Home
%3CLINGO-SUB%20id%3D%22lingo-sub-311486%22%20slang%3D%22en-US%22%3EWeb%20App%20access%20Sys%20file%20share%20code%20Access%20denied%20error%20when%20the%20app%20is%20hosted%20on%20Windows%202016%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-311486%22%20slang%3D%22en-US%22%3E%3CP%3EWeb%20App%20access%20Sys%20file%20share%20code%20got%20Access%20denied%20error%20when%20the%20app%20is%20hosted%20on%20Windows%202016%20server%2C%26nbsp%3Bwhile%20it%20is%20working%20when%20it%20is%20hosted%20on%20Windows%202008%20R2%20or%20Windows%202012%20R2%20server.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20web%20app%20is%20using%20Windows%20Integrated%20Authentication%20only%20and%20it%20is%20Kerberos%20Authentication%20accessing%20the%20remote%20Sys%20File%20share.%20In%20Windows%202016%20server%20environment%2C%20it%20needs%20additional%20steps%20below%20to%20make%20Kerberos%20Authentication%20work%20for%20remote%20Sys%20File%20Share.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20On%20DC%2C%20locate%20the%20web%20server%20machine%20account.%3C%2FP%3E%0A%3CP%3E2.%20Under%20that%20machine%20account%2C%20Select%20%22Trust%20this%20computer%20for%20deletgation%20to%20specified%20services%20only%22%2C%20and%20under%20that%20%2C%20select%20%22use%20any%20authentication%20protocol%22%3C%2FP%3E%0A%3CP%3E3.%26nbsp%3B%3CSPAN%3EUnder%20that%2C%26nbsp%3B%3C%2FSPAN%3Eadded%20CIFS%20service%20as%20specific%20service%20for%20Kerberos%20%3CSPAN%3Edelegation%3C%2FSPAN%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-311486%22%20slang%3D%22en-US%22%3E%3CP%3EWeb%20App%20access%20Sys%20file%20share%20code%20got%20Access%20denied%20error%20when%20the%20app%20is%20hosted%20on%20Windows%202016%20server%2C%26nbsp%3Bwhile%20it%20is%20working%20when%20it%20is%20hosted%20on%20Windows%202008%20R2%20or%20Windows%202012%20R2%20server.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20web%20app%20is%20using%20Windows%20Integrated%20Authentication%20only%20and%20it%20is%20Kerberos%20Authentication%20accessing%20the%20remote%20Sys%20File%20share.%20In%20Windows%202016%20server%20environment%2C%20it%20needs%20additional%20steps%20below%20to%20make%20Kerberos%20Authentication%20work%20for%20remote%20Sys%20File%20Share.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20On%20DC%2C%20locate%20the%20web%20server%20machine%20account.%3C%2FP%3E%0A%3CP%3E2.%20Under%20that%20machine%20account%2C%20Select%20%22Trust%20this%20computer%20for%20deletgation%20to%20specified%20services%20only%22%2C%20and%20under%20that%20%2C%20select%20%22use%20any%20authentication%20protocol%22%3C%2FP%3E%0A%3CP%3E3.%26nbsp%3B%3CSPAN%3EUnder%20that%2C%26nbsp%3B%3C%2FSPAN%3Eadded%20CIFS%20service%20as%20specific%20service%20for%20Kerberos%20%3CSPAN%3Edelegation%3C%2FSPAN%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-311486%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ehuanchix%40microsoft.com%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Web App access Sys file share code got Access denied error when the app is hosted on Windows 2016 server, while it is working when it is hosted on Windows 2008 R2 or Windows 2012 R2 server.

 

The web app is using Windows Integrated Authentication only and it is Kerberos Authentication accessing the remote Sys File share. In Windows 2016 server environment, it needs additional steps below to make Kerberos Authentication work for remote Sys File Share.

 

1. On DC, locate the web server machine account.

2. Under that machine account, Select "Trust this computer for deletgation to specified services only", and under that , select "use any authentication protocol"

3. Under that, added CIFS service as specific service for Kerberos delegation.