Solved

IUSR_SERVER Unknown user name or bad password

Posted on 2013-01-16
9
1,200 Views
Last Modified: 2013-01-21
Hi All,
I'd really appreciate some help with this as I'm struggling to get this resolved.
Everyday on the SBS2003 report I receive approx 3000 critical errors in the security log with the following:

Reason: Unknown user name or bad password
  User Name: IUSR_SERVER
  Domain: (hidden)
  Logon Type: 8
  Logon Process: Advapi
  Authentication Package: Negotiate
  Workstation Name: SERVER
  Caller User Name: NETWORK SERVICE
  Caller Domain: NT AUTHORITY
  Caller Logon ID: (0x0,0x3E4)
  Caller Process ID: 17640
  Transited Services: -
  Source Network Address: -
  Source Port: -

The process ID relates to the w3wp.exe service which is running under the Network Service account.
I've reset the username/password as per the instructions here: http://www.howtonetworking.com/Internet/resetpassword.htm and while this fixes it for a few hours, it returns the next day.
Whilst these errors are occuring, I get several login prompts when browsing the RWW - I understand this is because the anonymous access is not working when the IUSR_Server account has a bad password.
Does anybody have any ideas as to how I can fix this please?
0
Comment
Question by:keyuk
  • 3
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:JohnThePro
ID: 38783492
This issue has been addressed in a Microsoft Partner forum, I'm going to give you the link but you might be unable to access it.

http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/e77df183-22dc-4f6e-b8d2-bfa3f3990147?prof=required

If you cannot, let me know, and I'll farm the content from the page and place it here.
0
 

Author Comment

by:keyuk
ID: 38783511
Thanks for the response however I am unable to access the link provided so I'd appreciate it if you could let me know the content.
0
 
LVL 7

Accepted Solution

by:
JohnThePro earned 250 total points
ID: 38783531
Please note this is a direct copy and paste, so it may not be in the correct context of your problem, but it appears to be the exact same issue.

From your description, I understand that: Logon failure audit events for the account IUSR_<ServerName> started being logged after you changed its password, and you have already modified Authentication and access control for Default Web Site.
 
Please correct me if I have misunderstood anything.
 
Based on my experience, after changing the password for the IUSR_<ServerName> account, we also need to modify the password for the Default Web Site as well as other related sites which have enabled anonymous access, for example, WSUS Administration. So, I suspect that the issue happens because not all the associated web sites have configured to use the new password.
 
To try to fix the issue, please perform these steps, which will first reset the password and then update it to all the related web sites in IIS :
 
1. To reset the password for the IUSR_ComputerName account, run the following commands at a Command Prompt in sequence:
cd c:\inetpub\adminscripts
cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password"
 
Note that password is the password that you have changed for the IUSR_ComputerName account.
 
2. Update the starting identity of all IIS COM+ application packages by typing the following at the command prompt:
 
cscript.exe synciwam.vbs -v
Note: You may need to restart IIS for all changes to take effect. To restart IIS, click Start, click Run, type iisreset, and then click OK.

Give these steps a shot here, and let me know what you find.
0
 
LVL 10

Assisted Solution

by:cpmcomputers
cpmcomputers earned 250 total points
ID: 38783551
You might want to work through this again

Ensure item 2) is covered It look like something is resetting the password?



I figured out the problem. I am unsure at this point if the problem caused or was being caused by a problem with OWA but OWA went down recently. I was able to resolve the issue by manually resetting the IUSR and IWAN accounts, and then syncing the two with a standard MS VB script included within the IIS/Server 2003 system directory. Below is a copy of the instructions I followed to do that.

1)  Open AD Users & Computers.  Expand the Users OU, right-click on the IUSR_<servername> account and select 'Reset password'  Reset the password to anything you want (however, it can't be blank).


2)  Open this User Account's properties and verify that the account is not locked out  :^)  Also, make sure that 'Password never expires' and 'User cannot change password' are selected.


3)  Repeat steps 1 & 2 for the IWAM_<servername> account.  Close AD Users & Computers.


4)  Open Internet Information Services  (Start | Administrative Tools)


5)  Expand <servername> | Web Sites


6)  Right-click on 'Default Web Site' and select Properties.


7)  Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'


8)  Enter the new password for the IUSR_<servername> account and click OK.


9)  Enter the password again to confirm and click OK.


10) Click OK.


11)  Open a command prompt and enter  iisreset


12)  At the command prompt, enter the following commands:
        cd c:\inetpub\adminscripts
        adsutil SET w3svc/WAMUserPass <password>    (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
        c:\windows\system32\cscript.exe "c:\inetpub\adminscripts\synciwam.vbs" -v
        iisreset

Voila!  That should fix you right up . . .    :^)
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Author Comment

by:keyuk
ID: 38783597
Thanks  JohnThePro and cpmcomputers, both your answers are pretty much the same so I've followed through the instructions. I think I've done most of that before except the synciwam.vbs script which is possibly where I'd been going wrong.
I'll let you know if the errors stop in a couple of days.
Thanks for your help.
0
 
LVL 7

Expert Comment

by:JohnThePro
ID: 38783599
Please let us know! Thanks! :)
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38783626
Sorry our posts seem to have overlapped

The last step is critical in syncing both passwords (Iuser and Iwam) in active directory and IIS

Hopefully the devil is in the detail here

Let us know how you go - Cheers
0
 

Author Comment

by:keyuk
ID: 38800601
Thanks guys, this has solved the issue.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38800611
good job !
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now