[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Strange FTP problem in WinNT server 4.0 IIS 2.0

Posted on 1997-07-16
8
Medium Priority
?
324 Views
Last Modified: 2013-12-23
I am running a small office NT domain (in a huge network - MSU) and I'm
using Win NT 4.0 Server (SP3). The IIS installed fine the first time but
as soon as I cutomized the acessible directories the access for users was
lost, i.e. I can FTP to it as admin (all admin accounts) but when I try
to do that as a normal domain user it will not allow me! The message is
"user <username> cannot loing. login failed". The system log (MSFTPSVC)
gives the following error message:
.............................>
The server was unable to logon the Windows NT account 'guentche' due to
the following error: Logon failure: the user has not been granted the
requested logon type at this computer.  The data is the error code.

0000: 69 05 00 00               i...
.............................>

I have reinstalled IIS since but that didn't change anything. The machine
is running a bunch of other services (e.g. WINS) but I suspect it's some
bad entry in the registry.
Has anyone ran accross such a problem? Any ideas?
Thanks a lot!

Kamen
0
Comment
Question by:KamenG
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 

Expert Comment

by:gaucig
ID: 1562065
Have a look at the User account manager and make sure that the IUSR account has not expired / been locked also look at the users account and check for the same thing ??

Thanks Geoff
0
 

Author Comment

by:KamenG
ID: 1562066
The IUSR_... account is very much alive and part of the domain
users group so it can login normally (if I knew the password for
it :-). Plus I'm not concerned with anonymous FTP - my domain
users that can log on normally using their MS CLients cannot be
logged on by FTP!

Kamen

0
 
LVL 5

Expert Comment

by:cer
ID: 1562067
Default setting is to allow ONLY anonymous user.
Sure you did change it in IIS manager ?
Is anonymous login possible for normal user?


0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:KamenG
ID: 1562068
To make this a little easier I'd like to mention that I'm a
little whacky sometimes but I'm a very experienced administrator.
So yes, of course I modified the default settings and it doesn't
seem to be anything obvious (well maybe obvious but not stupid).
Just for the test I just enabled anonymous loigns (which I don't
want normally enabled) and the anon user can logon but not a
domain user...
So to recap: domain admins and anons can log on, domain users -
can't. (I have no local users on any machine, except for the de-
fault Administartor account).
0
 
LVL 5

Accepted Solution

by:
cer earned 300 total points
ID: 1562069
See:  http://www.microsoft.com/kb/articles/q153/9/53.htm

When you configure a Microsoft Windows NT user account to be used by clients using HTTP basic
  authentication, Internet Information Server (IIS) requires that the account is granted the Log on
  Locally right.

Set this right in usermanager. If you do not want this you can switch to another right (see URL above).


0
 

Author Comment

by:KamenG
ID: 1562070
The strange part is I was able to logon as a domain admin, which
is not a local account but I guess admins can override all res-
trictions.
After looking at the above URL I was able to solve the problem,
thank you. The article, however, was misleading - its applica-
bility was indicated IIS ver 1.0 and I have IIS ver. 3.0 !
I'm still not fully aware of the possible security breaches bec-
ause of granting the users batch logon privilege but then again
Win NT is not very secure anyway. (I wasn't going to grant users
the logon locally right!)
So as far as I'm concerned my problem is solved and "cer" being
the decisive factor I'm granting him the points.
0
 
LVL 5

Expert Comment

by:cer
ID: 1562071
You don't have a local admin?

If you don't want to grant local login, you can grant "connect as batch job" and change the registry as stated in the URL, or does this not work anymore?

0
 

Author Comment

by:KamenG
ID: 1562072
I do have a local admin, of course (can't delete that one if you
wanted). I don't bother with any other local accounts. The strange part with the KB article is that according to it no local users should be able to login and the domain admin could but as I said - admins are privileged, obviously...
I did fix it by allowing domain users the privilege to login as batch jobs (that's what I tried to suggest in my last comment) but I'm still affraid that might be a security breach (but I tend to trust my users).
So to recap - the KB as usual gives you a good hint rather than a solution but that's OK for people who can read between the lines (if you can find the right article!).
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question