Re: Permanently turn off Integrated Windows Authentication?
From: Research Services (key_at_lamar.n0-sp@m.colostate.edu.NO)
Date: 12/29/03
- Next message: Karl Levinson [x y] mvp: "Re: 2003 Web Server Security Flaw"
- Previous message: Jeff Cochran: "Re: 2003 Web Server Security Flaw"
- In reply to: Bernard: "Re: Permanently turn off Integrated Windows Authentication?"
- Next in thread: Bernard: "Re: Permanently turn off Integrated Windows Authentication?"
- Reply: Bernard: "Re: Permanently turn off Integrated Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Dec 2003 08:16:37 -0700
Well this is actually an IIS setting - and if you do anything related to IIS
from the Exchange System Manager it tells you to use the IIS MMC Console.
Unless there is somewhere else we can make this change...?
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:e8HpkobzDHA.604@tk2msftngp13.phx.gbl...
> You might want to change Exchange related setting via System Manager.
> as when it start it might overwrite the setting configure in IIS MMC.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
>
> "Research Services" <key@lamar.n0-sp@m.colostate.edu.NO> ????
> news:#4V3VRXzDHA.2680@TK2MSFTNGP11.phx.gbl...
> > Okay, we've tried what you suggested, making the change to the virtual
> > directory and unchecking the "Integrated Windows Authentication" box,
and
> > then immediately run "NET STOP /y IISADMIN" from a Cmd Prompt, it
> > successfully stops the service and all other dependant Exchange
services.
> > We start all of the services back up and the box remains unchecked. It
> > remained uncheck for the next 2 days, but then on the 3rd day it was
> checked
> > again automatically. Just a reminder, this is a Member Server running
> > Windows 2000 SP4 and Exchange 2000 Post-SP3, we stop/start all Exchange
> and
> > IIS services every night for offline backups. We are attempting to
change
> > this on a Virtual Directory, not the top level of the website. Is there
> > something we are missing? Thank you for your help.
> >
> >
> >
> >
> > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > news:OdijbuSyDHA.2508@TK2MSFTNGP12.phx.gbl...
> > > Ok, I've described basically the same solution as Karl. Only
difference
> > is
> > > that I *know* that stopping IISADMIN will trigger the metabase flush.
> > >
> > > I'll describe what's going on.
> > >
> > > The basic problem is this:
> > > 1. When you make a configuration change to IIS via the UI, it is kept
in
> > > memory (since IIS will frequently take the change live) and NOT
> > immediately
> > > written to disk.
> > > 2. Later, IIS attempts to write the change to disk using an algorithm
to
> > > determine "idleness".
> > > 3. I've seen instances where "idleness" doesn't happen, so the changes
> are
> > > not written to disk after a given time period. This isn't exactly bad
> > since
> > > IIS will eventually write the change to disk when you stop the
IISADMIN
> > > service... but it's bad news if #4 happens...
> > > 4. Something manages to kill the IISADMIN service before IIS writes
the
> > > change. This can be an inproc ISAPI crashing, or using IISRESET and
IIS
> > > takes >30 seconds to restart (probably likely with Exchange as a
> > > dependency). When this happens, the unwritten changes are lost, and
> upon
> > > restart, you get the old settings.
> > >
> > > What you're describing is that somehow, #4 is happening prior to your
> > change
> > > being flushed to disk. Thus, you're losing your change. The way you
> work
> > > around this is to basically make the change and IMMEDIATELY cause a
> > metabase
> > > flush to disk to happen. Stopping the IISADMIN service is one way,
but
> > NOT
> > > using IISRESET. The sure way to do this is to type:
> > > NET STOP /y IISADMIN on the commandline
> > >
> > > With IIS6, what we changed was:
> > > 1. Give you a menu option to immediately save all configuration to
disk.
> > > 2. When you exit the UI, automatically initiate a flush to disk.
> > >
> > > We will probably never change this behavior on prior IIS versions
since
> > the
> > > change can be dangerous and cause other potential unknown problems.
> It's
> > > better to have a known problem and workaround than an unknown problem
> with
> > > an unknown workaround.
> > >
> > > --
> > > //David
> > > IIS
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > //
> > > "Research Services" <key@lamar.n0-sp@m.colostate.edu.NO> wrote in
> message
> > > news:uOPN55JyDHA.1736@TK2MSFTNGP09.phx.gbl...
> > > Yes, I believe this is a bug as well, I have seen several posts in
this
> > > newsgroup over the last several months with others having the same
> issue.
> > > Could the MS guy elaborate of what might be wrong or where to look for
> the
> > > source of the problem, what to fix?
> > >
> > > Our issue has been very inconsistent, we stop all web services during
> our
> > > offline Exchange backup every night. And even though we have
unchecked
> > the
> > > box for "Integreated Windows Authentication" it will sometimes stay
> > > unchecked when the web services are restarted but most of the time the
> box
> > > is rechecked automatically.
> > >
> > > Thanks Karl, I try what you have suggested.
> > >
> > >
> > > "Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
> > > news:%2349xah9xDHA.2116@TK2MSFTNGP11.phx.gbl...
> > > > This has been happening to me ever since 2001. I believe it's a
known
> > > bug,
> > > > possibly where the IIS Metabase isn't properly being saved on exit.
> > What
> > > I
> > > > was able to do is make that change AND ONLY that one change in one
> > place,
> > > > and then right-click to stop and restart the web server instance
> [and/or
> > > > stop and restart the WWW service in Windows]. Then immediately go
> back
> > > into
> > > > IIS and confirm that the setting is still there. If it is, you
should
> > be
> > > > OK.
> > > >
> > > >
> > > > "Research Services" <key@lamar.n0-sp@m.colostate.edu.NO> wrote in
> > message
> > > > news:eDXqDrnxDHA.2436@TK2MSFTNGP09.phx.gbl...
> > > > > Is there a way to permanently turn off Integrated Windows
> > Authentication
> > > > on
> > > > > Windows 2000 SP4 IIS 5.0?
> > > > >
> > > > >
> > > > >
> > > > > We know that you can uncheck the box for it on the Properties for
> that
> > > > > specific virtual directory under Authentication Methods, but every
> > time
> > > > the
> > > > > server is rebooted or if the IIS Admin Service is restarted it
> > > > automatically
> > > > > checks that box back on.
> > > > >
> > > > >
> > > > >
> > > > > We have Exchange 2000 Post-SP3 running on this box (not a DC) and
we
> > > don't
> > > > > want the Domain field box showing up for clients logging into OWA.
> We
> > > > only
> > > > > want Basic Authentication over forced SSL (which we have
configured
> > and
> > > > > working fine). We've noticed that down-level clients for some
home
> > > users
> > > > > can't login IF Integrated Windows Authentication is checked on.
> > > > >
> > > > >
> > > > >
> > > > > Is there a registry setting to disable this or a script that will
> > > disable
> > > > it
> > > > > that we could run at machine start up? Thanks for any ideas or
> > > > suggestions.
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
>
>
- Next message: Karl Levinson [x y] mvp: "Re: 2003 Web Server Security Flaw"
- Previous message: Jeff Cochran: "Re: 2003 Web Server Security Flaw"
- In reply to: Bernard: "Re: Permanently turn off Integrated Windows Authentication?"
- Next in thread: Bernard: "Re: Permanently turn off Integrated Windows Authentication?"
- Reply: Bernard: "Re: Permanently turn off Integrated Windows Authentication?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
