Re: Can not access web directory in Win2k3 with anonymous access d

From: chuck rudolph (chuckrudolph_at_discussions.microsoft.com)
Date: 03/20/05 

Date: Sun, 20 Mar 2005 11:23:04 -0800

David, Here is an update: I can NOW get to the protected web site from a
domain computer when I am signed into the domain BUT when IE accesses the web
the user is prompted to log in. My reading of the document says that an
authenticated user should not be prompted for new creds. The log follows.

I found the policy that was only allowing Guest, and Guests to access the
computer remotely. I added Everyone to get where I am now. Do I need to add
Authenticated Users to get where I want to go?

Thanks...Chuck

**** Anony disallowed, access from a domain member ie ****

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-20 19:14:04
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-20 19:14:04 10.10.1.103 GET /test - 80 - 10.10.1.104
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.40607) 401 2 2148074254
2005-03-20 19:14:19 10.10.1.103 GET /test - 80 SBS\Administrator 10.10.1.104
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.40607) 301 0 0
2005-03-20 19:14:19 10.10.1.103 GET /test/ - 80 - 10.10.1.104
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.40607) 401 2 2148074254
2005-03-20 19:14:19 10.10.1.103 GET /test/Default.htm - 80 SBS\Administrator
10.10.1.104
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.40607) 200 0 0

"David Wang [Msft]" wrote:

> Please provide the web server logs for the failing requests in question. I
> want to see all the 401 errors with substatus/win32 error codes
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "chuck rudolph" <chuckrudolph@discussions.microsoft.com> wrote in message
> news:654ADABC-5773-4642-8F01-0CD0CC5794FB@microsoft.com...
> I am sure this has something to do with a missing (or extra) domain security
> policy. Here is the scoop. I have a domain controller and a member server.
> The member server is running IIS 2k3 with all the lastest "windows update".
> I
> create a vir. dir. on the server and in it a simple .htm. With anonymous
> access enabled, I can open this file from the domain controller running IE.
> When I turn anonymous access off and have Integrated Windows Authentication
> turned on, I get a prompted to log in. Even providing the correct signon
> does
> not allow me access. (The login on the domain controller is a domain admin.)
> This of course works when I do not have the member server in the domain. The
> member server and domain controller (also 2k3) are "out of the box" test
> setups -- so I am pretty sure that I am missing some security policy. Any
> help is appreciated.
>
>
>

Relevant Pages

  • Re: Local Console Password & Network Passwords Different
    ... > From any domain controller you can run the support tool dcdiag to find out ... From any domain computer you can run ... Anyhow you do not need to logon to the PDC fsmo to change any ... >> In addition a blank domain Admin password is ridiculously insecure. ...
    (microsoft.public.security)
  • Re: GPO not applied to clients
    ... I would also run dcdiag and gpotool on the domain controller and netdiag on ... a domain computer that is having the problem receiving the Group Policy. ... their preferred dns server in tcp/ip properties and as shown with ipconfig ...
    (microsoft.public.windows.group_policy)
  • Re: Local Console Password & Network Passwords Different
    ... the administrator password from any domain workstation. ... >> From any domain controller you can run the support tool dcdiag to find ... From any domain computer you can ... Anyhow you do not need to logon to the PDC fsmo to change any ...
    (microsoft.public.security)
  • Re: scheduled jobs not logging on
    ... If this is a domain computer using domain credentials to run these tasks ... make sure that the computer has good connectivity to the domain controller ...
    (microsoft.public.win2000.security)