I have a web server (IIS) that hosts a number of different web applications (mainly ASP code) that are accessed by users on my intranet.
In IIS, the "Directory Security" properties for the virtual directories have "Allow anonymous ..." and "Integrated Windows authentication ..." ticked. If I untick "Integrated Windows auth .." no one can access the apps.
Users in my domain are able to access these web applications without a problem, but users on other domains (they have access to our intranet environment) are requested to authenticate themselves when trying to access these apps (they get a pop up box requesting them to enter in their Windows credentials).
I've checked the IIS settings and rights on the folder where the code is located and it all seems fine (app pool is running under NETWORK SERVICE and the IUSR_servername & EVERYONE & NETWORK SERVICE are added to the folder).
I've checked the default permissions configured for IIS according to the Microsoft site and these seems to be correct.
I ran IIS Authentication & Access Diagnostics tools and found errors related to AnonymousPasswordSync as well as there being errors in the event log for "Failed to Impersonate the anonymous user for ASP application".
From what I've read on the internet about this symptom is that it seems to be a problem with the password for the IUSR_servername (used for anonymous authentication) as it could be out of sync with Metabase or IIS or something.
I'm not too keen on playing around with the Metabase.xml file or resetting the password for IUSR_servername.
I'm really stumped on how to proceed to get this resolved.
Please can someone help me out as I'm so frustrated with this - been trying to get it working since Jan 2009 & still no where!!