Re: Anonymous Account not working

If it were the password in IIS that was wrong for Iusr_ then that
would show up in sec event log as login failure, assuming you have
events being logged. Changing in the IISmgmt interface will change
in metabase.
I am lost in the renames and apparent reinstalls, but it seems that
the Iusr_ you are using may have been defined before the final
IIS install on that box. What groups is it a member in?

"Ishmealm" <Ishmealm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:30BA16C5-C225-4A60-A47D-1FB798360DF1@xxxxxxxxxxxxxxxx
I don't see any security log entries. I just tried to access an anonymous
link without success, but no entry was entered into the sec log (or the
other
logs.)

I think the problem may be with the local account (IUSR_WEB02). When I
built the server there was another server that was named WEB02, I downed
that
server, renamed this server (so that the iusr and iwam accounts would be
named correctly), installed IIS. Renamed this server and brought the old
server back on line. This is the 5th server that I've upgrade, but the
only
one that I did the renaming with (the others, I backed up, rebuilt, and
restored.) This is the only one that has had any problems.

When I look in IIS, the anoymous acct is IUSR_WEB02 (the same as the local
acct.) I'm thinking about changing the password on the local acct to what
I
found out was the IUSR password with this article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;184566

I figure that if the local account matches what IIS is using and the
account
is given rights to the folder, that it should work. My concern is that I
need to make a change to the metabase or somewhere else that I don't know
about and I'll break anonymous access to the point I need to rebuild. I'm
hoping that if I just change the local IUSR_WEB02 password to what I found
using:

cscript adsutil.vbs get w3svc/anonymoususerpass

That everything will sync up.
"Roger Abell [MVP]" wrote:

As it is apparently not a content NTFS perrmissions issue it is
perhaps a user rights issue. Have you checked for event msgs
in the Security event log ? Is the Iusr you are using the one
defined during install or a custom one you have created?

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Ishmealm" <Ishmealm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2AB2309E-B23F-444A-A957-FE5539EBC4EC@xxxxxxxxxxxxxxxx
Hi,
I recently built a new webserver to replace an existing server. I
copied the data to the new server and rebuilt all of the IIS
directories
by
hand. I replaced the broken SID of the old IUSR account on all of the
folders with the new IUSR account from the new server. Now when I try
to
access any of the virtual directories anonymously, I am denied access
(If
I
access them with basic or integrated, I have access.) Even if I create
a
new
VD, I get access denied.

I've created a new folder and applied the IUSR account using the
security tab so that I know it has the right account and there isn't
anything
carrying over from the old server (I also granted it Full Control just
to
be
certain it's not a permission problem.) I then created a new VD
pointing
to
the new folder. I get access denied. If I change the anonymous
username
and
password in IIS to another account with rights, it works.

I then used Adsutil.vbs to get the username and password that the
IUSR
acct is using and I manually entered the account info into the
directory
security for the anonymous account. I got access denied.

I'm thinking that the password that IIS is using is somehow
different
from the password that the local account is using. I'm thinking about
doing
a password change on the local account to the password that Adsutil.vbs
gave
me, but I don't want to break anything worse than it already is. Also
once I
make the change, I want to be able to create new VD's without having to
enter
the anonymous password manually everytime.

Am I going about this the right way or is there something that I'm
missing, doing wrong, or need to do in the metabase when I'm done? Any
help
is greatly appreciated.

Thanks,
Ishmeal







.

Relevant Pages

  • RE: SOME Users cannot access OWA others do, error HTTP 500
    ... I understand that some account access OWA ... IIS 6.0 compression corruption causes access violations ... compressed copy of the affected files on the SBS server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Virtual Directory - Permission Denied with fso CopyFile
    ... TestUser (normal user account with same credentials on all machines). ... I logged into the IIS server as vdirUser and simply typed ... open and I had read and write permissions to the share. ... I logged off and back into the IIS server as the administrator and deleted ...
    (microsoft.public.inetserver.iis)
  • Re: IWAM out of sync (DCOM error) 10004
    ... password that is cached in the IIS Metabase for the IWAM and IUSR accounts. ... This should show you whether the password is being changed in the metabase. ... If you reset the password on the domain account, ... and IIS is set to control the IUSR password? ...
    (microsoft.public.inetserver.iis.security)
  • Re: Anonymous Account not working
    ... I think the problem may be with the local account. ... built the server there was another server that was named WEB02, ... renamed this server (so that the iusr and iwam accounts would be ...
    (microsoft.public.inetserver.iis.security)
  • RE: Anybody seen this error?
    ... This error is caused when the IIS common files fail when making ADSI calls ... account doesn't have the correct access to the IIS metabase. ... I (Admin) have a separate administrative account with all rights. ... | Active Directory Services cannot find the web server. ...
    (microsoft.public.dotnet.framework.aspnet)