I have a site using PHP scripts running on Windows Server 2012 R2 in IIS. I am trying to use fopen to read a file on another server in our network but am having problems. I am able to use the fopen command to open files on the local server and using the PHP CLI, I can successfully open the file on the remote server.
However, when I try to process it via the site using my browser, it fails with the error:
"failed to open stream: Permission denied"
In IIS, I created a new Application Pool and set its identity as a Domain Administrator which has admin access to both servers but this didn't seem to help. This is the same account that I ran the CLI with when it worked.
Here is my PHP script code that I'm using:
fopen("//remoteservername/c$/inetpub/wwwroot/test.html", "w") or die("Can't open file!");
I've tried using backslashes (with escaping ones too). I've tried using FILE:// ahead of the path. I've tried mapping the remote server's drive to the web server running PHP and using a path like Y:\inetpub...I've tried using "rb" instead of "w" since they're both Windows servers.
I feel like it has to do with the account/identity that the site is running under but I'm not sure why it still wouldn't be working after I changed it.
UPDATE: I mentioned that fopen works reading files on the local server but it seems that's only true if I use a relative path like below...
fopen("test.html", "w") or die("Can't open file!");
If I try opening that same file on the local server using an absolute path like shown below, it fails. So I'm not convinced anymore that it's an identity issue...
fopen("//localservername/c$/inetpub/wwwroot/test.html", "w") or die("Can't open file!");
UPDATE: So I ran shell_exec("whoami") at both the CLI and via browser. When I do it in the CLI, it shows my domain account that I'm running the shell at. However, when I run the script via browser, it shows "nt authority\iusr". Any ideas how to get that to run under a different user? Changing the Application Pool Identity within IIS does not seem to make a difference from what I can tell on my tests.
echo shell_exec("whoami");
I was able to get this resolved. I had to go into IIS > FastCGI Settings > Select my PHP app > Click Edit on right sidebar > Expand Advanced menu > Change Protocol from NamedPipe to Tcp.
The way I came across this was I did a test on another Windows Server we have running PHP and it was using the correct account/identity that was set in the AppPool. So I setup a new site on my server to test with and I couldn't even run echo shell_exec("whoami"); When I began troubleshooting that, I came across this site: http://tech.trailmax.info/2012/12/php-warning-shell_exec-unable-to-execute-on-iis-7/
I followed those steps and not only did that fix my problem not being able to run shell_exec but also started running my PHP scripts using the domain account I had set in the IIS AppPool. Now fopen works as expected.