Solved

IUSR_SERVER Unknown user name or bad password

Posted on 2013-01-16
9
1,234 Views
Last Modified: 2013-01-21
Hi All,
I'd really appreciate some help with this as I'm struggling to get this resolved.
Everyday on the SBS2003 report I receive approx 3000 critical errors in the security log with the following:

Reason: Unknown user name or bad password
  User Name: IUSR_SERVER
  Domain: (hidden)
  Logon Type: 8
  Logon Process: Advapi
  Authentication Package: Negotiate
  Workstation Name: SERVER
  Caller User Name: NETWORK SERVICE
  Caller Domain: NT AUTHORITY
  Caller Logon ID: (0x0,0x3E4)
  Caller Process ID: 17640
  Transited Services: -
  Source Network Address: -
  Source Port: -

The process ID relates to the w3wp.exe service which is running under the Network Service account.
I've reset the username/password as per the instructions here: http://www.howtonetworking.com/Internet/resetpassword.htm and while this fixes it for a few hours, it returns the next day.
Whilst these errors are occuring, I get several login prompts when browsing the RWW - I understand this is because the anonymous access is not working when the IUSR_Server account has a bad password.
Does anybody have any ideas as to how I can fix this please?
0
Comment
Question by:keyuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:John Jennings
ID: 38783492
This issue has been addressed in a Microsoft Partner forum, I'm going to give you the link but you might be unable to access it.

http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/e77df183-22dc-4f6e-b8d2-bfa3f3990147?prof=required

If you cannot, let me know, and I'll farm the content from the page and place it here.
0
 

Author Comment

by:keyuk
ID: 38783511
Thanks for the response however I am unable to access the link provided so I'd appreciate it if you could let me know the content.
0
 
LVL 7

Accepted Solution

by:
John Jennings earned 250 total points
ID: 38783531
Please note this is a direct copy and paste, so it may not be in the correct context of your problem, but it appears to be the exact same issue.

From your description, I understand that: Logon failure audit events for the account IUSR_<ServerName> started being logged after you changed its password, and you have already modified Authentication and access control for Default Web Site.
 
Please correct me if I have misunderstood anything.
 
Based on my experience, after changing the password for the IUSR_<ServerName> account, we also need to modify the password for the Default Web Site as well as other related sites which have enabled anonymous access, for example, WSUS Administration. So, I suspect that the issue happens because not all the associated web sites have configured to use the new password.
 
To try to fix the issue, please perform these steps, which will first reset the password and then update it to all the related web sites in IIS :
 
1. To reset the password for the IUSR_ComputerName account, run the following commands at a Command Prompt in sequence:
cd c:\inetpub\adminscripts
cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password"
 
Note that password is the password that you have changed for the IUSR_ComputerName account.
 
2. Update the starting identity of all IIS COM+ application packages by typing the following at the command prompt:
 
cscript.exe synciwam.vbs -v
Note: You may need to restart IIS for all changes to take effect. To restart IIS, click Start, click Run, type iisreset, and then click OK.

Give these steps a shot here, and let me know what you find.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Assisted Solution

by:cpmcomputers
cpmcomputers earned 250 total points
ID: 38783551
You might want to work through this again

Ensure item 2) is covered It look like something is resetting the password?



I figured out the problem. I am unsure at this point if the problem caused or was being caused by a problem with OWA but OWA went down recently. I was able to resolve the issue by manually resetting the IUSR and IWAN accounts, and then syncing the two with a standard MS VB script included within the IIS/Server 2003 system directory. Below is a copy of the instructions I followed to do that.

1)  Open AD Users & Computers.  Expand the Users OU, right-click on the IUSR_<servername> account and select 'Reset password'  Reset the password to anything you want (however, it can't be blank).


2)  Open this User Account's properties and verify that the account is not locked out  :^)  Also, make sure that 'Password never expires' and 'User cannot change password' are selected.


3)  Repeat steps 1 & 2 for the IWAM_<servername> account.  Close AD Users & Computers.


4)  Open Internet Information Services  (Start | Administrative Tools)


5)  Expand <servername> | Web Sites


6)  Right-click on 'Default Web Site' and select Properties.


7)  Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'


8)  Enter the new password for the IUSR_<servername> account and click OK.


9)  Enter the password again to confirm and click OK.


10) Click OK.


11)  Open a command prompt and enter  iisreset


12)  At the command prompt, enter the following commands:
        cd c:\inetpub\adminscripts
        adsutil SET w3svc/WAMUserPass <password>    (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
        c:\windows\system32\cscript.exe "c:\inetpub\adminscripts\synciwam.vbs" -v
        iisreset

Voila!  That should fix you right up . . .    :^)
0
 

Author Comment

by:keyuk
ID: 38783597
Thanks  JohnThePro and cpmcomputers, both your answers are pretty much the same so I've followed through the instructions. I think I've done most of that before except the synciwam.vbs script which is possibly where I'd been going wrong.
I'll let you know if the errors stop in a couple of days.
Thanks for your help.
0
 
LVL 7

Expert Comment

by:John Jennings
ID: 38783599
Please let us know! Thanks! :)
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38783626
Sorry our posts seem to have overlapped

The last step is critical in syncing both passwords (Iuser and Iwam) in active directory and IIS

Hopefully the devil is in the detail here

Let us know how you go - Cheers
0
 

Author Comment

by:keyuk
ID: 38800601
Thanks guys, this has solved the issue.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38800611
good job !
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
aws pricing 2 86
Migrating from SBS - cont 17 111
roaming profiles windows server 2016 8 216
Install network Solutions's SSL certificate on SBS 2011 2 39
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question