RE: issues authentication w/2003 server AND SP1, IIS 6, FPSE 2002
- From: "Dr. Paul Caesar - CoullByte (UK) Limited" <DrPaulCaesarCoullByteUKLimited@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Nov 2005 06:58:01 -0800
This also fixed many debugging issues with Visual Studio 2003 on Windows
Server 2003 with Service Pack 1.
Thanks
"R" wrote:
> FYI -
>
> ----
>
> That did it! thanks rick. I didn't even have to restart the machine, only
> recycle the MSsharepoint app.
>
> EB
>
>
>
> --------------------------------------------------------------------------------
>
> Subject: RE: [iis6] 401.1 When accessing fpadmdll.dll
>
>
> Ed,
>
> Go ahead and forward this to the listserve should the following information
> help you slove your issue. This may not be the solution. THANKS - RICK
>
> Possible FIX from KB 896861: This issue occurs if you install Microsoft
> Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack
> 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check
> security feature that is designed to help prevent reflection attacks on your
> computer. Therefore, authentication fails if the FQDN that you use does not
> match the local computer name.
>
> There is a known "issue" with authentication when using 2003 server with
> IIS6 and 2002 extensions that shipped with 2003 server after the application
> of 2003 server SP1. The issue occurs from additional security lock downs that
> sp1 applied. People have been affected by this either by installing SP1 after
> FP extensions were installed as well as fresh installations of 2003 server,
> IIS6, 2002 extensions and with SP1.
>
> People are doing the following:
>
> Turn on basic authentication and use SSL for logins in IIS or
>
> Method 1: Disable the loopback check
> Follow these steps: 1. Click Start, click Run, type regedit, and then click
> OK.
> 2. In Registry Editor, locate and then click the following registry key:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
> 3. Right-click Lsa, point to New, and then click DWORD Value.
> 4. Type DisableLoopbackCheck, and then press ENTER.
> 5. Right-click DisableLoopbackCheck, and then click Modify.
> 6. In the Value data box, type 1, and then click OK.
> 7. Quit Registry Editor, and then restart your computer.
>
>
>
>
> ------
>
> Here is more information on this item
>
>
>
> Here is a news group to check out.
>
>
> http://support.microsoft.com/newsgroups/newsReader.aspx?lang=en&cr=US&dg=microsoft.public.frontpage.extensions.windowsnt&sloc=en-us
>
>
>
>
>
> Here is another link to a search in that listserve to read:
>
> http://support.microsoft.com/newsgroups/newsReader.aspx?query=admin+sp1&dg=microsoft.public.frontpage.extensions.windowsnt&cat=en_US_8d96a1f7-ed94-449f-b028-71a5e32d0e7b&lang=en&cr=US&pt=7d3cded1-50f4-41e1-be92-9c85367a4e28&catlist=b7714baa-0d60-40b0-a226-8b9cf33299a5&dglist=&ptlist=&exp=&sloc=en-us
>
> In the results go and read the result named, "An error occurred accessing
> your Windows SharePoint Services site files"
>
>
>
> You will see the following posting froma user named Michael Middleton
> referencing knowledge base article 896861 in regards to Integrated
> Authentication:
>
> I may have posted my fix in the wrong thread.
>
> You don't need to uninstall SP1.
>
> You do need to stop checking the loopback connector so that Kerberos
> doesn't break for virtual domains.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;896861
>
> At least that, and a good sanity check of permissions fixed it for me.
> See my previous post under "Win 2003 SP1 FrontPage Problem".
>
> It has been several days now, two servers were having this issue..
> hundreds of domains... and zero complaints after we made this change.
>
> Mike Middleton
> http://www.m13.net
>
>
> > Brian,
> > I strongly recommend following Thomas Rowe's suggestion [uninstall win 2k3
> > sp1].
> > If you encounter additional errors, please post back here.
> > Uninstalling Win 2003 sp1 resolved the main problems - especially the posted
> > specific error message.
> > We encountered some residual issues, mostly due to the application of
> > recommended fixes appropriate to the error message.
> > Those are now cleaned up as well, thanks again to the Thomas and the other
> > MVPs on this forum.
