Re: Problem with IIS 6.0
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/15/04
- Next message: David Wang [Msft]: "Re: -2147023569 error from IIS Password Change"
- Previous message: David Wang [Msft]: "Re: urlscan"
- In reply to: Bernard: "Re: Problem with IIS 6.0"
- Next in thread: gg: "Re: Problem with IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Jan 2004 02:11:04 -0800
It may also be due to mismatched Anonymous username/password.
IIS5 runs as LocalSystem (vulnerable to CodeRed elevation of privilege
attacks) but also has privileged access to "Sub Authentication" which allows
it to offer the "Let IIS control the password" of the anonymous user. IIS6
runs as Network Service (unprivileged user) without access to "Sub
Authentication" (so there is no "Let IIS control the password" feature
anymore), so if your anonymous username/password was incorrect in the
metabase and IIS6 loses the ability to control the password... you're always
going to get access denied on anonymous access because IIS cannot
successfully log on the anonymous user account.
If this is the case, you should see eventlog errors to that effect -- and if
you disable anonymous and enable authentication, requests start to work
again. To fix, try manually synchronizing the username/password of
Anonymous username/password in IIS Metabase and in NT SAM (or just delete
the IUSR/IWAM users from the NT SAM, restart IISADMIN, and IIS should
recreate/reset those username/password for you.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:eNft9Nz2DHA.3944@tk2msftngp13.phx.gbl... So you mean, anonymous access is checked but when user access the page, they get prompt for login ? if yes you might to check the NTFS permission of those files, make sure iusr a/c has at least READ NTFS permission. -- Regards, Bernard Cheah http://support.microsoft.com/ Please respond to newsgroups only ... "Eric Paul" <ericallenpaul@hotmail.com> ???? news:658d9a02.0401140553.6323d488@posting.google.com... > "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<#Pavpgl2DHA.2432@TK2MSFTNGP09.phx.gbl>... > > 'from time to time' does it always happen the same time ? > > if you now had configured anonymous access, close IIS MMC, > > enter the following command at command prompt. > > net stop iisadmin /y > > net start iisadmin > > net start w3svc > > and other services needed. > > > > then reopen IIS MMC, check if your configuration is there. > > if yes, then you might want to check if there's any unknown > > script / program or etc running at unknown time that changes > > the setting. > > > > -- > > Regards, > > Bernard Cheah > > http://support.microsoft.com/ > > Please respond to newsgroups only ... > > > That's just it... There is no change in the settings anonymous access > is still enabled, it just quits working. Actually what I believe is > happening is the public web site is entering some weird "offline" > state and the end user ends up at the default site which is not an > anonymous site. > I have installed the IIS debugging tools but I can't seem to make any > sense of the "dump" data it logs. There are no errors in the system or > application logs that seem to relate to this problem. It never had > this problem in Windows 2000 and IIS 5.5 and very little code has > changed on the site since it was moved to IIS 6. > I am at a loss as where to look next for a solution. Any help you > could offer would be appreciated.
- Next message: David Wang [Msft]: "Re: -2147023569 error from IIS Password Change"
- Previous message: David Wang [Msft]: "Re: urlscan"
- In reply to: Bernard: "Re: Problem with IIS 6.0"
- Next in thread: gg: "Re: Problem with IIS 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
