running on your own server, since you’re looking at IIS with regard to it.) If you try the URL from a browser on the server running CF, is it the same issue? And in an incognito or private window? D) If that’s not it, one more thought (which I’ve seen work before) would be to try creating a new site (and a new app pool) and seeing if you (in a browser) and then CF (as a sched task) could access the URL. You may need to come up with a new IP, domain name, or port to use for the bindings to distinguish it from the existing site. If it then worked, then you could consider how this new site and app pool may differ from the failing one, if perhaps you or someone else has been doing some tinkering with settings. If that’s not helpful, I’m afraid I’m out of ideas for now. /charlie From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Xiaofeng Liu Sent: Monday, November 16, 2015 5:45 PM To: [email protected] <mailto:[email protected]> Subject: Re: [cfaussie] CF11 Scheduled Task Not Running - 401 Unauthorized Hi Charlie, Thanks for offering the tips of testing from "incognito and private window". I tried both and both of them did not prompt me for authentication. So I am able to run the scheduled task even from there without problem. Back to IIS, from the Basic Settings I can see the site is using "Pass-through authentication" - ApplicationPoolIdentity. Basically I got "Anonymous Authentication" turned on already. I also noticed that there is an warning (exclamation mark) for Authorization which says "Cannot verify access to path - [webroot of the site]". <snip> -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To post to this group, send email to [email protected] <mailto:[email protected]> . Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
