Miscellaneous Windows

Fixing IIS’s “Failed to start monitoring changes to […] because access is denied” Error

August 31, 2011

Ran into a weird error today. I had IIS serving pages on my devel machine and after working out the kinks in my code I went to FTP them to the production server. Since that machine didn’t have FTP I shared the folder and uploaded them from another machine that was on my desk. After that I went to reload the page and got the following error:

Failed to start monitoring changes to [...] because access is denied 

I figured it was because I had shared the page and IIS must not like that, so I unshared it expecting that to resolve the issue — it did not. From there I dug through many pages of Google results all telling me to make sure the files weren’t marked Read Only and to make sure the ASPNET user had permissions. Interestingly enough such a user did not exist on my machine, possibly due to a different version of IIS or the fact that I do not have Visual Studio.net installed on that system.

It wasn’t until I compared permissions with another web folder that still worked that I spotted the difference. One had permission granted access to “Authenticated Users” and given it Modify permissions. After following these steps I was once again able to serve pages:

  1. Right Click the Virtual Directory in IIS
  2. Click “Edit Permissions…”
  3. Select the Security Tab
  4. Click the Edit button
  5. Click the Add button
  6. Type “Authenticated Users” †
  7. Click the Check Names button to ensure that it recognizes the name
  8. Click OK
  9. Ensure the Modify checkbox is checked
  10. Click OK until all remaining popup windows are closed

† If a name is not recognized it will pop up a “Name Not Found” box, whereas if it is recognized it will prefix it with your computer name and underline it (e.g.: fettesps\username).
If Authenicated Users is not recognized as a user, try ASPNET instead, which is what most guides suggested (but did not work for me).

After making these changes you should now be able to access your site again. If not, please consult Microsoft’s Knowledge Base article for more possible solutions.

Only registered users can comment.

  1. Does this mean the service won’t start until web clients are granted write access on your server? I can’t imagine why that would be necessary unless they’re expected to upload content, which enters the realm of an (S)FTP server. Even when running SS cgi for dynamic pages, write perms shouldn’t be required, should they? I suppose if “authenticated users” are exclusively those who’ve supplied credentials that’s a little better, but…

    I’ve been fortunate to have only used Apache (since Jan. 2000), so I’ve never had to admin IIS. I’m asking this question as a curious nerd and security pupil.

    I’ve scripted plenty in various shells, but not any ASP, so I may have missed something obvious.

    PS: found you today through your Win7 telnet post (thanks).
    PPS: looking forward to reading your Arduino updates; I plan to water my lawn with one by next spring.
    PPS: this comment post is *finally* at its end.

  2. @zedmelon – Your guess is as good as mine. I’m not an IIS expert by any means, I’m an Apache guy. Was only using IIS in this case because I knew the server the files were destined for was an IIS server. This is just what worked for me so I thought I’d share.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.