Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

IUSR_SERVER Unknown user name or bad password

Posted on 2013-01-16
9
Medium Priority
?
1,292 Views
Last Modified: 2013-01-21
Hi All,
I'd really appreciate some help with this as I'm struggling to get this resolved.
Everyday on the SBS2003 report I receive approx 3000 critical errors in the security log with the following:

Reason: Unknown user name or bad password
  User Name: IUSR_SERVER
  Domain: (hidden)
  Logon Type: 8
  Logon Process: Advapi
  Authentication Package: Negotiate
  Workstation Name: SERVER
  Caller User Name: NETWORK SERVICE
  Caller Domain: NT AUTHORITY
  Caller Logon ID: (0x0,0x3E4)
  Caller Process ID: 17640
  Transited Services: -
  Source Network Address: -
  Source Port: -

The process ID relates to the w3wp.exe service which is running under the Network Service account.
I've reset the username/password as per the instructions here: http://www.howtonetworking.com/Internet/resetpassword.htm and while this fixes it for a few hours, it returns the next day.
Whilst these errors are occuring, I get several login prompts when browsing the RWW - I understand this is because the anonymous access is not working when the IUSR_Server account has a bad password.
Does anybody have any ideas as to how I can fix this please?
0
Comment
Question by:keyuk
  • 3
  • 3
  • 3
9 Comments
 
LVL 7

Expert Comment

by:John Jennings
ID: 38783492
This issue has been addressed in a Microsoft Partner forum, I'm going to give you the link but you might be unable to access it.

http://social.microsoft.com/Forums/en-US/partnerwinserversbs/thread/e77df183-22dc-4f6e-b8d2-bfa3f3990147?prof=required

If you cannot, let me know, and I'll farm the content from the page and place it here.
0
 

Author Comment

by:keyuk
ID: 38783511
Thanks for the response however I am unable to access the link provided so I'd appreciate it if you could let me know the content.
0
 
LVL 7

Accepted Solution

by:
John Jennings earned 1000 total points
ID: 38783531
Please note this is a direct copy and paste, so it may not be in the correct context of your problem, but it appears to be the exact same issue.

From your description, I understand that: Logon failure audit events for the account IUSR_<ServerName> started being logged after you changed its password, and you have already modified Authentication and access control for Default Web Site.
 
Please correct me if I have misunderstood anything.
 
Based on my experience, after changing the password for the IUSR_<ServerName> account, we also need to modify the password for the Default Web Site as well as other related sites which have enabled anonymous access, for example, WSUS Administration. So, I suspect that the issue happens because not all the associated web sites have configured to use the new password.
 
To try to fix the issue, please perform these steps, which will first reset the password and then update it to all the related web sites in IIS :
 
1. To reset the password for the IUSR_ComputerName account, run the following commands at a Command Prompt in sequence:
cd c:\inetpub\adminscripts
cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password"
 
Note that password is the password that you have changed for the IUSR_ComputerName account.
 
2. Update the starting identity of all IIS COM+ application packages by typing the following at the command prompt:
 
cscript.exe synciwam.vbs -v
Note: You may need to restart IIS for all changes to take effect. To restart IIS, click Start, click Run, type iisreset, and then click OK.

Give these steps a shot here, and let me know what you find.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Assisted Solution

by:cpmcomputers
cpmcomputers earned 1000 total points
ID: 38783551
You might want to work through this again

Ensure item 2) is covered It look like something is resetting the password?



I figured out the problem. I am unsure at this point if the problem caused or was being caused by a problem with OWA but OWA went down recently. I was able to resolve the issue by manually resetting the IUSR and IWAN accounts, and then syncing the two with a standard MS VB script included within the IIS/Server 2003 system directory. Below is a copy of the instructions I followed to do that.

1)  Open AD Users & Computers.  Expand the Users OU, right-click on the IUSR_<servername> account and select 'Reset password'  Reset the password to anything you want (however, it can't be blank).


2)  Open this User Account's properties and verify that the account is not locked out  :^)  Also, make sure that 'Password never expires' and 'User cannot change password' are selected.


3)  Repeat steps 1 & 2 for the IWAM_<servername> account.  Close AD Users & Computers.


4)  Open Internet Information Services  (Start | Administrative Tools)


5)  Expand <servername> | Web Sites


6)  Right-click on 'Default Web Site' and select Properties.


7)  Go to the 'Directory Security' tab and click the Edit button under 'Authentication & Access Control'


8)  Enter the new password for the IUSR_<servername> account and click OK.


9)  Enter the password again to confirm and click OK.


10) Click OK.


11)  Open a command prompt and enter  iisreset


12)  At the command prompt, enter the following commands:
        cd c:\inetpub\adminscripts
        adsutil SET w3svc/WAMUserPass <password>    (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
        c:\windows\system32\cscript.exe "c:\inetpub\adminscripts\synciwam.vbs" -v
        iisreset

Voila!  That should fix you right up . . .    :^)
0
 

Author Comment

by:keyuk
ID: 38783597
Thanks  JohnThePro and cpmcomputers, both your answers are pretty much the same so I've followed through the instructions. I think I've done most of that before except the synciwam.vbs script which is possibly where I'd been going wrong.
I'll let you know if the errors stop in a couple of days.
Thanks for your help.
0
 
LVL 7

Expert Comment

by:John Jennings
ID: 38783599
Please let us know! Thanks! :)
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38783626
Sorry our posts seem to have overlapped

The last step is critical in syncing both passwords (Iuser and Iwam) in active directory and IIS

Hopefully the devil is in the detail here

Let us know how you go - Cheers
0
 

Author Comment

by:keyuk
ID: 38800601
Thanks guys, this has solved the issue.
0
 
LVL 10

Expert Comment

by:cpmcomputers
ID: 38800611
good job !
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Loops Section Overview
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question