Re: Can't make a domain user the "anonymous access" user
From: Jen Roth (anonymous_at_discussions.microsoft.com)
Date: 06/29/04
- Next message: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Previous message: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- In reply to: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Next in thread: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Reply: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 23:48:42 -0700
Thanks for your response.
>I want to know:
>1. what authentication protocols are enabled for the ASP page in
question
>(anon, basic, Integrated, etc)
I have tried both with and without Integrated authentication enabled.
When it's enabled, I get a login prompt if I am using an NTLM-capable
browser (IE, Mozilla). I can then authenticate using the domain account
in question. Or, if I hit "cancel", I get a 401.1 error. When it's not
enabled, or if I'm using a browser that can't do NTLM, the attempt to
view the page just fails with the 401.1 error.
>2. Are you using default or custom AppPool Identity for the Application
Pool containing this ASP page
Default.
>3. What are the web log entries for the request that is failing. In
>particular, give the HTTP status/sub-status as well as Win32 error
codes.
I'm getting "Error 401.1 - Unauthorized: Access is denied due to invalid
credentials." (It just says "401" in the web log.) I'm just not sure *why*
the credentials are invalid. As I said, I can enter the same
domain\username and password at the prompt and view the page. I
even tried using my own domain account -- one I use to log onto this
computer every single day -- and got the same error.
In the Event Viewer, I see Event ID 537:
User: NT AUTHORITY\SYSTEM
Logon Failure:
Reason: An error occurred during login.
User Name: <my domain user>
Domain: <my domain>
Logon Type: 3
Logon Process: IIS
etc.
>I would then enable Security Auditing and see what is causing
anonymous
>login to fail, and go from there.
>
>--
>//David
>IIS
>This posting is provided "AS IS" with no warranties, and confers no
rights.
>//
>"Jen Roth" <anonymous@discussions.microsoft.com> wrote in
message
>news:2261501c45d51$a6b52500$a301280a@phx.gbl...
>I have been trying to set up a website in IIS 6 so that a
>domain user account is used for anonymous access, instead
>of IUSR_SERVERNAME. (I am doing this because we have ASP
>scripts that need to connect to a datasource as this domain
>user.) Unfortunately, it doesn't work. I can set it up so
>that a local account is used for anonymous access -- I
>created a local "test" account just to make sure I was
>setting all the permissions right, and it worked fine. But
>if I use a domain account instead, I am prompted for a
>username and password whenever I access a web page. I know
>the domain account is valid and the password is right, and
>the NTFS permissions allow this user access. If I log in
>with this username/password when I am prompted, I can view
>the page. But for some reason, IIS just doesn't seem to
>recognize this domain user as the "anonymous access" user.
> Can anyone help?
>
>
>.
>
- Next message: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Previous message: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- In reply to: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Next in thread: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Reply: David Wang [Msft]: "Re: Can't make a domain user the "anonymous access" user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