> >
>
> Here is the Knowledge base article:
>
> You receive error 401.1 when you browse a Web site that uses Integrated
> Authentication and is hosted on IIS 5.1 or IIS 6
> View products that this article applies to.
> Article ID : 896861
> Last Review : May 20, 2005
> Revision : 1.2
>
> Notice
> Important This article contains information about modifying the registry.
> Before you modify the registry, make sure to back it up and make sure that
> you understand how to restore the registry if a problem occurs. For
> information about how to back up, restore, and edit the registry, click the
> following article number to view the article in the Microsoft Knowledge Base:
> 256986 (http://support.microsoft.com/kb/256986/) Description of the
> Microsoft Windows Registry
> On This Page
> SYMPTOMS
> CAUSE
> WORKAROUND
> Method 1: Disable the loopback check
> Method 2: Specify host names
> STATUS
> APPLIES TO
>
> SYMPTOMS
> When you use the fully qualified domain name (FQDN) to browse a local Web
> site that is hosted on a computer that is running Microsoft Internet
> Information Services (IIS) 5.1 or IIS 6, you may receive an error message
> that is similar to the following:
> HTTP 401.1 - Unauthorized: Logon Failed
> This issue occurs when the Web site uses Integrated Authentication and has a
> name that is mapped to the local loopback address.
>
> You may also receive an error message that is similar to the following when
> you try to debug a Microsoft ASP.NET project in Microsoft Visual Studio 2003:
> Error while trying to run project: Unable to start debugging on the web
> server. You do not have permissions to debug the server.
>
> Verify that you are a member of the 'Debugger Users' group on the server.
> Note The word "Web" is incorrectly capitalized in this error message.
> Back to the top
>
> CAUSE
> This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2)
> or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and
> Windows Server 2003 SP1 include a loopback check security feature that is
> designed to help prevent reflection attacks on your computer. Therefore,
> authentication fails if the FQDN that you use does not match the local
> computer name.
> Back to the top
>
> WORKAROUND
> Warning If you use Registry Editor incorrectly, you may cause serious
> problems that may require you to reinstall your operating system. Microsoft
> cannot guarantee that you can solve problems that result from using Registry
> Editor incorrectly. Use Registry Editor at your own risk.
>
> To work around this issue, use one of the following methods:
> Back to the top
>
> Method 1: Disable the loopback check
> Follow these steps: 1. Click Start, click Run, type regedit, and then click
> OK.
> 2. In Registry Editor, locate and then click the following registry key:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
> 3. Right-click Lsa, point to New, and then click DWORD Value.
> 4. Type DisableLoopbackCheck, and then press ENTER.
> 5. Right-click DisableLoopbackCheck, and then click Modify.
> 6. In the Value data box, type 1, and then click OK.
> 7. Quit Registry Editor, and then restart your computer.
>
> Back to the top
>
> Method 2: Specify host names
> To specify the host names that are mapped to the loopback address and can
> connect to Web sites on your computer, follow these steps: 1. Click Start,
> click Run, type regedit, and then click OK.
> 2. In Registry Editor, locate and then click the following registry key:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
> 3. Right-click MSV1_0, point to New, and then click Multi-String Value.
> 4. Type BackConnectionHostNames, and then press ENTER.
> 5. Right-click BackConnectionHostNames, and then click Modify.
> 6. In the Value data box, type the host name or the host names for the sites
> that are on the local computer, and then click OK.
> 7. Quit Registry Editor, and then restart your computer.
>
> Back to the top
>
> STATUS
> Microsoft has confirmed that this is a bug in the Microsoft products that
> are listed in the "Applies to" section.
> Back to the top
>
>
> --------------------------------------------------------------------------------
>
> APPLIES TO
> • Microsoft Internet Information Services 6.0, when used with:
> Microsoft Windows Server 2003 Service Pack 1
>
> • Microsoft Internet Information Services 5.1, when used with:
> Microsoft Windows XP Service Pack 2
>
> • Microsoft Visual Studio .NET 2003 Enterprise Architect
> • Microsoft Visual Studio .NET 2003 Enterprise Developer
>
.
- Prev by Date: Re: change password page does not load
- Next by Date: Re: search page in Frontpage
- Previous by thread: Re: change password page does not load
- Next by thread: Re: search page in Frontpage
- Index(es):
Relevant Pages
|
