Re: MS Security Update broke Web Servew 2003 Anonymous Connections
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/18/04
- Next message: David Wang [Msft]: "Re: How to set content-type header for ASP/HTML pages only ?"
- Previous message: Bubi Khan: "Re: Using IIS when disconnected from network"
- In reply to: Robert Waite: "Re: MS Security Update broke Web Servew 2003 Anonymous Connections"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 18 Feb 2004 13:43:33 -0800
As I had initially asked -- did you verify that the Anonymous user
credentials were the same in the local SAM.
The standard IUSR_MachineName is no different from your custom anonymous
user in this regard, so the easiest thing is to verify that the
credentials/password stored in the metabase matches the credentials in the
local SAM.
Were you using Sub Authentication from an upgrade?
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Robert Waite" <bob2dev@tampabay.rr.com> wrote in message
news:ekHTQMX9DHA.2560@TK2MSFTNGP09.phx.gbl...
Got it to work
Note Previous:
> > I run Anonymous under a custom account, not IUSER_MachineName.
> > Switching back to standard IUSER_MachineName made NO difference.
So this should not work, but...
I created a NEW custom acount for IIS Anonymous
and the Web Sites WORK now.
Something in MS Security Update corrupted something.
Thanks for replying!
Robert
"Robert Waite" <bob2dev@tampabay.rr.com> wrote in message
news:OFhUG7U9DHA.2432@TK2MSFTNGP10.phx.gbl...
> No custom ISAPI filters.
> Don't know what Keep-Alives are, so whatever default is.
>
> What is odd also, all resources throw up the "Enter Network Password"
> dialog,
> but accept blank user, password and domain, allowing access to resource.
>
> Robert
>
> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> news:e9bAVCO9DHA.3200@TK2MSFTNGP09.phx.gbl...
> > You have a couple of odds things in your log
> >
> > 1. This is a legitimate 404 file not found, so your web page does
contain
> a
> > reference to this URL
> > 2004-02-16 04:25:19 192.168.1.30 GET /favicon.ico - 80 WEBSERVER\rwaite
> > 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 404 0 2
> >
> > 2. This is a 200 OK retrieval of the pages that just got 401.1
> > 2004-02-16 04:24:42 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> 80
> > WEBSERVER\rwaite 192.168.1.10
> >
>
Mozilla/4.0+compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+CL
> > R+1.0.3705) 200 0 0
> >
> >
> > Do you run any custom ISAPI Filters.
> > Do you have Keep-Alives disabled.
> >
> > All I can say is that your log is inconsistent with being a pure
anonymous
> > website. If you had a mismatched username/password for the anonymous
> user,
> > it wouldn't magically start working for one request -- only a filter or
a
> > user can magically fix that.
> >
> > --
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "Robert Waite" <bob2dev@tampabay.rr.com> wrote in message
> > news:%235yYmdE9DHA.1428@TK2MSFTNGP12.phx.gbl...
> > Note that I switched to default standard user.
> >
> > The problems occurs with all resources on multiple web sites, each with
> > their own root directory.
> >
> > To simplify, I created a Terms2.htm with no links and only test in body
> > in one site root directory..
> >
> > When I access it, I get the "Enter Network Password" dialog. Leaving
> > all fields blank and clicking OK puts me onto the page [that behavior
> > still breaks public use of site]. If I click "Cancel", I get
> >
> > HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
> > credentials.
> > Internet Information Services (IIS)
> >
> > This is associated log:
> >
> > 2004-02-16 04:22:28 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> > 80 - 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 401 1 0
> > 2004-02-16 04:24:39 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> > 80 - 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 401 1 0
> > 2004-02-16 04:24:42 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> > 80 - 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 401 1 0
> > 2004-02-16 04:24:42 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> 80
> > WEBSERVER\rwaite 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 200 0 0
> > 2004-02-16 04:25:19 192.168.1.30 GET /favicon.ico - 80 WEBSERVER\rwaite
> > 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 404 0 2
> > 2004-02-16 04:25:33 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> > 80 - 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 401 1 0
> > 2004-02-16 04:25:38 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> > 80 - 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 401 1 0
> > 2004-02-16 04:25:38 192.168.1.30 GET
/UniqueFloridaVacations/terms2.htm -
> 80
> > WEBSERVER\rwaite 192.168.1.10
> >
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.1.4322;+.NET+C
> > LR+1.0.3705) 304 0 0
> >
> > [I have no idea what "favicon.ico" above is!!! Not my creation.]
> >
> > Thanks,
> > [I'll be away from my computer until 8 PM EST Monday.]
> >
> > Robert
> >
> >
> >
> > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > news:u6NwXTC9DHA.2952@TK2MSFTNGP09.phx.gbl...
> > > Check that your custom Anonymous username/password stored in the
> metabase
> > > matches that in your local SAM. If not, synchronize them
> > >
> > > Also, give the actual LOG entries on the web server for those requests
> (I
> > > need to know what type of 401 was returned) as well as ACLs on the
file
> > > resource being accessed.
> > >
> > > --
> > > //David
> > > IIS
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > //
> > > "Robert Waite" <bob2dev@tampabay.rr.com> wrote in message
> > > news:etzw6EC9DHA.2404@TK2MSFTNGP12.phx.gbl...
> > > [Actually, it was the Update of about 2/08... the one I just installed
> > > (2/15) did not fix problem.]
> > >
> > > Web Server 2003 had been running fine for several months - several
> simple
> > > public web sites. Anonymous connections allowed.
> > >
> > > Not on a Domain or Active Directory; installation was as default
> > > alternative "Workgroup".No DHCP. Static IP. Solo server connectiing to
> > > Internet thru Sonicwall
> > > firewall. I've been using this hardware/network config for several
> years.
> > >
> > > I have disabled a number of unused services such as DHCP.
> > >
> > > Point is had been working for months, until patch installed...
> > > and I had not touched the computer for weeks prior to problem.
> > >
> > > Event logs [Server & IIS] show nothing unusual, but I could easily
miss
> > > something.
> > >
> > > Now throws up NT "Enter Network Password" to all visitors to my web
> sites;
> > > then, of course, "You are not authorized to view this page".
> > >
> > > [HTM pages by the way, ASP/ASPX not a factor].
> > >
> > > I run Anonymous under a custom account, not IUSER_MachineName.
> > > Switching back to standard IUSER_MachineName made NO difference.
> > >
> > > Help
> > >
> > > Robert Waite
> > >
> > >
> > >
> >
> >
> >
>
>
- Next message: David Wang [Msft]: "Re: How to set content-type header for ASP/HTML pages only ?"
- Previous message: Bubi Khan: "Re: Using IIS when disconnected from network"
- In reply to: Robert Waite: "Re: MS Security Update broke Web Servew 2003 Anonymous Connections"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
