Solved

IUSR_SERVER Unknown user name or bad password

Posted on 2013-01-16
9
1,184 Views
Last Modified: 2013-01-21
Hi All,
I'd really appreciate some help with this as I'm struggling to get this resolved.
Everyday on the SBS2003 report I receive approx 3000 critical errors in the security log with the following:

Reason: Unknown user name or bad password
  User Name: IUSR_SERVER
  Domain: (hidden)
  Logon Type: 8
  Logon Process: Advapi
  Authentication Package: Negotiate
  Workstation Name: SERVER
  Caller User Name: NETWORK SERVICE
  Caller Domain: NT AUTHORITY
  Caller Logon ID: (0x0,0x3E4)
  Caller Process ID: 17640
  Transited Services: -
  Source Network Address: -
  Source Port: -

The process ID relates to the w3wp.exe service which is running under the Network Service account.
I've reset the username/password as per the instructions here: http://www.howtonetworking.com/Internet/resetpassword.htm and while this fixes it for a few hours, it returns the next day.
Whilst these errors are occuring, I get several login prompts when browsing the RWW - I understand this is because the anonymous access is not working when the IUSR_Server account has a bad password.
Does anybody have any ideas as to how I can fix this please?
0
Comment
Question by:keyuk
  • 3
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:JohnThePro
ID: 38783492
This issue has been addressed in a Microsoft Partner forum, I'm going to give you the link but you might be unable to access it.

http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/e77df183-22dc-4f6e-b8d2-bfa3f3990147?prof=required

If you cannot, let me know, and I'll farm the content from the page and place it here.
0
 

Author Comment

by:keyuk
ID: 38783511
Thanks for the response however I am unable to access the link provided so I'd appreciate it if you could let me know the content.
0
 
LVL 7

Accepted Solution

by:
JohnThePro earned 250 total points
ID: 38783531
Please note this is a direct copy and paste, so it may not be in the correct context of your problem, but it appears to be the exact same issue.

From your description, I understand that: Logon failure audit events for the account IUSR_<ServerName> started being logged after you changed its password, and you have already modified Authentication and access control for Default Web Site.
 
Please correct me if I have misunderstood anything.
 
Based on my experience, after changing the password for the IUSR_<ServerName> account, we also need to modify the password for the Default Web Site as well as other related sites which have enabled anonymous access, for example, WSUS Administration. So, I suspect that the issue happens because not all the associated web sites have configured to use the new password.
 
To try to fix the issue, please perform these steps, which will first reset the password and then update it to all the related web sites in IIS :
 
1. To reset the password for the IUSR_ComputerName account, run the following commands at a Command Prompt in sequence:
cd c:\inetpub\adminscripts
cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password"
 
Note that password is the password that you have changed for the IUSR_ComputerName account.
 
2. Update the starting identity of all IIS COM+ application packages by typing the following at the command prompt:
 
cscript.exe synciwam.vbs -v
Note: You may need to restart IIS for all changes to take effect. To restart IIS, click Start, click Run, type iisreset, and then click OK.

Give these steps a shot here, and let me know what you find.
0
 
LVL 10

Assisted Solution

by:cpmcomputers
cpmcomputers earned 250 total points
ID: 38783551
You might want to work through this again

Ensure item 2) is covered It look like something is resetting the password?



I figured out the problem. I am unsure at this point if the problem caused or was being caused by a problem with OWA but OWA went down recently. I was able to resolve the issue by manually resetting the IUSR and IWAN accounts, and then syncing the two with a standard MS VB script included within the IIS/Server 2003 system directory. Below is a copy of the instructions I followed to do that.

1)  Open AD Users & Computers.  Expand the Users OU, right-click on the IUSR_<servername> account and select 'Reset password'  Reset the password to anything you want (however, it can't be blank).


2)  Open this User Account's properties and verify that the account is not locked out  :^)  Also, make sure that 'Password never expires' and 'User cannot change password' are selected.


3)  Repeat steps 1 & 2 for the IWAM_<servername> account.  Close AD Users & Computers.


4)  Open Internet Information Services  (Start | Administrative Tools)


5)  Expand <servername> | Web Sites


6)  Right-click on 'Default Web Site' and select Properties.


7)  Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'


8)  Enter the new password for the IUSR_<servername> account and click OK.


9)  Enter the password again to confirm and click OK.


10) Click OK.


11)  Open a command prompt and enter  iisreset


12)  At the command prompt, enter the following commands:
        cd c:\inetpub\adminscripts
        adsutil SET w3svc/WAMUserPass <password>    (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
        c:\windows\system32\cscript.exe "c:\inetpub\adminscripts\synciwam.vbs" -v
        iisreset

Voila!  That should fix you right up . . .    :^)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:keyuk
ID: 38783597
Thanks  JohnThePro and cpmcomputers, both your answers are pretty much the same so I've followed through the instructions. I think I've done most of that before except the synciwam.vbs script which is possibly where I'd been going wrong.
I'll let you know if the errors stop in a couple of days.
Thanks for your help.
0
 
LVL 7

Expert Comment

by:JohnThePro
ID: 38783599
Please let us know! Thanks! :)
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38783626
Sorry our posts seem to have overlapped

The last step is critical in syncing both passwords (Iuser and Iwam) in active directory and IIS

Hopefully the devil is in the detail here

Let us know how you go - Cheers
0
 

Author Comment

by:keyuk
ID: 38800601
Thanks guys, this has solved the issue.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38800611
good job !
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now