|
Home > Archive > IIS Server > November 2004 > IIS 5.0 access to W2K3 DC
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS 5.0 access to W2K3 DC
|
|
| Ronan de Hooge 2004-11-09, 5:52 pm |
| I have been experiencing a problem with an ASP application running on IIS
5.0 since we upgraded our Domain Controller to Windows 2003. The application
attempts to get a user object using a simple Getobject call to bind to an
Active Directory object i.e. set user = Getobject("unique AD
identifier",user). This call now returns a "Permission Denied" error. This
application functions as expected if we point the IIS server at our legacy
Windows 2000 DNS.
Following other posts I have changed some of the default security policy
settings on the domain controller;
Network Access: Let Everyone Permission apply to anonymous users
Network Access: Restrict anonymous access to Named Pipes and Shares
etc...
I have also tried running the IIS server under a domain account; none of
these steps helped.
Any ideas?
----- Original Message -----
From: "Rebecca Chen [MSFT]" <v-rebc@online.microsoft.com>
Newsgroups: microsoft.public.windows.server.migration
Sent: Tuesday, November 09, 2004 4:10 AM
Subject: RE: IIS 5.0 access to W2K3 DC
> Hi Ronan,
>
> After reading the thread carefully, I believe this is an IIS-related
> issue. Please post this question to microsoft.public.inetserver.iis since
> they are the expects in IIS and will provide more valuable suggestions on
> it.
>
> Good luck!
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
| |
| Jacqueline Jaynes [MSFT] 2004-11-09, 5:52 pm |
| There are some issues in Windows 2003 after you promote it to a domain
controller. Take a look at the following:
http://support.microsoft.com/defaul...KB;EN-US;332097
Hope this helps!
Thank you,
Jackie Jaynes [MSFT]
Microsoft IIS
JackieJa@online.microsoft.com
Please do not send email directly to this alias. This
is our online account name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
| |
| Ronan de Hooge 2004-11-09, 5:52 pm |
|
The IIS server is on a separate machine which is still running Windows 2000
Server. I tried updating the permissions on the web server as directed in
this article (ie adding Network Service). Unfortunately this didn't help and
I am still seeing the Permission denied error.
Thanks for your help
Ronan
"Jacqueline Jaynes [MSFT]" <JackieJa@online@microsoft.com> wrote in message
news:LQMXLJoxEHA.3640@cpmsftngxa10.phx.gbl...
> There are some issues in Windows 2003 after you promote it to a domain
> controller. Take a look at the following:
> http://support.microsoft.com/defaul...KB;EN-US;332097
>
> Hope this helps!
>
> Thank you,
>
> Jackie Jaynes [MSFT]
> Microsoft IIS
> JackieJa@online.microsoft.com
>
> Please do not send email directly to this alias. This
> is our online account name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> You assume all risk for your use. © 2001 Microsoft Corporation. All rights
> reserved.
>
| |
| makebo 2004-11-29, 7:51 am |
| Hi Jackie,
We have excactly the same problem as Ronan described.
IIS 5.0 running on w2k sp4 server whereas domain is currently
native 2000 but 18 out of 21 DC's already upgraded to w2003
server.
Script GetObject fails to following error, when trying to
authenticate (NTLM) user to w2003 DC.
GetObject("WinNT://" & strDomain & "/XXDC999/" & strUser & ",user")
Microsoft VBScript runtime error '800a0046'
Permission denied: 'GetObject'
/testad.asp, line 8
When we are changing XXDC999 server (w2003) to point to old
w2000 DC script works!?!?
I have put local security auditing in place in the server, we are running
IIS but nothing is logged to secyrity log.
Any idea how we could fix this problem?
Interesting enought is, that from IIS point of view, this script is
working when using Basic Authentication. When we want to use
ntlm (integrated) -authentication, this problem occurs.
Thanks for your help
cheers
makebo
"Jacqueline Jaynes [MSFT]" wrote:
> There are some issues in Windows 2003 after you promote it to a domain
> controller. Take a look at the following:
> http://support.microsoft.com/defaul...KB;EN-US;332097
>
> Hope this helps!
>
> Thank you,
>
> Jackie Jaynes [MSFT]
> Microsoft IIS
> JackieJa@online.microsoft.com
>
> Please do not send email directly to this alias. This
> is our online account name for newsgroup participation only.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> You assume all risk for your use. © 2001 Microsoft Corporation. All rights
> reserved.
>
>
|
|
|
|
|