MS Internet Information Server user login problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

GS3

Thread Starter
Joined
Dec 25, 2006
Messages
369
I am totally new to web servers and decided to give MS Internet Information Server 5.1 a try since it is included with Win XP PRO. So, I am trying to set up MS Internet Information Server for HTML but when I try to access the server from a client machine I get an error that either I do not have permission to access or I am asked for user name and password which I have no idea.

I go to the Default Website Properties, Directory Security, Anonymous Access, Edit and check "Anonymous Access" which I would think would be enough to serve pages without further questions but there is still a User Name, prefilled in as "IUSR_AAA" and a Password filled in with dots which I have no idea what password they represent. There is also a check box "Allow IIS to control passwordI have no idea how I should configure all this. I have tried several combinations and nothing works. Can someone explain this to me? How should this be configured to serve pages openly or to require a log in?

In the event log I see "The server was unable to logon the Windows NT account 'IUSR_AAA' due to the following error: Logon failure: unknown user name or bad password. The data is the error code. "

Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 3/31/2008
Time: 10:50:48 AM
User: N/A
Computer: AAA
Description:
The server was unable to logon the Windows NT account 'IUSR_AAA' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 00 00 ....
It seems the issue is rather complex

http://support.microsoft.com/kb/216828/en-us

Password Synchronization/Allow IIS to Control Password May Cause Problems

When you use Anonymous authentication in IIS, you have the option to either use "Enable Automatic Password Synchronization" (IIS 4.0) or to "Allow IIS to Control Password" (IIS 5.0). This can make administering a Web server using anonymous users much easier, but it does have a distinctive drawback, which this article discusses.

When you allow IIS to control the password, what seems to take place, and what actually takes place are two different things. It would seem that the password is checked, and if the password in IIS differs from Windows NT, the password should be "fixed." The way it actually works changes the way authentication is performed.

Authentication is performed differently when this option is enabled because IIS informs Windows that the password is correct. A subauthenticator performs this task. Windows allows a subauthenticator (implemented as subauthentication DLLs) to be used in conjunction with the normal Windows authentication system.

A subauthentication DLL allows the authentication and validation criteria stored in the Windows user account database to be replaced. For instance, a particular server might supply a subauthentication DLL that validates a user's password through a different algorithm, uses a different granularity of logon hours, or specifies workstation restrictions in a different format. All of this can be accomplished using subauthentication DLLs without sacrificing the use of the Windows user account database and losing its administration tools.
http://support.microsoft.com/kb/218756/EN-US/

Logon Privileges Required for Anonymous Access

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
SUMMARY
Prior to IIS version 4.0, the administrator had to make sure the anonymous user account passwords were the same in both the IIS Administration tool and the Windows User Manager. Failure to do so lead to logon failures. To solve this dilemma and make administration easier, Password Synchronization was introduced in IIS 4.0.

Password synchronization uses a slightly different logon method (explained in a moment) that has some side effects. By default, this option is enabled
....
I am just trying to learn the basics but this may be more complex than I am willing to deal with. In any case, if I ever wanted to have my own server I would probably host it on its own dedicated machine so that I did not have to worry about other stuff on the machine.
 

GS3

Thread Starter
Joined
Dec 25, 2006
Messages
369
I was using a different machine because I wanted to be sure that it was really working and I was not fooling myself thinking they were wroking when in reality they might not. I have since experimented and found that using http://localhost/ in the same machine yields the same results.

I have to admit I do not understand well how the entire authentication process works and it seems more complex than it is worth.

Those articles recommend upgrading to IIS 6 which only runs on Windows Server and not on XP. Since I am only playing around for the sake of learning I think that if I were ever to set up a real server open to the WWW then I would host it in its own machine so that there was no other important information there which could be compromised.

I still do not understand the authentication process or what the "let IIS manage the password" does.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top