Re: HTTP 401.3 error: Please help - Urgent.
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 09/20/04
- Next message: David Wang [Msft]: "Re: ISAPI Extension DLL don't work on IIS6"
- Previous message: Rafal W.: "Re: multiple IIS server boxes behind firewall"
- In reply to: RAM GANESAN: "HTTP 401.3 error: Please help - Urgent."
- Next in thread: RAM GANESAN: "Re: HTTP 401.3 error: Please help - Urgent."
- Reply: RAM GANESAN: "Re: HTTP 401.3 error: Please help - Urgent."
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Sep 2004 15:26:24 -0700
401.3 indicates that remote user logon succeeded but the user identity did
not have sufficient access to the resource.
Thus, this problem has NOTHING to do with IUSR and everything you've done
with it. Two things support this conclusion:
1. You are supposed to be using only Basic authentication, which would not
involve the IUSR nor anonymous access account
2. You are getting 401.3, which indicates that the remote user did logon
successfully.
Can you try filemon from www.sysinternals.com and see what resource is
generating access denied and for what user identity.
Then, verify that this user identity is expected. If so, then fix the ACLs
on the resource. If not, then verify that your authentication scheme is
correct (i.e. only Basic).
Finally, you want to do whatever is necessary to use AuthDiag to at least
gather information about your system to help resolve the issue. If you
think SSL is blocking it, turn it off for debugging purposes.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "RAM GANESAN" <ramganesan@gmail.com> wrote in message news:2dca7102.0409200554.61b22099@posting.google.com... Hello, I have a site which uses Basic Authentication. The site authenticates only me and others who are among the 'Administrators' group in the server. All other users get the HTTP 401.3 Access denied by ACL on resource error!! No changes was made to the folder permissions recently and the only thing that happened before the site broke down was that several critical windows updates were pushed by our network admin and the webserver rebooted. I downloaded the AuthDiag tool and tried to use the Check Authentication task but it always gives me "URL entered is invalid" error!!! I enter the complete URL to that site..like...http://www.###.com/ab/cd/foldername/index.cfm I can access the URL from my browser as I am an administrator on the server. If I try to access the URL from a common user's browser...I get the login prompt and even if user enters the right login information it gives the 401.3 error. Since it is a https site and requires basic authentication, I guess the AuthDiag tool could not get in with whatever account that it uses to authenticate in. Does this have anything to do with the IUSR_Machinename account? I believe that pushing Microsoft updates alone cannot mess up anything in a server but is it possible that once the updates are installed and the server is rebooted, the ACLs and/or windows accounts (especially IUSR_) did not get set up properly? I tried to investigate further on the IUSR_Machinename account and this is what I found: I used the following VBS code to find out what the IUSR_machinename and IWAM_machinename account passwords were and I was surprised to see that the code returned a password for IWAM account BUT NOT the IUSR account!!! It was empty! Is this possible? Is this why I am having all these troubles? .VBS code: ________________________________________________________ Dim IIsObject Set IIsObject = GetObject ("IIS://localhost/w3svc") WScript.Echo "UserName = " & IIsObject.Get("AnonymousUserName") & vbCrlf & _ "UserPass = " & IIsObject.Get("AnonymousUserPass") & vbCrlf & vbCrlf &_ "WAMUser = " & IIsObject.Get("WAMUserName") & vbCrlf & _ "WAMPass = " & IIsObject.Get("WAMUserPass") Set IIsObject = Nothing _________________________________________________________ Please....this is urgent. I appreciate all the help I can get.
- Next message: David Wang [Msft]: "Re: ISAPI Extension DLL don't work on IIS6"
- Previous message: Rafal W.: "Re: multiple IIS server boxes behind firewall"
- In reply to: RAM GANESAN: "HTTP 401.3 error: Please help - Urgent."
- Next in thread: RAM GANESAN: "Re: HTTP 401.3 error: Please help - Urgent."
- Reply: RAM GANESAN: "Re: HTTP 401.3 error: Please help - Urgent."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
