Re: BIG IIS Auth Problem
From: Karl Levinson [x y] MVP (jamescagney90210@excite.com)
Date: 10/26/02
- Next message: Erik Ekman: "Re: SSL Certificate Query !"
- Previous message: Karl Levinson [x y] MVP: "Re: been hit by hacker, servudaemon installed"
- In reply to: Julio Pereira: "BIG IIS Auth Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] MVP" <jamescagney90210@excite.com> Date: Sat, 26 Oct 2002 10:10:26 -0400
With any possible firewall problem, check the firewall logs right after a
failed attempt to see if anything was being blocked and which rule and port
were the cause. You might as well also check the second firewall logs [if
your DMZ includes a second firewall]. I assume you've already checked the
authentication settings within IIS to confirm they're still correct, and
that you've tried to remember any changes that might have happened, such as
patches, before the problem happened.
I'm concerned that you are allowing Windows authentication through the
firewall to your internal network. If a hacker compromised your web server,
I think it would be trivial for them to get to your internal network through
your firewall. If it was me, I would only allow port TCP 1433 from IIS to
the SQL server and use Windows accounts on the IIS server and/or an account
in the ASP script to access SQL... or set up a separate PDC inside the DMZ
that is not part of your internal AD domain, or maybe even use non-windows
authentication methods such as a user table within a database somewhere. [I
assume you're using HTTPS / SSL to encrypt the Windows domain passwords
being sent to the IIS server, you should be.]
If the problem is not the firewall, you might also enable auditing on your
servers to see who is being denied access to what, and why. It could be
that the ID that you think is being used is not the ID that is really being
used to authenticate. Search this newsgroup for the word "audit" for
information on enabling auditing.
"Julio Pereira" <jpereira@brandinst.com> wrote in message
news:OwWh9hCfCHA.1956@tkmsftngp10...
> Hello,
>
> I'm having extremely big problems.
> Here is the scenario:
>
> I have a IIS 5.0 on w2k in a DMZ using ASP pages. These pages are
accesing
> SQL server 2k inside the network. The DMZ and the Internal network are
> separated by Checkpoint firewall NG. Every time users try to access asp
> pages and the logon (basic authentication) screen comes they get this
error
> "There are no logon servers available to service the logon request". The
> DC's are inside the internal network. This was working fine for the
longest
> and now it has come to this problem.
> We even opened the firewall thinking that it has something to do with
> security but we still get the errors.
> Now the funny thing is that users who have already logon to these pages
for
> some reason are getting through. i would assume that it is taking its
> authentication from cache.
> Even if I reboot all these computers that are in play I still end with the
> same problem.
>
> I don't see any events logs besides the problem mentioned above.
>
> If anyone has come across this insident, please help out.
>
> Thanks
>
>
- Next message: Erik Ekman: "Re: SSL Certificate Query !"
- Previous message: Karl Levinson [x y] MVP: "Re: been hit by hacker, servudaemon installed"
- In reply to: Julio Pereira: "BIG IIS Auth Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
