Re: Problems with IIS Lockdown Tool

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 06/07/04


Date: Mon, 7 Jun 2004 16:02:18 +0800

I run IIS lockdown on few hundreds box. I don't have any problem at all.

you can actually look at the oblt-rep.log and oblt-log.log to see what's
been done by IISLockdown.

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Matt Pelham" <anonymous@discussions.microsoft.com> wrote in message
news:1867301c44a77$71c3fd90$a501280a@phx.gbl...
> I resolved the problem but thought I should post a reply
> in case anyone else evers runs into this.
>
> It seems the Lockdown tool removed the FTP service even
> though I believe I specifically selected the option to
> retain FTP.  In any case the restore feature of the
> Lockdown tool does not restore removed services.  The
> wierd thing is that the FTP service was listed but failed
> to start.  This left the IIS Admin tool in a state that
> would not allow it to manage the IIS service.  I
> uninstalled the FTP service (since it showed it was
> installed) and then reinstalled it.  This allowed me to
> manage the IIS service.
>
> After all that I still needed to re-inistall our SSL
> certificate, configure security settings for SSL and
> recreate the 403.4 custome error that redirects visitors
> to the OWA HTTPS logon page.  All is good once again, but
> I don't think I would trust the IIS Lockdown tool again.
>
> >-----Original Message-----
> >After running version 2.1 of the IIS Lockdown Tool on
> our
> >Exchange 5.5 Outlook Web Access (OWA) server, the IIS
> >service no longer works.  This is especially frustrating
> >since I had previously used an earlier version of the
> IIS
> >lockdown tool tht didn't have options to specify the
> >server was running OWA.  When I ran the new version it
> >warned me that it would uninstall the settings
> configured
> >by the previous version and then I would need to run the
> >tool again to create the new lockdown settings.  After
> >doing this with all the default setting selected, the
> OWA
> >website and FTP site are not available and when I try to
> >manage these services via the MMC a message says the
> >service could not be connected to.  I then decided to
> run
> >the Lockdown tool again to remove the settings, but even
> >after this the problem persists.  I have dozens of users
> >who are understandably upset and I haven't a clue how to
> >fix this.  I am considering removing and reinstalling
> >both IIS and Exchange 5.5 OWA, but it will take days to
> >get it configured as before.  Is there anything you
> think
> >I should try before resorting to this drastic measure?
> >Any help would be greatly appreciated.  Thanks, Matt
> >.
> >


Relevant Pages

  • Re: wrong host on example invoke pages
    ... > Windows SP's have a bad habit of breaking things in IIS through lockdown ... I would suggest checking the application settings, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: IIS Lock Down Tool
    ... lockdown or urlscan once I have applied it... ... I BOLD THIS FOR THOSE WHO DO NOT KNOW, URLSCAN IS DIVORCED FROM THE ... LOCKDOWN TOOL. ... THEY ARE STILL RECOMMENDED ON ALL IIS SERVERS PRIOR TO IIS ...
    (microsoft.public.inetserver.iis.security)
  • Re: SMS Reporting give Page Not Found
    ... Lockdown only works on IIS 5. ... >Installation of SUS implements IIS Lockdows (if I recall ...
    (microsoft.public.sms.admin)
  • removing cmd.exe properly
    ... I recently followed the article below as an added IIS ... While the IIS lockdown tool and URLscan tool ... is safer to move and/or rename the cmd.exe file from its ... On Windows 2000/XP/2003 machines it is has to be removed ...
    (microsoft.public.inetserver.iis.security)
  • Re: Where is the IIS6 IISLockdown setup files located?
    ... IIS 6.0 lockdown - mimemapping and web service extension. ... >> You only can have urlscan in IIS 6.0 if you do a in place upgrade with>> urlscan installed. ...
    (microsoft.public.inetserver.iis.security)