Re: Interesting IIS problem...

From: Michael Laing (monlinelaing@microsoft.com)
Date: 07/09/02 

From: monlinelaing@microsoft.com (Michael Laing)
Date: Mon, 08 Jul 2002 23:34:56 GMT

Hi Mark,

You might want to check that the IUSR and IWAM accounts have the "Log On
Locally" local security policy enabled. This is done through the Local
Security Policy control panel: expand Local Policies-->User Rights
Assignment, then look for the Log On Locally setting in the list to the
right of the screen.

Thanks,
 
Michael Laing
Microsoft Developer Support
Internet Information Server

***********************
>>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2002 Microsoft Corporation. All rights reserved.
***********************
--------------------
| From: "Mark Strain" <mark.strain@rivernet-systems.co.uk>
| Newsgroups: microsoft.public.inetserver.iis.security
| Subject: Re: Interesting IIS problem...
| Date: Tue, 2 Jul 2002 19:23:24 +0100
| Organization: Posted via Supernews, http://www.supernews.com
| Message-ID: <ui3rlv3gjk1o0a@corp.supernews.com>
| References: <uhoh95s540v995@corp.supernews.com>
<KQxPB6uHCHA.2512@cpmsftngxa07>
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
| X-Complaints-To: newsabuse@supernews.com
| Lines: 245
| Path:
cpmsftngxa08!cpmsftngxa06!tkmsftngp01!newsfeed00.sul.t-online.de!t-online.de
!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-post-02!sn-pos
t-01!supernews.com!corp.supernews.com!not-for-mail
| Xref: cpmsftngxa08 microsoft.public.inetserver.iis.security:8088
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| Hi Michael,
| Sorry it took a while to get back to you, but I had a couple of days away.
| The sequence or errors I get are as follows... I hope removal of the
machine
| name does not cause problems. After the hard shutdown and reboot, the
| machine must be shut down in an orderly fashion and restarted. Until this
is
| done, the event log fills with the W3SVC errors [Event ID: 100]. I have
| searched TechNet, but was unable to find a parallel problem or solution.
|
| Regards
|
| Mark Strain
|
|
| Event Type: Error
| Event Source: DCOM
| Event Category: None
| Event ID: 10004
| Date: 27/06/2002
| Time: 07:30:56
| User: N/A
| Computer: MACHINENAME
| Description:
| DCOM got error "Logon failure: user not allowed to log on to this
computer.
| " and was unable to logon MACHINENAME\IWAM_MACHINENAME in order to run the
| server:
| {3D14228D-FBE1-11D0-995D-00C04FD919C1}
|
|
| Event Type: Warning
| Event Source: W3SVC
| Event Category: None
| Event ID: 36
| Date: 27/06/2002
| Time: 07:30:56
| User: N/A
| Computer: MACHINENAME
| Description:
| The server failed to load application '/LM/W3SVC/1/ROOT'. The error was
| 'The server process could not be started because the configured identity
is
| incorrect. Check the username and password.
| '.
| For additional information specific to this message please visit the
| Microsoft Online Support site located at:
| http://www.microsoft.com/contentredirect.asp.
|
|
| Event Type: Error
| Event Source: LDAPSVC
| Event Category: None
| Event ID: 2500
| Date: 27/06/2002
| Time: 07:31:03
| User: N/A
| Computer: MACHINENAME
| Description:
| The server failed to start due to an initialization error. Verify the
| configuration. Error description is: GetLastError()=1329 : LogonUser for
| Anonymous users.
| Data:
| 0000: 31 05 00 00 1...
|
|
| Event Type: Error
| Event Source: LDAPSVC
| Event Category: None
| Event ID: 481
| Date: 27/06/2002
| Time: 07:31:03
| User: N/A
| Computer: MACHINENAME
| Description:
| Site Server LDAP Service cannot initialize the following object:
| GetLastError()=87 : Init LdapExtension.
| Data:
| 0000: 57 00 00 00 W...
|
|
| Event Type: Warning
| Event Source: W3SVC
| Event Category: None
| Event ID: 100
| Date: 27/06/2002
| Time: 07:31:45
| User: N/A
| Computer: MACHINENAME
| Description:
| The server was unable to logon the Windows NT account 'IUSR_MACHINENAME'
due
| to the following error: Logon failure: user not allowed to log on to this
| computer. The data is the error code.
| For additional information specific to this message please visit the
| Microsoft Online Support site located at:
| http://www.microsoft.com/contentredirect.asp.
| Data:
| 0000: 31 05 00 00 1...
