• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 429
  • Last Modified:

Help! Demoted server, internet user accounts deleted.

I just demoted my Domain server back to a workgroup member. It deleted all the user accounts and now it is prompting all users that try to access any of my server sites. When I go to IIS60, under permissions it lists two unknown accounts which were the IUSER_servername and the IWAN_servername accounts. How would I regenerate those accounts so anonymous users can connect again? Server has FP2002 Extensions and SharePoint 2.0. Windows Server 2003.
0
fhenkel
Asked:
fhenkel
  • 12
  • 7
  • 2
  • +1
1 Solution
 
Phadke_hemantCommented:
in IIS itself you can allow anonymous users to access your website
0
 
abraham808Commented:
restart your IISAdmin Service.
0
 
fhenkelAuthor Commented:
The IIS does not see any IUSER or IWAN accounts because Windows deleted those accounts off the machine. I am looking for How to recreate them. I just found a procedure at MS which covers removinng IIS and reinstalling it. It then should recreate those two accounts, according to Mr. Gates???
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
abraham808Commented:
That is the other way of doing it to re-install IIS
0
 
fhenkelAuthor Commented:
OK, the reinstall of IIS created the two accounts in question and I restored the configuration backup. Now all the sites are set to Anonymous access but when anyone hits the sites they get prompted for a userid and password. I'm admin on the server and they prompt me and fail? Any ideas on that?

I really hate the idea of re-doing the server just to get this straight.
0
 
nightmare2Commented:
Check your ntfs permissions: the newly created IUSR account has to be on the security access list of your folders/files.
0
 
fhenkelAuthor Commented:
Can you tell me how to go about checking that? I'll admit I'm not a server person at heart... It was fun at first but is quickly becoming a real task.
0
 
fhenkelAuthor Commented:
Additional info: As I mentioned at the start this is a server which was demoted from being the Domain Controller. I then joined it to my home workgroup. I did notice that in the machine name it still says DFH.HOME? is it possible that it still thinks it belongs to the old Domain and that is causing the problem? If so, how would I go about getting it to belong to the HOME workgroup like the other machines?
0
 
nightmare2Commented:
Right click your folder, select Properties, go to Security, add the necessary permissions.
For the name, go to System Properties > Computer Name > Change.
You will see there if it's a member of a domain or a workgroup.
Change accordingly.
0
 
fhenkelAuthor Commented:
Ok, wasn't sure if I was going about it correctly. I did your steps and the sites still prompt for a login. I have installed the MS Authentication and Access Control Diagnostics software and run it. It comes up with almost nothing but red X's across the board? iguess if I could read it properly, I might figure it all out. The problem seems to be with the anonymous login. If I use my name and password I get any of the sites fine. I created a 'test" account and can hit the sites with it also. The software will test each site ans it then produces a XML log file.
0
 
nightmare2Commented:
Right Click on your web site
Select the 'Directory Security' tab
Click 'Edit'
Check 'Enable Anonymous Access'
Browse to the 'IUSR_<machinename>' account
If your NTFS permissions are correct, you shouldn't be prompted anymore.
0
 
fhenkelAuthor Commented:
Already did that and the IUSER_servername is selected. Intergrated Windows Authentication is checked. I've also just synced the Metabase password with that account for all the sites using the adsutil.vbs, still no good. I have a feeling I'm fighting a lost cause. I think it is all that Windows did not "clean up" very well when Demoting the server. I have noticeed that it created another Admin account on the machine also. I now have an Administrator and a Administrator.servername directory under the Documents and Settings folder.All the icons which were on the Admin's Desktop disappeared with the new Admiin account. I had to copy them over from the original Admin folder?? Guess I'll plan the weekend for building a new server. Thanks for all your input on this.
0
 
nightmare2Commented:
Uncheck 'Integrated Windows Authentication'
The Administrator profile is the one created when the server was first installed.
The Administrator.servername was created after the server was demoted.
It's completely normal.
0
 
fhenkelAuthor Commented:
I have unchecked that box on three of the sites and now I do not get prompted but says a http 401 error. We are one step closer at this point, thanks. Looking like a permissions problem?
0
 
nightmare2Commented:
Yes, give your anonymous user at least read permissions on your folders.
0
 
fhenkelAuthor Commented:
I have included the IUSER account at the Upper most directory, all sites are below that, and I checked each site in IIS and Read is checked but still get this error. HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials?
0
 
nightmare2Commented:
Check that the permissions are inherited by the sub directories.
In the directory security authentication tab, make sure that you entered the correct user for anonymous access and the password. If necessary, reset the user's password in computer management AND IIS.
0
 
fhenkelAuthor Commented:
Quick question: When I ran the MS auth & Access Diags, it showed that Kerberos is being used, isn't mostly for within Domains? Any chance that could cause all this? I'm getting dangerous now, I'm actually reading the docs! That item is what threw up all the red flags in the diags.
0
 
fhenkelAuthor Commented:
Here is one line out of the test for Authentication.

must be domain member                    Path:W3SVC
                                                          AuthType:Kerberos
There is no domain any more.
0
 
nightmare2Commented:
Kerberos will be used if you enable Integrated Authentication.
Make sure to deselected it on the root and every virtual directory.
0
 
fhenkelAuthor Commented:
I'm pretty sure I did that already but I'll check again. Would it help if I upload the test results XML file that the Auth & Access Diags saved? You may make more sense out of it then I am.
0
 
fhenkelAuthor Commented:
The problem is fixed, I rebuilt the server and all is working fine now. Thanks for you assistance.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 12
  • 7
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now