|
Home > Archive > IIS Server Security > April 2004 > How do I deal with "Password Synchronization is not supported"
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How do I deal with "Password Synchronization is not supported"
|
|
| Burton Wilkins 2004-04-28, 4:34 pm |
| PROBLEM 1:
I am trying to “Configure Anonymous Authentication in IIS” for a web site where I would like to use ASP.Net forms-based authentication. While the “Anonymous User Account” dialog is displayed, and I set the “Allow IIS to control password” che
ckbox, I get the following message:
“Password synchronization is not supported with non-local user accounts. Are you sure you want to continue?”
The problem is that Microsoft’s “Step 1: Configuring Anonymous Authentication.” (ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/sysadmin/htm/cms_sa_au_user_oxny.htm) tells me that I am to follow these steps:
To configure Anonymous authentication in IIS
1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. In Internet Information Services, expand the domain node in which your application is stored, and then click Default Web Site.
3. In the right pane, browse to your MCMS Web application.
4. Right-click the virtual directory where your MCMS applications are stored, and then click Properties.
5. In the Properties dialog box, on the Directory Security tab, in the Anonymous access and authentication control section, click Edit.
6. In the Authentication Methods dialog box, select Anonymous access, ensure that the other Windows check boxes are not checked, and then click Edit.
7. In the Anonymous User Account dialog box, click Browse.
8. In the Select User dialog box, in the Look in section, select your computer from the drop-down list.
9. In the Name/In Folder box, select the user IUSR_<computername>, and then click OK.
10. In the Anonymous User Account dialog box, select Allow IIS to control password, and then click OK.
11. In the Authentication Methods dialog box, click OK.
12. In the Properties dialog box, click OK.
It is on the 11th step above where I get this “Password synchronization is not supported.” Message. Would you please tell me (a) Are the above steps suggested by Microsoft correct? (b) What additional steps that will get me around this problem?, or
(c) does the error message indicate that I have failed to properly follow these steps, and what have I done to create this issue?
This is on a Windows 2000 workstation, fully patched to the most current release. The workstation has been up to now a standalone workstation, but about a week ago I began to add it to a Windows 2000 domain server. For right now, I have logged in on t
he Workstation only, and not the network. The IIS and .Net is all local. In time I hope to migrate this web site to the Server, but for now I prefer to develop on the local workstation.
PROBLEM 2: The second step is to Implement Secure Sockets Layer apparently following these suggested steps:
To acquire a digital certificate
1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. In Internet Information Services, expand the domain node in which your application is stored, and then click Default Web Site.
3. In the right pane, browse to your MCMS Web application.
4. Right-click the virtual directory where your MCMS applications are stored, and then click Properties.
5. In the Default Web Site dialog box, on the Directory Services tab, in the Secure communications section, select Server Certificates.
6. To create a new certificate, in the Welcome to the Web Server Certificate Wizard, assign an existing certificate or import a certificate from a backup file, and then click Next.
7. Complete the IIS Web Server Certificate Wizard, entering information as required.
My problem here is that the “Server Certificates” button in step 5 is presently inactive. What must I do to activate this button so that I may complete this process?
Sincerely,
Burton G. Wilkins
| |
| Ken Schaefer 2004-04-28, 10:34 pm |
| Q1)
It just means that you need to select a local account (an account local to
the machine), not a domain account.
If you select a Domain account, you will need to manually enter that domain
account's password, as IIS is not capable of synchronising it automatically
from the Domain Controller.
Q2)
The "Server Certificate" button is only available when you right-click on a
"website" and choose Properties, not if you right-click on a folder and
choose "Properties". SSL Certificates are allocated on a per-server basis.
You can not allocate an SSL Certificate to a single folder. So, right-click
on the *website* that contains your application, and then follow the other
steps.
Cheers
Ken
"Burton Wilkins" <burton_wilkins@att.net> wrote in message
news:E3DE2E1D-24D4-434A-9D21-D8C9918B1897@microsoft.com...
: PROBLEM 1:
: I am trying to "Configure Anonymous Authentication in IIS" for a web site
where I would like to use ASP.Net forms-based authentication. While the
"Anonymous User Account" dialog is displayed, and I set the "Allow IIS to
control password" checkbox, I get the following message:
:
: "Password synchronization is not supported with non-local user accounts.
Are you sure you want to continue?"
:
: The problem is that Microsoft's "Step 1: Configuring Anonymous
Authentication."
(ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/sysadmin/htm/cms_sa_au_user_
oxny.htm) tells me that I am to follow these steps:
: To configure Anonymous authentication in IIS
: 1. Click Start, point to Programs, point to Administrative Tools, and then
click Internet Services Manager.
: 2. In Internet Information Services, expand the domain node in which your
application is stored, and then click Default Web Site.
: 3. In the right pane, browse to your MCMS Web application.
: 4. Right-click the virtual directory where your MCMS applications are
stored, and then click Properties.
: 5. In the Properties dialog box, on the Directory Security tab, in the
Anonymous access and authentication control section, click Edit.
: 6. In the Authentication Methods dialog box, select Anonymous access,
ensure that the other Windows check boxes are not checked, and then click
Edit.
: 7. In the Anonymous User Account dialog box, click Browse.
: 8. In the Select User dialog box, in the Look in section, select your
computer from the drop-down list.
: 9. In the Name/In Folder box, select the user IUSR_<computername>, and
then click OK.
: 10. In the Anonymous User Account dialog box, select Allow IIS to control
password, and then click OK.
: 11. In the Authentication Methods dialog box, click OK.
: 12. In the Properties dialog box, click OK.
: It is on the 11th step above where I get this "Password synchronization is
not supported." Message. Would you please tell me (a) Are the above steps
suggested by Microsoft correct? (b) What additional steps that will get me
around this problem?, or (c) does the error message indicate that I have
failed to properly follow these steps, and what have I done to create this
issue?
:
: This is on a Windows 2000 workstation, fully patched to the most current
release. The workstation has been up to now a standalone workstation, but
about a week ago I began to add it to a Windows 2000 domain server. For
right now, I have logged in on the Workstation only, and not the network.
The IIS and .Net is all local. In time I hope to migrate this web site to
the Server, but for now I prefer to develop on the local workstation.
:
: PROBLEM 2: The second step is to Implement Secure Sockets Layer
apparently following these suggested steps:
:
: To acquire a digital certificate
: 1. Click Start, point to Programs, point to Administrative Tools, and then
click Internet Services Manager.
: 2. In Internet Information Services, expand the domain node in which your
application is stored, and then click Default Web Site.
: 3. In the right pane, browse to your MCMS Web application.
: 4. Right-click the virtual directory where your MCMS applications are
stored, and then click Properties.
: 5. In the Default Web Site dialog box, on the Directory Services tab, in
the Secure communications section, select Server Certificates.
: 6. To create a new certificate, in the Welcome to the Web Server
Certificate Wizard, assign an existing certificate or import a certificate
from a backup file, and then click Next.
: 7. Complete the IIS Web Server Certificate Wizard, entering information as
required.
: My problem here is that the "Server Certificates" button in step 5 is
presently inactive. What must I do to activate this button so that I may
complete this process?
:
: Sincerely,
:
: Burton G. Wilkins
:
|
|
|
|
|