This week I was given the task of upgrading the Dynamics 2009 Enterprise Portal to SharePoint 2010 in order to use PerformancePoint etc. Having built a new SP 2010 farm, and deployed the Enterprise Portal role and site it was over to the development team for testing.
A number of issues cropped up, involving request timed out when trying to access the Dynamics database in list views, this was solved by giving users modify access to C:\Users\TEMP\AppData\Local\Temp as I could see the calls getting access denied in Process Monitor.
The second issue was a little more complicated and involved some code that reads/writes files from a remote file share using a UNC path.
When attempting to execute the code on the SharePoint server that uploads/reads these files, I trapped the path in Process Monitor and was getting 'ACCESS DENIED' for the read/writes.
On further inspection of the 'Details' Field, the sharepoint server was impersonating the user of the SP site rather than using the application pool account to read/write to the file server.
Unfortunately when you are using NTLM authentication a double hop such as this will not work (first hop is users browser -> SharePoint server, second hop Sharepoint server -> File server).
Looking at our older 2007 SharePoint/Enterprise portal configuration it became apparent that the this older server did not impersonate the user when calling the file server.
In order to prevent the SharePoint server from impersonating the user, I edited the web.config file for SharePoint site (C:\inetpub\wwwroot\wss\VirtualDirectories\sitename.domain80\web.config) and changed the value as follows:
<identity impersonate="false" />
Subsequently the hop is reduced to a single hop and the issue is then resolved.
Hopefully this will help someone else out who comes across a similar issue.
