|
Home > Archive > IIS Server Security > January 2004 > Access requires password
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Access requires password
|
|
|
| My IIS 6 on Server 2003 worked fine for a month. Then,
all of a sudden, it began prompting for a user ID and
password and no id password combinations worked,
including the admin.
The system had not been touched for 3 days prior to this
beginnning to happen. The logs show a 403.3 and 403.5
errors when trying to access the site.
I have checked NT settings and all the settings on IIS
necessary to get it going, to no avail. In the process, I
changed teh password on IUSR_computername on NT and the
IIM manager.
Any sugestions would be appreciated. Norton has not
detented any virus on this machine.
Thanks.
| |
| Jason M. Murray 2004-01-24, 1:57 am |
| Hi Brian,
The 403.3 indicates that you have not allowed write access to your
directory and the 403.5 tells us that someone is trying to access your site
wih a client certificate that isn't using 128bit encryption.
403.3 - Write access forbidden.
403.5 - SSL 128 required.
If you are trying to use annonymous authentication make sure your IUSR
account isn't locked out, and that your passwords are synced.
Best regards,
Jason M. Murray [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm.
--------------------
| Content-Class: urn:content-classes:message
| From: "Brian" <bldoss01@acm.org>
| Sender: "Brian" <bldoss01@acm.org>
| Subject: Access requires password
| Date: Sat, 20 Dec 2003 09:39:45 -0800
| Lines: 18
| Message-ID: <014101c3c720$4208cde0$a101280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcPHIEII16A4k/5bR8uSW68zJmD1Fg==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.inetserver.iis.security
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis.security:8047
| NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| My IIS 6 on Server 2003 worked fine for a month. Then,
| all of a sudden, it began prompting for a user ID and
| password and no id password combinations worked,
| including the admin.
|
| The system had not been touched for 3 days prior to this
| beginnning to happen. The logs show a 403.3 and 403.5
| errors when trying to access the site.
|
| I have checked NT settings and all the settings on IIS
| necessary to get it going, to no avail. In the process, I
| changed teh password on IUSR_computername on NT and the
| IIM manager.
|
| Any sugestions would be appreciated. Norton has not
| detented any virus on this machine.
|
| Thanks.
|
| |
|
| I made a mistake. The logs show 401 3 5 (not 403) for
each attempt to access the site.
How does one check to make sure the IUSR account is not
locket out?
In teh process of trying to get the site accessable over
the past few days, I have changed many setting all over.
In the process, i now cannot access my event viewer for
system and applications. Is there a way to reset all
settings to the original?
Thanks.quote:
>-----Original Message-----
>Hi Brian,
>
> The 403.3 indicates that you have not allowed write
access to yourquote:
>directory and the 403.5 tells us that someone is trying
to access your sitequote:
>wih a client certificate that isn't using 128bit
encryption.quote:
>403.3 - Write access forbidden.
>403.5 - SSL 128 required.
> If you are trying to use annonymous authentication
make sure your IUSRquote:
>account isn't locked out, and that your passwords are
synced.quote:
>
>
>Best regards,
>Jason M. Murray [MSFT]
>This posting is provided "AS IS" with no warranties, and
confers no rights.quote:
>Use of included script samples are subject to the terms
specified atquote:
>http://www.microsoft.com/info/cpyright.htm.
>
>
>--------------------
>| Content-Class: urn:content-classes:message
>| From: "Brian" <bldoss01@acm.org>
>| Sender: "Brian" <bldoss01@acm.org>
>| Subject: Access requires password
>| Date: Sat, 20 Dec 2003 09:39:45 -0800
>| Lines: 18
>| Message-ID: <014101c3c720$4208cde0$a101280a@phx.gbl>
>| MIME-Version: 1.0
>| Content-Type: text/plain;
>| charset="iso-8859-1"
>| Content-Transfer-Encoding: 7bit
>| X-Newsreader: Microsoft CDO for Windows 2000
>| Thread-Index: AcPHIEII16A4k/5bR8uSW68zJmD1Fg==
>| X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300quote:
>| Newsgroups: microsoft.public.inetserver.iis.security
>| Path: cpmsftngxa07.phx.gbl
>| Xref: cpmsftngxa07.phx.gbl
microsoft.public.inetserver.iis.security:8047quote:
>| NNTP-Posting-Host: tk2msftngxa09.phx.gbl 10.40.1.161
>| X-Tomcat-NG: microsoft.public.inetserver.iis.security
>|
>| My IIS 6 on Server 2003 worked fine for a month. Then,
>| all of a sudden, it began prompting for a user ID and
>| password and no id password combinations worked,
>| including the admin.