|
|
| Event Type: Warning
| Event Source: W3SVC
| Event Category: None
| Event ID: 100
| Date: 27/06/2002
| Time: 07:31:46
| User: N/A
| Computer: MACHINENAME
| Description:
| The server was unable to logon the Windows NT account 'IUSR_MACHINENAME'
due
| to the following error: Logon failure: user not allowed to log on to this
| computer. The data is the error code.
| For additional information specific to this message please visit the
| Microsoft Online Support site located at:
| http://www.microsoft.com/contentredirect.asp.
| Data:
| 0000: 31 05 00 00 1...
|
|
| Event Type: Error
| Event Source: DCOM
| Event Category: None
| Event ID: 10004
| Date: 27/06/2002
| Time: 07:32:01
| User: N/A
| Computer: MACHINENAME
| Description:
| DCOM got error "Logon failure: user not allowed to log on to this
computer.
| " and was unable to logon MACHINENAME\IWAM_MACHINENAME in order to run the
| server:
| {3D14228D-FBE1-11D0-995D-00C04FD919C1}
|
|
| Event Type: Warning
| Event Source: W3SVC
| Event Category: None
| Event ID: 36
| Date: 27/06/2002
| Time: 07:32:01
| User: N/A
| Computer: MACHINENAME
| Description:
| The server failed to load application '/LM/W3SVC/1/ROOT'. The error was
| 'The server process could not be started because the configured identity
is
| incorrect. Check the username and password.
| '.
| For additional information specific to this message please visit the
| Microsoft Online Support site located at:
| http://www.microsoft.com/contentredirect.asp.
|
|
| Event Type: Error
| Event Source: DCOM
| Event Category: None
| Event ID: 10004
| Date: 27/06/2002
| Time: 07:33:01
| User: N/A
| Computer: MACHINENAME
| Description:
| DCOM got error "Logon failure: user not allowed to log on to this
computer.
| " and was unable to logon MACHINENAME\IWAM_MACHINENAME in order to run the
| server:
| {3D14228D-FBE1-11D0-995D-00C04FD919C1}
|
|
| "Michael Laing" <monlinelaing@microsoft.com> wrote in message
| news:KQxPB6uHCHA.2512@cpmsftngxa07...
| > Hi Mark,
| >
| > What's the DCOM error you are getting (and is it in the Event Logs)?
And,
| > after you do the Big Red Button reboot, how do you fix the problem so
that
| > web pages are served again?
| >
| > Thanks,
| >
| >
| > Michael Laing
| > Microsoft Developer Support
| > Internet Information Server
| >
| > ***********************
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| > You assume all risk for your use.
| > © 2002 Microsoft Corporation. All rights reserved.
| > ***********************
| >
| >
| > --------------------
| > | From: "Mark Strain" <mark.strain@rivernet-systems.co.uk>
| > | Newsgroups: microsoft.public.inetserver.iis.security
| > | Subject: Interesting IIS problem...
| > | Date: Fri, 28 Jun 2002 12:18:01 +0100
| > | Organization: Posted via Supernews, http://www.supernews.com
| > | Message-ID: <uhoh95s540v995@corp.supernews.com>
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
| > | X-Complaints-To: newsabuse@supernews.com
| > | Lines: 26
| > | Path:
| >
|
cpmsftngxa07!tkmsftngp01!newsfeed00.sul.t-online.de!t-online.de!news-spur1.m
| >
|
axwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-post-02!sn-post-01!supernew
| > s.com!corp.supernews.com!not-for-mail
| > | Xref: cpmsftngxa07 microsoft.public.inetserver.iis.security:8012
| > | X-Tomcat-NG: microsoft.public.inetserver.iis.security
| > |
| > | Hi all...
| > |
| > | This is an extremely irritating problem.
| > |
| > | On a Win2K Advanced server, following a hard reboot, i.e. Big Red
| Button,
| > | following an irretrievable system hang, the Local IWAM and IUSR
accounts
| > are
| > | denied logon access as the server comes back on-line. As a result, the
| > W3SVC
| > | cannot serve pages and the server has to be shut down and restarted in
| an
| > | orderly fashion.
| > |
| > | If, on the other hand, the same server is shut down in an orderly
| fashion
| > | and restarted, there is no manifestation of this problem.
| > |
| > | There appears to be an associated DCOM error also... but I am at a
loss
| as
| > | to which causes which...
| > |
| > | Has anyone seen this behaviour before? If so, did you find a fix for
| it??
| > |
| > | Regards
| > |
| > | Mark Strain
| > | Rivernet Systems Limited.
| > |
| > |
| > |
| > |
| > |
| >
|
|
|