After installing the upgrade to 7.1.1 permissions issues became the bain of our existence. It seems that nobody has been able to say exactly what permissions needed to be assigned in windows. Hopefully this post will help.
First thing we found - IIS7 uses a specific virtual user for each application pool you have defined. IIS7 no longer uses IUSR_computerName as the user. To determine which user your application pool is using, follow the directions in this article: http://www.iis.net/learn/manage/configuring-security/application-pool-identities
Once you have determined the virtual user (or changed it to another account) then you can begin setting permissions on the SuiteCRM folders.
The IIS User defined for the application pool must be the OWNER of the SuiteCRM directory and every file/folder.
The SuiteCRM directory (and sub-directories) should have Read/Write/traverse access for the IIS application pool user
The following sub-directories and files/nested folders should have FULL CONTROL permissions defined for the IIS application pool user:
cache
custom
modules
themes
data
upload
Finally give the application pool user FULL CONTROL for the config_override.php file contained in the SuiteCRM Directory
This should resolve any permission issues for Windows Server running IIS7.
NOTE: Your directories should also have IUSR account with "Read/Write/traverse " & Network Service accounts with Full Control permissions defined, plus any other network accounts you deem appropriate.
Apologies for forgetting to post this as part of the original thread.
Just saw your other post - follow this article to determine what your IIS Pool User account is for the SuiteCRM site you 've configured - then follow my directions on applying permissions using the correct application pool user.
Default app user has been set as the owner of “suiteCRM” folder.
Also this user has a “Full Control” right to that folder.
All of the sub folders also have “Full Control” for that user. , also the config_override.php file.
Maybe I’m missing this: "he SuiteCRM directory (and sub-directories) should have Read/Write/traverse access for the IIS application pool user
" since instead of read/write/traverse I’ve had “Full Control”… could it be the case?
Let me be more specific - since i wrote the original directions for installing SUITECRM on windows server, IIS 7 and SQL.
IIS AppPool\DefaultAppPool is not your user…do not set your permissions using that.
In IIS Manager, click the + beside your server name in the left navigation tree, and under it is listed application pools. Click on that.
You will see a list of all of the websites you are currently running on that server. Find the one you are running SuiteCRM on. The name of the application pool is listed in the first column - in the case of my example its “CRM” (see attachment)
Now go to your suiteCRM installation folder and set owner and folder permissions with the correct application pool user.
IIS AppPool\CRM (using my example - see attachment)
TIP - Make sure you change the “From Location” to your computer before checking the name, or it won’t find it.
Thank you very much for the detailed info… Since I have only default website and I’m running suite CRM under that, so the only application pool that I have is default app… Let me try add it as a separated website , so it would have it’s own website and then try from there…
I’ll post the result in some minutes…
I went to IIS, created a new website and appliocatio pool and then assigned that application pool user as the owner and full control user of suitecrm folder and all of its subfolders.
I’m still stuck on the permission page and get the error which I have attached…
Your ideas and help is highly appreciated as it’s been like two days of works with no result…
Sorry for the obvious questions - but not knowing your environment its hard to know whats wrong…
when you setup the new website in IIS - did you remove the initial site you created in the default app pool? Did you bind the new site to the suitecrm installation directory, and are you calling that website from the URL bound to the new website? (no url bar on the screen shot - so i have no idea)
It may be helpful if you send me screen shots of your IIS setup, and your directory structure/permissions. Potentially if you have the installation folder buried in directory tree (h:\inetpub\www\install directory) you may need to set permissions on the top level folder…but again not knowing your setup, i can’t be more help.
Thanks for your reply… sure I’ll provide you all the details and info.
1- I never created the initial website… I just placed the “Suite CRM” folder under wwroot folder… so automatically localhost/suitecrm would go to the default website and was showing suitecrm.
2- Then I went and created a separated website “suitecrm.com”. I did the binding for my IIS. Then I modified the host file, so suitecrm.com goes to 127.0.0.1.
3. Then I open my browser and type suitecrm.com , so it takes me to to the suitecrm website located on the localhost.
4. I gave the full control access to the newly created application pool user and made it the owner as well.
5. I’ve attached all the screeenshots. I hope they help.
Please let me know if you need anything else.
And again appreciate your help in advance.
Don’t feel bad, it took me several days to figure it out while trying to upgrade versions - thus my post on how to make it work.
It looks like you may have missed this piece -
Once you add the additional service users, click the box “Replace all child…from this object” then choose apply. This will explicitly write the permissions you’ve defined - sometimes windows is a little flakey about permissions. I may also suggest a reboot before trying the install again - assuming this isn’t a production server.
I also suggest you check the following in IIS: (I’m using IIS 7.5 and windows server 2008 r2 - so it may be different on your version)
Find your server in IIS Manager click the + sign
Find sites and click the + sign
find your website and select it
in the right window you should see “basic settings”
Make sure your website is using the correct application pool (see attachment)
Check your “connect as” button on that screen as well - and make sure its setup as follows (attachment)
Once you get this working, I suggest you setup the permissions as i’ve indicated by folder and not give FULL ACCESS to the suitecrm app pool, otherwise it will be a security risk for you.
It seems like we finally got it worked. I passed all the error… What I did I totally removed the folder…copied again with a different name…did all the permissions again and finally rebooted the server…
Now through the configuration, it asks for the database, but it only says “MySQL” and it seems like it can’t find my “SQL Server”…
