Solved

Assorted 401.x errors when trying to access Localhost

Posted on 2004-04-19
11
2,068 Views
Last Modified: 2007-12-19
I am attempting to create an intranet web site on a brand new server running Windows Server 2003 with IIS6.  When attempting to browse to the default page or Localhost I am receiving a wide variety of Http 401 errors.  I have configured the page for anonymous access using the IWAM_computername account as the user, and have confirmed that the password in both IIS and Active Directory match.  When trying to access the web page I am still required to enter user credentials but nothing that is entered permits access.

I have attempted to run the following commands to ensure that the password is correct in all areas:

cscript.exe :
  \inetpub\adminscripts  adsutil.vbs set w3svc/
wamuserpass ""

cscript.exe :
  \inetpub\adminscripts
    run synciwam.vbs -v

but receive the message, "Error trying to GET the Schema of the property IIS://localhost/Schema/w3svc"

Thanks in advance
0
Comment
Question by:vet716
  • 6
  • 5
11 Comments
 
LVL 17

Accepted Solution

by:
Tacobell777 earned 175 total points
ID: 10865472
it's actually the IUSR_<computername> that you want on there for anonymous access.
0
 
LVL 2

Author Comment

by:vet716
ID: 10868353
I actually have tried both IUSR and IWAM, and get the same results with both.  IUSR is the default so that is the one that I was using first.
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10874274
Do you have the IUSR permission correctly applied? It needs access to some files in the windows folder, program files - common files etc. Your best bet on this is to find a document on where the IUSR needs permission, I could tell you some on top of my head but its better to get it from a doco by MS...
0
 
LVL 2

Author Comment

by:vet716
ID: 10888600
IUSR has the appropriate NTFS permissions set (Read & Execute, List Folder Contents and Read) on Inetpub, wwwroot, the default page, and all subwebs.

After deleting IUSR from Active Directory and recreating I am now able to view the page on certain subnets on my network but not others.  Any user on the 10.10.x.x subnet that the server resides on can see the page, certain PCs on the 10.20.x.x subnet can also see the page but most receive an HTTP 400 page, stating that the page can not be found.
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10903641
anything in the log file? http 400 page is not a normla page not found, page not found is 404 - have a look at the logs and see if there is anything that might tell you what up.. The web log and the event log.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 2

Author Comment

by:vet716
ID: 10903878
There is nothing that stands out in the Event Log, but in the web log I found HTTPerr1.log which contains hundreds of lines similar to the following:

2004-04-23 19:41:22 10.10.x.x 2367 10.10.x.a 80 - - - - - Timer_ConnectionIdle  (this was a pc on the local network that could connect)
2004-04-23 20:15:32 10.10.x.x 3003 10.10.x.z 80 HTTP/1.1 OPTIONS / 400 - Hostname  (this was a pc on another network, but still a member of the domain)
2004-04-23 20:43:45 10.20.x.x 1146 10.10.x.z 80 HTTP/1.1 GET /bottleking.htm 400 - Hostname (this was a pc on another network, but still a member of the domain)
2004-04-23 20:55:15 10.10.x.x 1215 10.10.x.z 80 HTTP/1.1 OPTIONS / 400 - Hostname (this was a pc on another network, but still a member of the domain)

The odd thing is the times; all of the times are several hours ahead of the server time, although the time on the workstation is synced to the server.  Also it is displaying 2 ip addresses for the server 10.10.x.a and 10.10.x.z.  The server does have 2 NICs but the web site is configured to the ip address for only one of them (10.10.x.a).  These ip addresses are assigned statically to each network card and are also entered as hosts into DNS on the domain controller.
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10904156
The log time is in UTC time I believe, you can sync it with your local machine by going into porperties of logging and there is a setting to tell it to log in local time.

have you tried this

When you get a message like this turn off friendly HTTP error messages in IE. To do this go to Tools -> Internet Options -> Advanced. Uncheck show friendly HTTP error messages. Once you have done this you should get a more detailed message which will point you to the real problem.

You may need to configure your browser to use proxies.

0
 
LVL 2

Author Comment

by:vet716
ID: 10918237
The actual message is "Bad Request (Invalid Hostname)"

We have no proxy server on our network.  In order to configure the browser to use a proxy, would I need to add a proxy or can the web server address be used as the proxy?

I have found a pattern with the computers who can view the page successfully and those who can't.  Every computer on the LAN can see the page, on each WAN only computers that are running Windows 2000 Server can see the page.  Any computer running XP Pro can not.  All of these are using IE6.
0
 
LVL 17

Expert Comment

by:Tacobell777
ID: 10922059
What are the connection settings in Internet Explorer on these machines?  The same as the other machines?
0
 
LVL 2

Author Comment

by:vet716
ID: 10922405
All of the computers have the same connection configuration in IE.

LAN Settings -> All boxes unchecked (Auto detect proxy settings, Use auto config. script and Use a proxy server for your LAN)
0
 
LVL 2

Author Comment

by:vet716
ID: 10950476
This problem has been resolved by adding a DNS Host entry on each of the local computers who could not view the site, pointing to that IP address and Host name for the web site.

Windows -> System32 -> Drivers -> ETC -> Host

Tacobell777 thanks for your help, I wish I had more points that I could award to you.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now