Built-In IUSR_COMPUTERNAME IIS / WEB site issues

Posted on 2009-04-16
Last Modified: 2013-12-04
2k3 IIS 6.0 hosting one website of a CRM app. Client app reporting "cant find".   Narrowed this down to 401.3 acl and then as of late intermittent change between that error and the 401.1 user/pw issue.

1st time, after not changes/reboot to svr for over 2 wks, client app reports "can't find site". The IIS built in local IUSR_Computername is what's being used for anonymous access.  Restarting svr no change, resetting the default guests IUSR pw and reapplying to directory sec of www in IIS didn't help, using vb script to find built in pw and change didn't help,  reinstalling IIS fresh didn't work either, finally created another IUSR_madeupID add as part of "USERS" group only then used that for the site in IIS clicking ok.  Went back to comp mgnt and changed the ISUR_madeupID to Guests only and site worked.  Fix lasted until late/later that day.

Next time I followed same immediate steps above but this time leaving the Iusr_madeupID in the local users group, and restarting IIS, never putting it back to guests only group.  Site worked.  THis lated until next a.m. when I checked before office hours at 6 a.m

Since behavior keeps occuring and so far I can not truly see a pattern, but yesterday noticed that the IUsr_madupID has NOTHING IN USERS 'MEMBER OF' TAB when site errored out.  Now I am no longer clear on what error in IE i'm getting lastly, the  401.3 it's always been or 401.1 that I've seen a couple of times, will be paying closer attention now.

Any input especially on the "members of" screen being cleared out.  I'm about to call MS support and pay whatever fee....

Thanks, Anxious!!!
Question by:dee30
    LVL 51

    Assisted Solution

    A web application has two levels of security.  One is who is allowed to access a site, the other is AFTER the user has accessed the site and determines what right the code executing the page request has. The first is web page authentication, the other is web application process authentication.

    OK, the IUSER_ account is used when a website is set to anonymous to access system resources which means web page authentication is successful.

    HTTP 401 errors are web page authentication.  So, that means your errors are from accessing the web site, not the web process authentication.

    Did somebody change the IIS settings for Authentication?  Did someone remove the host header entry for the website?
    LVL 22

    Accepted Solution

    did you change the name of the server at any point?
    This sounds like a password sync option within IIS.
    There is a script that comes with IIS that you can run to re-sync the passwords.
    Try running ...
    *** you might need to run it as ...
    cscript c:\Inetpub\AdminScripts\synciwam.vbs

    If you get an error on this then check out this page ...

    You can try this also ...

    Author Comment

    k, in the middle of the morning work day the site was inaccessible again by my users.  I checked the iusr_ImadeiD and the 'member of' tab was empty where it had users in there before.  I added users group(local) to it again, went into website directory sec and clicked okay only, but site still inaccesible with HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. So, I restarted IIS and all was accessible again.   This time it was the original 401.3 error for certain.  THis is driving me crazy and causing major interference in our smooth work day use.

    Okay, I'm not IIS guru, I usually set it up as part of something else I need to administer and then leave it alone so besides the local guests and users group(latter having Bypass Traverse Checking in addition to read/execute), what membership type user can I use for anonymous access in the directory sec?  This is a CRM app behind the firewall in a single forest/domain.  THe crm client point to the and our customers can also access the site externally to log calls, etc...  

    Thanks !  

    Author Comment

    cj_1969  You MS article link is and the sync reset script is referencing this for IWAM_computer issues.   Am am not IIS proficient, but my issue is with the iusr_computername default guest account local to the 2k3 iis 6.0 server.  Also, there is a iwam_computername local user, while I do not know where by defualt that is used in IIS or the reason.   Again, per my immediatley above post maybe others can give me some insight, just for my fyi, on what type of alternate user I could use for anonymous and that users membership to local vs dc.  Ultimately, I kno the iusr_computername default guests user is what was set and therefore what is acceptable, but I am unclear on deviating from that or a duplicate iuser i manually create left only in users group vs added to guests group and used for the iis site for anonymous logon .


    Author Comment

    Thanks for taking the time.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now