IIS 5 & IIS 6
Cannot get IIS pickup directory. NEED HELP
Last post Feb 26, 2012 09:26 AM by qbernard
Oct 06, 2006 05:19 PM|AndyBuffaloNY|LINK
I am using 2.0 to try to send an email to the IisPickup directory
System.Net.Mail.MailMessage message =
"Testing " +
"Testing the Mail Drop Folder");
System.Net.Mail.SmtpClient client =
client.DeliveryMethod = System.Net.Mail.SmtpDeliveryMethod.PickupDirectoryFromIis;
Example Site : www.andrewworral.com (hit the button)
This code worked on our old deployment server but not on our new server. I set a specific directory it works, but I have compiled outdated code that needs the IIS reference to work.
It doesn't seem to be a security problem as System.Net.Mail.IisPickupDirectory.GetPickupDirectory() is not returning a security exception.
I am not sure if something is off in the metabase or what it is.
I need to get this working ASAP. Any suggestions would be greatly appreciated.
Oct 06, 2006 06:39 PM|tomkmvp|LINK
Oct 06, 2006 07:07 PM|AndyBuffaloNY|LINK
I want to write straight to the Pickup Directory because I am sending large numbers of emails in batches. And would rather let the SMTP service handle them then take up time doing the SMTP authentication for each email.
I'm not sure why I am getting this error at all I might need someone from microsoft or an MVP to help me out on this.
Microsoft guys? I can't believe I am the only person to ever get this error. I have seen posts from others having similiar problems but it was due to impersonation being used which I am not doing.
Oct 06, 2006 07:32 PM|tomkmvp|LINK
Oct 06, 2006 09:07 PM|AndyBuffaloNY|LINK
The error message is on the website www.andrewworral.com ( hit the button)
the error is basically the subject "Cannot Get IIS Pickup Directory"
Oct 06, 2006 09:31 PM|tomkmvp|LINK
Oct 06, 2006 09:45 PM|AndyBuffaloNY|LINK
Here is the ACL ( I have been adding everyone and their neighbor to it so it might be off a little)
Path : Microsoft.PowerShell.Core\FileSystem::C:\Inetpub\mailroot\Pickup
Owner : BUILTIN\Administrators
Group : HT-NY2\None
Access : NT AUTHORITY\NETWORK SERVICE Allow Write, ReadAndExecute, Synchronize
BUILTIN\Administrators Allow FullControl
S-1-5-21-2294809668-4216756895-883427651-1012 Deny FullControl
BUILTIN\Administrators Allow FullControl
Everyone Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Users Allow FullControl
Sddl : O:BAG:S-1-5-21-2294809668-4216756895-883427651-513D:AI(A;OICI;0x1201bf;;;NS)(A;;FA;;;BA)(D;OICIID;FA;;;S-1-5-2
I can get the PickupDirectory using adsutil.vbs enum SMTPsvc/1/ and it points to the same directory.
Funny thing is that if I in c# use the
client.DeliveryMethod = System.Net.Mail.SmtpDeliveryMethod.SpecifiedPickupDirectory;
client.PickupDirectoryLocation = @"C:\Inetpub\mailroot\Pickup\";
It will send fine, which confuses me as to why it is probably not a securtiy issue.
- A very frustrated Andy
Oct 09, 2006 03:47 AM|qbernard|LINK
Oct 09, 2006 12:45 PM|AndyBuffaloNY|LINK
Go to www.andrewworral.com and
hit the button. It will give you the error. The error it gives is somewhat generic. The error is triggered by the Microsoft internal
I am not sure what part is causing the error, I believe that if .net couldn't read or have access to the metabase that I would have had errors at runtime on my site.
The pickup directory is set correctly and return correctly when running
adsutil.vbs enum SMTPsvc/1
I was supposed to have this fixed about a week ago, but cannot find the solution. Anyone have any ideas? If it is a security issue, whom do I have to give permission to? And what steps would you recommend me taking to check/add these securities?
Do I need to run a specific script or just check acl on metabse.xml?
Thank you for any help!
Oct 09, 2006 02:06 PM|tomkmvp|LINK
The error is occuring at .Send, which suggests to me it is a file security issue (which BTW doesn't make sense since it does work if you manually specify the folder path). Strange.
Does FileMon indicate anything?
Oct 09, 2006 04:15 PM|AndyBuffaloNY|LINK
Well I checked with filemon. If I specify the pickup directory in c# the email goes out fine. If I use IIS it never touched the pickup directory. (see two buttons on
So I would assume its not a permission problem on the Pickup Directory. Maybe on the metabase, but Asp.net can access the metabase for other runtime things I believe.
Microsoft Guys??? anyone have any ideas?
Oct 09, 2006 10:42 PM|anilr|LINK
Oct 09, 2006 11:24 PM|tomkmvp|LINK
Oct 10, 2006 07:34 AM|qbernard|LINK
I just checked my test w2k3 R2 build - by default network service can query and enumerate the subkey.
Oct 10, 2006 12:35 PM|AndyBuffaloNY|LINK
What is the best tool/way to check the permissions on the metabase. I am more of a c# programmer that got thrust into doing the IIS stuff as well, and it can have a little bit of a learning curve.
Do I just need to check ACL's on the metabase.xml or is their an internal API to set permissions to it?
I have run the aspnet_regiis -ga <account> on pretty much any account I can think of (I may have missed one but)
If it is a permission issue why wouldn't the Send() return a permissions error?
