|
Home > Archive > IIS Server > January 2004 > IIS6 vs IIS5 (app no longer works)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS6 vs IIS5 (app no longer works)
|
|
|
| Hello;
We have a custom application that uses http to
communicate from a workstation to an IIS server - the app
basically takes over Windows authentication (GinaDLL),
and authenticates the user through a database connected
to the web server.
This used to work flawlessly under Win2K server and IIS5,
but now that we've upgraded to Win2K3 and IIS6, the
workstations cannot communicate any longer with the web
server...can anyone either enlighten me as to what may be
causing this problem, or point me to some docs that
highlight the security differences between IIS5 and IIS6?
I should add that under Win2K server and IIS5, the
application would fail to communicate if a firewall was
installed (ZoneAlarm Pro), even though all other http
traffic was getting through ok...
Any ideas will be greatly appreciated!
Thanks,
Eric.
| |
| David Wang [Msft] 2004-01-24, 1:46 am |
| Check the IIS web logs under %SYSTEMROOT%\System32\LogFiles\W3SVC# to see if
the request is even handled by IIS. If the request never shows up -- then
this isn't an IIS6 issue but with your GINA or the network between the
client and server. If the request shows up on IIS, then please post those
necessary log lines.
For security IIS6 does not run user code by default (requires explicit
additional configuration), and even when it runs code, it uses a
low-privileged identity by default. These are probably the biggest change
vs IIS5, and both can be fixed by user configuration. The log file lines is
going to help in this regard.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Eric" <megabyte@umich.edu> wrote in message
news:003f01c3db7c$20e71a70$a101280a@phx.gbl...
Hello;
We have a custom application that uses http to
communicate from a workstation to an IIS server - the app
basically takes over Windows authentication (GinaDLL),
and authenticates the user through a database connected
to the web server.
This used to work flawlessly under Win2K server and IIS5,
but now that we've upgraded to Win2K3 and IIS6, the
workstations cannot communicate any longer with the web
server...can anyone either enlighten me as to what may be
causing this problem, or point me to some docs that
highlight the security differences between IIS5 and IIS6?
I should add that under Win2K server and IIS5, the
application would fail to communicate if a firewall was
installed (ZoneAlarm Pro), even though all other http
traffic was getting through ok...
Any ideas will be greatly appreciated!
Thanks,
Eric.
| |
|
| Thanks for the reply - here's what I'm finding in the
error log:
2004-01-16 14:28:32 141.214.170.138 3005 141.214.52.33
80 - GET /admin/user-authenticate.asp?
Username=miladmin&e=1&Password=101X104X106X17X166X179X38X5
7X&EquipmentID=44 - - Timer_HeaderWait
So why is the request apparently timing out, when it did
not under Win2K/IIS5...?
Thanks so much for your help...
Eric.
quote:
>-----Original Message-----
>Check the IIS web logs under %SYSTEMROOT%\System32
\LogFiles\W3SVC# to see ifquote:
>the request is even handled by IIS. If the request
never shows up -- thenquote:
>this isn't an IIS6 issue but with your GINA or the
network between thequote:
>client and server. If the request shows up on IIS, then
please post thosequote:
>necessary log lines.
>
>For security IIS6 does not run user code by default
(requires explicitquote:
>additional configuration), and even when it runs code,
it uses aquote:
>low-privileged identity by default. These are probably
the biggest changequote:
>vs IIS5, and both can be fixed by user configuration.
The log file lines isquote:
>going to help in this regard.
>
>--
>//David
>IIS
>This posting is provided "AS IS" with no warranties, and
confers no rights.quote:
>//
>"Eric" <megabyte@umich.edu> wrote in message
>news:003f01c3db7c$20e71a70$a101280a@phx.gbl...
>Hello;
>
>We have a custom application that uses http to
>communicate from a workstation to an IIS server - the app
>basically takes over Windows authentication (GinaDLL),
>and authenticates the user through a database connected
>to the web server.
>
>This used to work flawlessly under Win2K server and IIS5,
>but now that we've upgraded to Win2K3 and IIS6, the
>workstations cannot communicate any longer with the web
>server...can anyone either enlighten me as to what may be
>causing this problem, or point me to some docs that
>highlight the security differences between IIS5 and IIS6?
>
>I should add that under Win2K server and IIS5, the
>application would fail to communicate if a firewall was
>installed (ZoneAlarm Pro), even though all other http
>traffic was getting through ok...
>
>Any ideas will be greatly appreciated!
>
>Thanks,
>Eric.
>
>
>.
>
| |
| David Wang [Msft] 2004-01-24, 1:46 am |
| That line came from a HTTPERR log file, and here is the documentation.
http://msdn.microsoft.com/library/e...he_http_api.asp
Can you capture the exact request your GINA is making via Network Monitor (a
packet sniffer that comes with Windows Server 2003)? IIS6 has tightened up
security in a lot of aspects, some may be too much and require
configuration, others may be IIS issues, and still others are existing user
issues. In this case, you'll need to provide the request the GINA made that
is triggering that error to determine where the issue lies.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<anonymous@discussions.microsoft.com> wrote in message
news:0a8201c3dc3f$47a2ae40$a401280a@phx.gbl...
Thanks for the reply - here's what I'm finding in the
error log:
2004-01-16 14:28:32 141.214.170.138 3005 141.214.52.33
80 - GET /admin/user-authenticate.asp?
Username=miladmin&e=1&Password=101X104X106X17X166X179X38X5
7X&EquipmentID=44 - - Timer_HeaderWait
So why is the request apparently timing out, when it did
not under Win2K/IIS5...?
Thanks so much for your help...
Eric.
quote:
>-----Original Message-----
>Check the IIS web logs under %SYSTEMROOT%\System32
\LogFiles\W3SVC# to see ifquote:
>the request is even handled by IIS. If the request
never shows up -- thenquote:
>this isn't an IIS6 issue but with your GINA or the
network between thequote:
>client and server. If the request shows up on IIS, then
please post thosequote:
>necessary log lines.
>
>For security IIS6 does not run user code by default
(requires explicitquote:
>additional configuration), and even when it runs code,
it uses aquote:
>low-privileged identity by default. These are probably
the biggest changequote:
>vs IIS5, and both can be fixed by user configuration.
The log file lines isquote:
>going to help in this regard.
>
>--
>//David
>IIS
>This posting is provided "AS IS" with no warranties, and
confers no rights.quote:
>//
>"Eric" <megabyte@umich.edu> wrote in message
>news:003f01c3db7c$20e71a70$a101280a@phx.gbl...
>Hello;
>
>We have a custom application that uses http to
>communicate from a workstation to an IIS server - the app
>basically takes over Windows authentication (GinaDLL),
>and authenticates the user through a database connected
>to the web server.
>
>This used to work flawlessly under Win2K server and IIS5,
>but now that we've upgraded to Win2K3 and IIS6, the
>workstations cannot communicate any longer with the web
>server...can anyone either enlighten me as to what may be
>causing this problem, or point me to some docs that
>highlight the security differences between IIS5 and IIS6?
>
>I should add that under Win2K server and IIS5, the
>application would fail to communicate if a firewall was
>installed (ZoneAlarm Pro), even though all other http
>traffic was getting through ok...
>
>Any ideas will be greatly appreciated!
>
>Thanks,
>Eric.
>
>
>.
>
|
|
|
|
|