Re: IIS 6.0 CGI pipe broken...

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/20/03

Next message: Tom Kaminski [MVP]: "Re: IIS 5.0 User Authentication"
Previous message: David Wang [Msft]: "Re: command line tool for secure IIS virtual directory???"
In reply to: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Next in thread: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Reply: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Reply: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Nov 2003 04:00:47 -0800

Ok, great, so your CGI is obeying all the rules and is actually executed by
IIS. So, we probably want to look at permissions. It sounds like you only
have anonymous authentication enabled since you're only talking about IUSR.

- Are you running in IIS5 Compatibility or IIS6 Native Mode?
- If IIS6 Native Mode, what is the AppPoolIdentity for the Application Pool?
If IIS5 Compatibility Mode, is it Low Isolation (LocalSystem) or not (IWAM
or any other user)?
- If the identity is a custom user, what permissions does this user have
(use secpol.msc to determine)?
- Does this CGI "shell out" to call CMD.EXE in any way, like execute a batch
script or execute another EXE.

The logon made by RUNAS is has a different set of switches than the logon
that IIS makes. In addition, the identity from the RUNAS logon can call
CMD.EXE (it's an interactive logon) while the IIS logon cannot call CMD.EXE
(it's a non-interactive logon) unless the authenticated user is a local
Administrator.

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Hoch" <Hoch@fightspammers.com> wrote in message
news:oprywd34coxbnazm@localhost...
David,
I was thinking that If I get an error from the CGI
in HTML probably the problem is not with the header.
Anyway, here is the correct header I get from the command line
STATUS:  200 Success
Server: NetLink/4D
MIME-Version: 1.0
Content-type: text/html
<HTML>.....(Long page)...</HTML>
Thanks again!
Hoch.

Next message: Tom Kaminski [MVP]: "Re: IIS 5.0 User Authentication"
Previous message: David Wang [Msft]: "Re: command line tool for secure IIS virtual directory???"
In reply to: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Next in thread: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Reply: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Reply: Hoch: "Re: IIS 6.0 CGI pipe broken..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IIS6 - CGI wont run on new website
... > Sounds like your CGI is broken and needs to be debugged. ... > Your customer did not correctly configure execute permissions for the ... > instead of execute on server. ... > This configuration controls how IIS handles such ambiguous URLs. ...
(microsoft.public.inetserver.iis)
Re: Unable to execute CGI app
... My instructions are sufficient to execute a CGI on IIS6. ... error message AND your CGI EXE executes on the POST, ... As soon as IIS routed the POST request to the CGI and executed it, ...
(microsoft.public.inetserver.iis)
Re: IIS 6.0 CGI pipe broken...
... not a problem with how IIS "executes" a CGI. ... I will hand this info to the CGI tester to try out. ... with a fresh install of IIS 6.0. ... for the CGI and set it to execute scripts. ...
(microsoft.public.inetserver.iis.security)
Re: CGI Tries to download not execute - IIS 6
... You will need to enable CGI extension in IIS 6.Please refer to following KB ... > Execute Permissions: to Scripts and Executables. ...
(microsoft.public.inetserver.iis)
IIS, Trend, Exhaustion, Permissions, Heelp!!!
... passwords using IIS and adsutil as in List 2. ... Logon Failure: ... Caller User Name: NETWORK SERVICE ... To reset the password for the IUSR_ComputerName account, ...
(microsoft.public.windows.server.sbs)