Re: Webservices running in Virtual machine
From: Karl Levinson [x y] MVP (levinson_k@excite.com)
Date: 10/22/02
- Next message: Mike: "SSL and IE"
- Previous message: BB: "Re: help i need IIS security n general security information"
- In reply to: Raymond Leijtens: "Webservices running in Virtual machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] MVP" <levinson_k@excite.com> Date: Tue, 22 Oct 2002 10:24:03 -0400
"Raymond Leijtens" <leijtens@bladel.tokheim.com> wrote in message
news:eaq88raeCHA.2020@tkmsftngp09...
> Hello
>
> I notices that a webservice is running in it is own virtual machine. So my
> webservice is not able to connect to a named pipe for communication
between
> some other applications.
> Is there a way to configure the IIS that it can be run in the "windows"
> machine? So my webservice is able to connect to a named pipe.
I'm not sure running in a virtual machine is the problem, the virtual
machine should still have the ability to make named pipes connections. It
could instead be that authentication is being rejected due to a different
login ID being used than the one that you think is being used. For example,
web scripts are run as IUSR_username only if the "application isolation"
setting on the folder containing the scripts is set to "Low" in the IIS MMC.
If set to medium or high, the IWAM_computername account is used instead.
Often, an identical Windows account and password is set up on the remote
computer, assuming you're trying to connect to a remote computer.
I'm not sure you've given enough details about what you're doing and what
error message you're getting, but I [and I think Microsoft] would recommend
using IP instead of named pipes to connect to other computers, like SQL
servers for example. I believe named pipes requires Windows / Netbios
authentication to work between the two computers, which is usually something
you'd want to block using a firewall if at all possible. I think you may
have to install the SQL server client on the web server to control whether
named pipes vs TCP/IP is used.
Check out www.iisfaq.com for more information. If this is SQL server, also
check out www.sqlsecurity.com
I could be completely off base on this, I wasn't really sure what you're
trying to do.
If this is an authentication problem, you should consider enabling auditing
and then checking the Security logs to see what is being denied access. For
more information about enabling auditing, see below:
Note that to enable logging of access to files or registry settings, you
must both enable logging in the overall computer policy AND also add
auditing settings on individual folders or registry keys in the NTFS
security properties in Windows Explorer or the REGEDT32 registry editor.
[Using REGEDIT will not work.] To log file access, the files must be on an
NTFS-formatted partition.
Note also that to enable logging of security events on a Windows domain, you
must change the auditing policy on all domain controllers. Changing the
auditing policy on the computers in the domain enables logging of failed
logins to the computers using local accounts and would not necessarily log
attempts to log into the domain.
Consider changing the Windows event log settings to be appropriate for your
environment. Consider increasing the maximum log size to retain more
information. Be careful not to log too much, or you might find that your
logs contain only a few minutes or hours worth of data. Finally, check the
logs to be sure logs are really being captured.
For more information, see the articles below:
http://nsa1.www.conxion.com/win2k/download.htm a.k.a. http://www.nsa.gov
[look for the NSA Security Recommendation Guides for Windows 2000 and also
Group Policy]
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
13w2kadc.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310399 - XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300549 - 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248260 - 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301640 - 2000, file
access settings
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300958 - 2000,
monitoring for unauthorized user access
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q157238 - NT
[Thanks to Thomas Deml and others]
- Next message: Mike: "SSL and IE"
- Previous message: BB: "Re: help i need IIS security n general security information"
- In reply to: Raymond Leijtens: "Webservices running in Virtual machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
