[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 540
  • Last Modified:

IUSR accounts not working for anonymous access on all servers in domain

I'm running a domain made of up multiple servers, all which host websites that are configured to have anonymous access through IIS.  They all use the IUSR built in accounts have an IIS control the password.  Last week, all the sites started to prompt for a userid and password where they never did in the past.  IIS appears to be configured properly, and I tried to restore the IIS metabase back to a date where it worked, but this had no effect.  I was thinking about deleting the IUSR accounts and trying an active directory account instead.  Anyone know what would have caused this or how to fix it?
Thanks!  
0
RSSIAdmin
Asked:
RSSIAdmin
  • 3
  • 2
4 Solutions
 
Ted BouskillSenior Software DeveloperCommented:
This has nothing to do with the account the application pool is running under.  The only reason the website will ask for authentication is because 'Windows or Basic' authentication was turned on for the website itself.  Something in the front-end is asking for the authentication.

Even references to objects on another site that isn't anonymous will trigger the authentication dialog.
0
 
RSSIAdminAuthor Commented:
Thanks for the info.  I did change one of my sites to use an AD account and it that stie stopped prompting, which is very confusing.  I'm starting to wonder now if something got changed on the domain controller, maybe in the group policy that would have caused this.  
0
 
Ted BouskillSenior Software DeveloperCommented:
Hmm, I'm not aware of any GPO setting that would change the authentication for a website, however, it is quite versatile so it might be able to do it.
0
[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

 
RSSIAdminAuthor Commented:
My servers are "operational" beacuse I switched to the AD accounts as opposed to the built-in IUSR, but I am still trying to determine what would have caused this.  Any ideas?
0
 
NetocratCommented:
IIS Passwords Sync freeware program from http://www.hoststools.com/ will save your day. :)
0
 
Ted BouskillSenior Software DeveloperCommented:
OK, for one the IUSR accounts are remnants from IIS 5.1 and are only used in IIS 6 if you switch a site to IIS 5.x compatibility mode.  Otherwise they run as the accounts defined in the identity tabs for the application pools.

However, what you need to understand is that the worker process authentication is completely different than the front end-authentication.   If you're users are being challenged to access the website it is something configured for the site authentication.
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now