Solved

Strange FTP problem in WinNT server 4.0 IIS 2.0

Posted on 1997-07-16
8
319 Views
Last Modified: 2013-12-23
I am running a small office NT domain (in a huge network - MSU) and I'm
using Win NT 4.0 Server (SP3). The IIS installed fine the first time but
as soon as I cutomized the acessible directories the access for users was
lost, i.e. I can FTP to it as admin (all admin accounts) but when I try
to do that as a normal domain user it will not allow me! The message is
"user <username> cannot loing. login failed". The system log (MSFTPSVC)
gives the following error message:
.............................>
The server was unable to logon the Windows NT account 'guentche' due to
the following error: Logon failure: the user has not been granted the
requested logon type at this computer.  The data is the error code.

0000: 69 05 00 00               i...
.............................>

I have reinstalled IIS since but that didn't change anything. The machine
is running a bunch of other services (e.g. WINS) but I suspect it's some
bad entry in the registry.
Has anyone ran accross such a problem? Any ideas?
Thanks a lot!

Kamen
0
Comment
Question by:KamenG
  • 4
  • 3
8 Comments
 

Expert Comment

by:gaucig
ID: 1562065
Have a look at the User account manager and make sure that the IUSR account has not expired / been locked also look at the users account and check for the same thing ??

Thanks Geoff
0
 

Author Comment

by:KamenG
ID: 1562066
The IUSR_... account is very much alive and part of the domain
users group so it can login normally (if I knew the password for
it :-). Plus I'm not concerned with anonymous FTP - my domain
users that can log on normally using their MS CLients cannot be
logged on by FTP!

Kamen

0
 
LVL 5

Expert Comment

by:cer
ID: 1562067
Default setting is to allow ONLY anonymous user.
Sure you did change it in IIS manager ?
Is anonymous login possible for normal user?


0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:KamenG
ID: 1562068
To make this a little easier I'd like to mention that I'm a
little whacky sometimes but I'm a very experienced administrator.
So yes, of course I modified the default settings and it doesn't
seem to be anything obvious (well maybe obvious but not stupid).
Just for the test I just enabled anonymous loigns (which I don't
want normally enabled) and the anon user can logon but not a
domain user...
So to recap: domain admins and anons can log on, domain users -
can't. (I have no local users on any machine, except for the de-
fault Administartor account).
0
 
LVL 5

Accepted Solution

by:
cer earned 100 total points
ID: 1562069
See:  http://www.microsoft.com/kb/articles/q153/9/53.htm

When you configure a Microsoft Windows NT user account to be used by clients using HTTP basic
  authentication, Internet Information Server (IIS) requires that the account is granted the Log on
  Locally right.

Set this right in usermanager. If you do not want this you can switch to another right (see URL above).


0
 

Author Comment

by:KamenG
ID: 1562070
The strange part is I was able to logon as a domain admin, which
is not a local account but I guess admins can override all res-
trictions.
After looking at the above URL I was able to solve the problem,
thank you. The article, however, was misleading - its applica-
bility was indicated IIS ver 1.0 and I have IIS ver. 3.0 !
I'm still not fully aware of the possible security breaches bec-
ause of granting the users batch logon privilege but then again
Win NT is not very secure anyway. (I wasn't going to grant users
the logon locally right!)
So as far as I'm concerned my problem is solved and "cer" being
the decisive factor I'm granting him the points.
0
 
LVL 5

Expert Comment

by:cer
ID: 1562071
You don't have a local admin?

If you don't want to grant local login, you can grant "connect as batch job" and change the registry as stated in the URL, or does this not work anymore?

0
 

Author Comment

by:KamenG
ID: 1562072
I do have a local admin, of course (can't delete that one if you
wanted). I don't bother with any other local accounts. The strange part with the KB article is that according to it no local users should be able to login and the domain admin could but as I said - admins are privileged, obviously...
I did fix it by allowing domain users the privilege to login as batch jobs (that's what I tried to suggest in my last comment) but I'm still affraid that might be a security breach (but I tend to trust my users).
So to recap - the KB as usual gives you a good hint rather than a solution but that's OK for people who can read between the lines (if you can find the right article!).
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question