Here is the code for the internal call that is throwing the error.
Thanks for all of your guys help!
Oct 10, 2006 12:54 PM|AndyBuffaloNY|LINK
Figured it out!!! Sort of...
I am using HELM control panel which when you create a domain/website it creates users for the application pool to run under.
For some reason the user it created to run under could not get access to the metabase.
I did run the aspnet_regiis -ga <the user account in application pool> and it says that it granted permissions to the metabase and other files. But apparantly not. Perhaps that command does not work as its description says it does.
Any ideas on how to add that user to the metabase acl then? I fixed it by changing it to network service as you guys mentioned has access by default.
In the code I linked to it is supposed to throw a SecurityException if it hits one so I have NO idea why microsoft's code didn't throw one as opposed to Can not get PickupDirectory
So for future use and to set this up how I want to. How would I go about granting privledges to the user properly?
Thank for you all your time and help!
Oct 10, 2006 02:49 PM|tomkmvp|LINK
Ahhh ... we wouldn't have known that!
See Metaacl.exe ...
Oct 10, 2006 06:12 PM|AndyBuffaloNY|LINK
Oct 10, 2006 06:54 PM|tomkmvp|LINK
Oct 11, 2006 02:50 AM|qbernard|LINK
Interesting... is the new process identity part of IIS_WPG group?
You can also use metabase explorer to grant permissions.
Sep 16, 2008 05:05 PM|joeller|LINK
I have the same issue. How do I user the metabase explorer to grant permissions
Someone created an application Pool callled "DotNet20" with an identity of IWAM_<servername>. The IWAM account did not have permission to the Pickup directory which I gave it. I ran aspnet_regiis -ga IWAM_<servername>. I added it to the list of users
with permissions to Pickup (fullcontrol). Checked its membership with the IIS_WPG group of which it is a member. Still did not work. I don't want to change the identity of the application role as I figure someone set it that way for a reason. Everyone in
these forums keeps saying change the Metabase but no one says how. I never even heard of the Metabase until I started researching this error message, so I am not acquainted with the means of updating it.
I tried downloading Metabase.exe, but it turns out to be a zip of a vbs file which is run from the command line using known parameters, which are not know to me.
May 05, 2009 08:38 PM|sqls|LINK
I know this topic is a bit old but..
I had the same problems as described by the original poster. I found that the folder pemissions on the pickup folder were not the problem and that the aspnet_regiis command did not solve the problem.
I opened the metadata using the Metadata Explorer and saw that the aspnet_regiis command did set permissions on the highest level tree item. But I saw that those permissions were not being proprogated to the lower level tree items. I manually gave
permission to my Account Pool user to the LM, LM\Smtpsrv\ and LM\Smtpsrv\1 folders and it solved the problem.
Looking at the permission settings I do not see a way to tell it to inherit permissions from it's parent. Then I noticed when trying to view the permissions of some of the folder items it gave an error saying it's permissions were defined by the parent
and asked if I wanted to open the parents permissions or copy those permissions and open that tree item.
To see what would happen I choose copy which was the "No" answer. It copied them and opened that tree item but now that item was no longer inheriting it's permissions from the parent and there wasn't any option to make it do so.
It seems pretty possible that someone before me hit the "No" button while opening those trees up and that's what caused the problem.
I have yet to find out how to change the tree items to inherit permissions from it's parent again. I'm sure I'll figure that out eventually.
Just wanted to write here since this topic helped me find the problem and hopefully this can help someone else solve their problem.
May 11, 2009 03:01 AM|steve schofield|LINK
Here is an article describing how to set Metabase acls.
Windows Server MVP - IIS
Log archival solution
Install, Configure, Forget
Oct 20, 2009 03:08 PM|artisticcheese|LINK
Is somebody still experiencing this issue. By default only Network Service/Administrators/Local Service have access to SMTP key in metabase. You need to grant read permission to your account, I just gave "everyone" read in order not to deal with all possible
permutations of accounts.
Also download IIS resource kit and use Metabase Explorer utility to modify permissions, it's much more intuitive then using command line tool mentioned above. After all that's why we chose IIS not Apache.
Here is screenshot how permissions will look like
Aug 29, 2010 02:30 PM|e1ny|LINK
Apr 21, 2011 10:30 PM|greg hollywood|LINK
This is a really old post, but never answer correctly. The correct answer to this questions is that he should have not have used the delivery type of SmtpDeliveryMethod.PickupDirectoryFromIis. Instead, he should have used SmtpDeliveryMethod.Network as
he was using the network.
Using PickUpDirectoryFromIis is only necessary if you DONT use an SMTP server, and want to drop the email directly in the IIS 6 SMTP pickup directory. If you do this, however, the permissions must be set to access the Metabase, which is where the directory
location is stored.
Even if you are using the IIS 6 SMTP server and can't resolve the permissions issue, you can just look up what the directory is, and then use
SmtpDeliveryMethod.SpecifiedPickUpDirectory and then in the SmtpClient, just specify what the directory is, like this:
SmtpClient serv = new SmtpClient();
serv.DeliveryMethod = SmtpDeliveryMethod.PickupDirectoryFromIis;
serv.PickupDirectoryLocation = @"c:\Directory";
Apr 26, 2011 05:56 AM|mmmmlyy|LINK
Feb 24, 2012 09:30 AM|robasta|LINK
Feb 26, 2012 09:26 AM|qbernard|LINK