tim freese
asked on
IIS 6 authentication prompt appearing
IIS 6 is prompting for a user name and password for our default web site.
We have the following settings in place for default web site: Enable Anonymous access is selected.
the virtual directory has enable anonymous access as well as integrated windows authentication.
the folder has the proper internet guest account added with read/write/execute permissions (execute
what else could be causing the authentication prompts to appear?
thanks for the help.
We have the following settings in place for default web site: Enable Anonymous access is selected.
the virtual directory has enable anonymous access as well as integrated windows authentication.
the folder has the proper internet guest account added with read/write/execute permissions (execute
what else could be causing the authentication prompts to appear?
thanks for the help.
did you enable windows 2000 style classic security & sharing options...???
Make sure you have proper security permissions on "myWebsite" folder. It should be like:
SERVER\Administrator -> Full Control
Creator Owner -> Special
System -> Full Control
SERVER\Users -> Read & Execute, List Folder Contents, Read
Best way is to set "Allow inheritable permissions from parent..." for the folder.
Also in a normal IIS installation, IIS install creates the IUSR account (in the Windows SAM), sets the password, and then stores a copy of the password (encrypted) in the IIS metabase.
However, if the Windows password for the IUSR account changes, then IIS won't know what the new password is and won't be able to logon the IUSR account.
Solutions to this problem:
a) If the IUSR password has changed (and you know what the new password is), then reset the IUSR password in IIS Manager, so that IIS knows what the password is again.
SERVER\Administrator -> Full Control
Creator Owner -> Special
System -> Full Control
SERVER\Users -> Read & Execute, List Folder Contents, Read
Best way is to set "Allow inheritable permissions from parent..." for the folder.
Also in a normal IIS installation, IIS install creates the IUSR account (in the Windows SAM), sets the password, and then stores a copy of the password (encrypted) in the IIS metabase.
However, if the Windows password for the IUSR account changes, then IIS won't know what the new password is and won't be able to logon the IUSR account.
Solutions to this problem:
a) If the IUSR password has changed (and you know what the new password is), then reset the IUSR password in IIS Manager, so that IIS knows what the password is again.
ASKER
what we found was the IUSR account on the web server was trying to authenticate to our DC and failing. we had to change the IUSR account in IIS to a domain user on the DC to make it work.
Is this ok to do as far as security issues are concerned? if not, what is an acceptable solution?
thanks again.
Is this ok to do as far as security issues are concerned? if not, what is an acceptable solution?
thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
AnonymousUserPass
logon failedPath:W3SVC/1/ROOT/my
AuthType:Anonymous
AnonymousPasswordSync
The current configuration requires IIS subauthentication. However, the IIS subauthentication component, iissuba.dll, is not currently configured.Path:W3SVC/1/RO
AuthType:Anonymous
AnonymousPasswordSync
The current configuration uses IIS subauthentication for anonymous authentication. This requires that the worker process be configured to run as the Local System identity, which is not recommended for security reasons.Path:W3SVC/1/ROOT/
AuthType:Anonymous
Server's response: HTTP/1.1 401 Unauthorized
Learn about IIS status codesPath:W3SVC/1/ROOT/myW
AuthType:Anonymous
BUILTIN\Users does not have Access this computer from the networkprivilegePath:W3SVC
AuthType:NTLM
Everyone does not have Access this computer from the networkprivilegePath:W3SVC
AuthType:NTLM
Service principal name (SPN) for user 'IWAM_MyServer' not found in Active DirectoryPath:W3SVC/1/ROOT
AuthType:Kerberos
Test Authentication
Path:W3SVC/1/ROOT/myWebSit
AuthType:NTLM
Diagnostics complete