IUSR accounts not working for anonymous access on all servers in domain

I'm running a domain made of up multiple servers, all which host websites that are configured to have anonymous access through IIS.  They all use the IUSR built in accounts have an IIS control the password.  Last week, all the sites started to prompt for a userid and password where they never did in the past.  IIS appears to be configured properly, and I tried to restore the IIS metabase back to a date where it worked, but this had no effect.  I was thinking about deleting the IUSR accounts and trying an active directory account instead.  Anyone know what would have caused this or how to fix it?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ted BouskillSenior Software DeveloperCommented:
This has nothing to do with the account the application pool is running under.  The only reason the website will ask for authentication is because 'Windows or Basic' authentication was turned on for the website itself.  Something in the front-end is asking for the authentication.

Even references to objects on another site that isn't anonymous will trigger the authentication dialog.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RSSIAdminAuthor Commented:
Thanks for the info.  I did change one of my sites to use an AD account and it that stie stopped prompting, which is very confusing.  I'm starting to wonder now if something got changed on the domain controller, maybe in the group policy that would have caused this.  
Ted BouskillSenior Software DeveloperCommented:
Hmm, I'm not aware of any GPO setting that would change the authentication for a website, however, it is quite versatile so it might be able to do it.
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

RSSIAdminAuthor Commented:
My servers are "operational" beacuse I switched to the AD accounts as opposed to the built-in IUSR, but I am still trying to determine what would have caused this.  Any ideas?
IIS Passwords Sync freeware program from http://www.hoststools.com/ will save your day. :)
Ted BouskillSenior Software DeveloperCommented:
OK, for one the IUSR accounts are remnants from IIS 5.1 and are only used in IIS 6 if you switch a site to IIS 5.x compatibility mode.  Otherwise they run as the accounts defined in the identity tabs for the application pools.

However, what you need to understand is that the worker process authentication is completely different than the front end-authentication.   If you're users are being challenged to access the website it is something configured for the site authentication.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.