IIS help needed please...
This is a discussion about IIS help needed please... in the Windows Software category; We've got a machine running Win2K server and IIS 5 and it's been running quite happily for a while, but it has recently developed an annoying problem. The web services are no longer working properly.
We've got a machine running Win2K server and IIS 5 and it's been running quite happily for a while, but it has recently developed an annoying problem.
The web services are no longer working properly. When you try and view a page on the server, you get HTTP 500: Internal Server error. This happens on all pages on the server, regardless of how you try and address the server (hostname, IP address, 127.0.0.1).
According to the Event Log, the IUSR_machinename account can not log on to the local machine. The properties of the IUSR user account seem fine, and if I look in the Directory Security section of the website, and select the IUSR account as the anoymous one, it says that "password synchronisation is not supported with non-local accounts" when I tick the "allow IIS to control password" box. The account is local to the machine, so I have no idea what IIS is talking about.
We run a Novell network, and there are no AD/PDC/BDC servers on our network.
The FTP part of the site is still running fine. The MS Knowledgebase isn't much help, and the server is fully patched.
The full System Event Log message is as follows:
Quote:Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 30/10/2001
Time: 12:22:47
User: N/A
Computer: name
Description:
The server was unable to logon the Windows NT account 'name\IUSR_name' due to the following error: Logon failure: user not allowed to log on to this computer. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Data:
0000: 31 05 00 00 1...
Unfortunately the URL given above does not work.
The Security Event Log shows the following:
Quote:Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 533
Date: 30/10/2001
Time: 12:22:47
User: NT AUTHORITY\SYSTEM
Computer: name
Description:
Logon Failure:
Reason: User not allowed to logon at this computer
User Name: IUSR_name
Domain: name
Logon Type: 3
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: name
Where I have typed name in the above log messages, it reads the machine name in the event log. I'm slightly confused with the Domain section in the security log, as the machine is actually part of a workgroup (as we don't use domains).
If anyone can shed some light on this, it would be greatly appreciated.
The web services are no longer working properly. When you try and view a page on the server, you get HTTP 500: Internal Server error. This happens on all pages on the server, regardless of how you try and address the server (hostname, IP address, 127.0.0.1).
According to the Event Log, the IUSR_machinename account can not log on to the local machine. The properties of the IUSR user account seem fine, and if I look in the Directory Security section of the website, and select the IUSR account as the anoymous one, it says that "password synchronisation is not supported with non-local accounts" when I tick the "allow IIS to control password" box. The account is local to the machine, so I have no idea what IIS is talking about.
We run a Novell network, and there are no AD/PDC/BDC servers on our network.
The FTP part of the site is still running fine. The MS Knowledgebase isn't much help, and the server is fully patched.
The full System Event Log message is as follows:
Quote:Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 30/10/2001
Time: 12:22:47
User: N/A
Computer: name
Description:
The server was unable to logon the Windows NT account 'name\IUSR_name' due to the following error: Logon failure: user not allowed to log on to this computer. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Data:
0000: 31 05 00 00 1...
Unfortunately the URL given above does not work.
The Security Event Log shows the following:
Quote:Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 533
Date: 30/10/2001
Time: 12:22:47
User: NT AUTHORITY\SYSTEM
Computer: name
Description:
Logon Failure:
Reason: User not allowed to logon at this computer
User Name: IUSR_name
Domain: name
Logon Type: 3
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: name
Where I have typed name in the above log messages, it reads the machine name in the event log. I'm slightly confused with the Domain section in the security log, as the machine is actually part of a workgroup (as we don't use domains).
If anyone can shed some light on this, it would be greatly appreciated.
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Oct 30
Oct 30
0
5 minutes
Responses to this topic
OP
Right, after some investigation, it seems as if the Log On Locally ppolicy isn't in place properly.
If I look at the settings for the IUSR account, the Log on Locally box is ticked for Local Policy, but it is unticked in the Effective Policy Setting column. I think this is the cause of my problem. I just don't know how to fix it though.
If I look at the settings for the IUSR account, the Log on Locally box is ticked for Local Policy, but it is unticked in the Effective Policy Setting column. I think this is the cause of my problem. I just don't know how to fix it though.
Has anybody been fiddling with policies on that system? How about testing policies in general?
Here is some information on Group Policy settings and deployment:
http://www.microsoft.com/technet/treevie...rt4/dsgch22.asp
Here is some information on Group Policy settings and deployment:
http://www.microsoft.com/technet/treevie...rt4/dsgch22.asp
OP
Thanks, but most of our users are monkeys that don't know what they're doing, so I doubt they would fiddle with stuff. I have tried to instill the fear of God into them if they do, so I doubt a user has changed the settings.
Most of this Policy stuff is gibberish to me. Because we only use Win2K servers for running IIS and nothing else, everything should be done on a local basis rather than using Group Policy objects which (from what I can make out) you set on the server and propogate out to users and machines.
After some fiddling and rebooting, I now have a tick in both boxes of "log on locally" for the IUSR account. It still doesn't work, and the Event Log is still showing 'the user is not able to log onto the machine'.
To say I'm confused is an understatement
Most of this Policy stuff is gibberish to me. Because we only use Win2K servers for running IIS and nothing else, everything should be done on a local basis rather than using Group Policy objects which (from what I can make out) you set on the server and propogate out to users and machines.
After some fiddling and rebooting, I now have a tick in both boxes of "log on locally" for the IUSR account. It still doesn't work, and the Event Log is still showing 'the user is not able to log onto the machine'.
To say I'm confused is an understatement
Did you recently run any of IIS securing utilities (hisec template, URLScan, IISLockdown)?
OP
Nope. Aha, one thing has come to light. Access 2000 was kind of installed on the machine on Friday.
I say kind of because apparnetly the machine crashed part way through the install. It's possible that it overwrote some files during the install, but because it didn't finish properly, the machine is a bit confused.
I'm going to try uninstalling IIS, deleting the IUSR account, and then reinstalling IIS.
Hopefully it will reacreate the IUSR account with the required permissions.
I say kind of because apparnetly the machine crashed part way through the install. It's possible that it overwrote some files during the install, but because it didn't finish properly, the machine is a bit confused.
I'm going to try uninstalling IIS, deleting the IUSR account, and then reinstalling IIS.
Hopefully it will reacreate the IUSR account with the required permissions.