>|
>| The system had not been touched for 3 days prior to
thisquote:
>| beginnning to happen. The logs show a 403.3 and 403.5
>| errors when trying to access the site.
>|
>| I have checked NT settings and all the settings on IIS
>| necessary to get it going, to no avail. In the
process, Iquote:
>| changed teh password on IUSR_computername on NT and
thequote:
>| IIM manager.
>|
>| Any sugestions would be appreciated. Norton has not
>| detented any virus on this machine.
>|
>| Thanks.
>|
>
>.
>
| |
| Bernard 2004-01-24, 1:58 am |
| 401.3 - Unauthorized due to ACL on resource.
Check if related user has NTFS permission to access the files/folders.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Brian" <bldoss01@acm.org> ????
news:01b701c3c810$468cf260$a101280a@phx.gbl...[QUOTE][color=darkred]
> I made a mistake. The logs show 401 3 5 (not 403) for
> each attempt to access the site.
>
> How does one check to make sure the IUSR account is not
> locket out?
>
> In teh process of trying to get the site accessable over
> the past few days, I have changed many setting all over.
> In the process, i now cannot access my event viewer for
> system and applications. Is there a way to reset all
> settings to the original?
>
> Thanks.
> access to your
> to access your site
> encryption.
> make sure your IUSR
> synced.
> confers no rights.
> specified at
> V5.50.4910.0300
> microsoft.public.inetserver.iis.security:8047
> this
> process, I
> the
| |
|
| Yes, IUSR_Coputername has guest access -- read, read &
execute, write access to the Inetpub/wwwroot folder.
How does one make sure that an account isn't locked
(IUSR_computername)? The system keeps asking for id and
password and none of the id passwords work -- including
the admin id.
Brianquote:
>-----Original Message-----
>401.3 - Unauthorized due to ACL on resource.
>
>Check if related user has NTFS permission to access the
files/folders.quote:
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>
>"Brian" <bldoss01@acm.org> ????
>news:01b701c3c810$468cf260$a101280a@phx.gbl...
over[QUOTE][color=darkred]
over.[QUOTE][color=darkred]
trying[QUOTE][color=darkred]
and[QUOTE][color=darkred]
terms[QUOTE][color=darkred]
microsoft.public.inetserver.iis.security[QUOTE][color=darkred]
Then,[QUOTE][color=darkred]
and[QUOTE][color=darkred]
403.5[QUOTE][color=darkred]
IIS[QUOTE][color=darkred]
>
>
>.
>
| |
|
| Yes, IUSR_Coputername has guest access -- read, read &
execute, write access to the Inetpub/wwwroot folder.
How does one make sure that an account isn't locked
(IUSR_computername)? The system keeps asking for id and
password and none of the id passwords work -- including
the admin id.
Brian
quote:
>-----Original Message-----
>401.3 - Unauthorized due to ACL on resource.
>
>Check if related user has NTFS permission to access the
files/folders.quote:
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>Please respond to newsgroups only ...
>
>
>
>"Brian" <bldoss01@acm.org> ????
>news:01b701c3c810$468cf260$a101280a@phx.gbl...
over[QUOTE][color=darkred]
over.[QUOTE][color=darkred]
trying[QUOTE][color=darkred]
and[QUOTE][color=darkred]
terms[QUOTE][color=darkred]
microsoft.public.inetserver.iis.security[QUOTE][color=darkred]
Then,[QUOTE][color=darkred]
and[QUOTE][color=darkred]
403.5[QUOTE][color=darkred]
IIS[QUOTE][color=darkred]
>
>
>.
>
| |
| Bernard 2004-01-24, 1:58 am |
| In this case, I would suggest you try filemon and regmon from
sysinternals.com. run in on the server, test browse you site, then trace the
log file to track down any access related errors.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Brian" <bldoss01@acm.org> ????
news:019501c3c8bb$92bff8c0$a301280a@phx.gbl...[QUOTE][color=darkred]
> Yes, IUSR_Coputername has guest access -- read, read &
> execute, write access to the Inetpub/wwwroot folder.
>
> How does one make sure that an account isn't locked
> (IUSR_computername)? The system keeps asking for id and
> password and none of the id passwords work -- including
> the admin id.
>
> Brian
>
> files/folders.
> over
> over.
> trying
> and
> terms
> microsoft.public.inetserver.iis.security
> Then,
> and
> 403.5
> IIS
|
|
|
|
|