Re: security error in IIS logs (401.2 error)

After this request, do you see a succesful 200 OK request being logged? The
request line below looks like part of a NTLM authentication handshake.

Cheers
Ken

"Alexander Ferrugia" <Alexander Ferrugia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:9B020444-0083-4729-8FD0-EC88C6E53D45@xxxxxxxxxxxxxxxx
Hi:

I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows
Server 2003 w/ SP-1. When I navigate to my site (locally or from another
network computer) in Internet Explorer I'm being prompting for a network
username/password. I believe have configured the server properly in ISS,
have the correct NTFS file permissions, etc.

I would really like to know what sc-win32-status 2148074254 refers to (see
my IIS log below). Anyone have any ideas? I know that the 401.2 error
means
"denied by server configuration" and often means a protocol issue between
the
browser and IIS. I'm not trying to do anything special here, just want to
use plain vanilla Windows Authentication. I have anonymous access turned
off
for my site in IIS (my application requires this) but when I allow
anonymous
access the error goes away.

I have attached my [truncated] IIS log below. Please let me know if you
require any additional details about my environment. Any help that anyone
can offer would be greatly apprecaited. I'm running out of ideas.

Thanks in advance,

Alexander

---SOF---

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-23 17:04:28
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET /eProfitStartup.aspx -
80
- 10.34.43.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254

---EOF---



.

Relevant Pages

  • Re: Log files Help
    ... It mean the request is failed with 404 page not found. ... you have firewall inplace you should be safe. ... > it could not have made it to IIS and would not be in the IIS log. ... >>> This show someone try to access your ftp server ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS error 500 internal server error
    ... I did not mean to post to a German group. ... I have a server which is having this error when I make a SOAP request. ... > code is recorded in the IIS log, and it may also be displayed in the Web ...
    (microsoft.public.de.inetserver.iis)
  • Re: 2 servers, 2 different behaviors - internal server error
    ... I have a server which is having this error when I make a SOAP ... >> returns a numeric code that indicates the status of the request. ... >> code is recorded in the IIS log, and it may also be displayed in the Web ...
    (microsoft.public.inetserver.iis)
  • [REVS] NTLM HTTP Authentication is Insecure By Design
    ... in front of a web server, and that proxy server shares a single TCP ... These are attacks that make use of non-RFC HTTP requests (HTTP Request ... the authentication is associated with the ...
    (Securiteam)
  • [NT] 04WebServer Multiple Vulnerabilities (CSS, Log File Injection, AUX DoS)
    ... 04WebServer is a HTTP server developed by Soft3304 for Windows platforms. ... Characters into Log File ... filtering on the request URL before writing it into the log file. ... following HTTP request, when submitted to a vulnerable 04WebServer, will ...
    (Securiteam)