Re: CGI apps break after DCPROMO an IIS6 server
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 10/03/03
- Previous message: David Wang [Msft]: "Re: Log in for asp.net"
- In reply to: dlbrum: "Re: CGI apps break after DCPROMO an IIS6 server"
- Next in thread: dlbrum: "Re: CGI apps break after DCPROMO an IIS6 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Oct 2003 11:45:37 -0700
This is one of those things different on a DC vs a member server in regards
to user accounts, which then trickle into privileges and then start
affecting process creation, etc.
The "built in" accounts have the minimum and necessary privileges to run
things. You usually do not want to start using custom identity unless you
really know what you want.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "dlbrum" <dlbrum@ufl.edu> wrote in message news:12bc01c389b4$8bfe8e20$a401280a@phx.gbl... I had added the IUSR role to IIS_WPG, and given it the - adjust memory quotas and replace process level token user rights. But, of course, the default application pool identity in use was "network service" which doesn't do it. Using IUSR or Local Service as the identity makes things go again. I decided to remove the IUSR account from the above perms and instead use the local service identity ?? It's not so bad if you know to look in that spot, though there is some added complexity to deal with. Thanks for the pointer... dave >-----Original Message----- >You have a 403.19 -- CGI Access Denied -- and Win32 Error 1314 = >ERROR_PRIVILEGE_NOT_HELD > >Can you answer my original questions #2 and #3. In particular, what user >are you using for AppPool Identity after DCPROMO and does it have the two >privileges listed in F1-help of IIS Manager UI required to be able to launch >a CGI ? > >-- >//David >IIS >This posting is provided "AS IS" with no warranties, and confers no rights. >// >"dlbrum" <dlbrum@ufl.edu> wrote in message >news:1d71001c388e4$5a80fe30$a601280a@phx.gbl... >Yes, I'm finding that there ARE diffs for DC's.. >Unfortunately, I have a very small workgroup and must use >hardware for multiple uses. Well, at least it's not a >file and print server ! > >The log entry is: > >2003-10-02 12:38:52 159.178.62.80 GET /cgi- >bin/calweb/calweb.exe - 80 - 159.178.62.84 Mozilla/4.0+ >(compatible;+MSIE+6.0;+Windows+NT+5.1;+Q312461) 403 19 1314 > > >I'm running in unfiddled IIS6 (not compatibility mode), >and made no special user role changes: just default >settings. I found an earlier post that suggested deleting >the IUSR_WWWNEW account and letting IISADMIN rebuild it, >and did that. > >The URL is www.mgm.ufl.edu, and the entry can be found >under calendars and events as the mgm calendar. > >There IS an entry for this .exe in the system manager web >service extensions, and the folder where it lives >has "scripts and executables" selected. > >Thanks for the "lifeline". I've already used "ask the >audience". > >dave > > > > > >>-----Original Message----- >>Can you give the exact error code for that request from >the Web logs >>(%SYSTEMROOT%\System32\LogFiles\W3SVC#\*.log ). We need >to know what sort >>of 403. >> >>Other than that, can you give info on: >>1. IIS5 Compatibility or IIS6 Worker Process Isolation >Mode. >>2. Predefined user identity or custom user identity for >Application Pools >>3. Did you change W3SVC/CreateProcessAsUser >> >>DC has all sorts of different rules for user identities >and does not work >>well with IIS without a lot of reconfiguration. >> >>-- >>//David >>IIS >>This posting is provided "AS IS" with no warranties, and >confers no rights. >>// >>"DLBrum" <DLBrum@ufl.edu> wrote in message >>news:09ec01c38851$23f51a60$a301280a@phx.gbl... >>I have a calendar app that worked fine on a member IIS6 >>win2k3 server. >> >>After promoting the server to a DC, the CGI application is >>broken, and giving a 403 "not authorized" message. >> >>There is an app extension for the app, folder security has >>execute, and IIS mgr has the folder set to "scripts and >>executables".... None of that stuff has changed. >> >>Ideas ? >> >> >>. >> > > >. >
- Previous message: David Wang [Msft]: "Re: Log in for asp.net"
- In reply to: dlbrum: "Re: CGI apps break after DCPROMO an IIS6 server"
- Next in thread: dlbrum: "Re: CGI apps break after DCPROMO an IIS6 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
