|
Home > Archive > IIS Server Security > March 2005 > 401.1 After IIS6 Setup
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
401.1 After IIS6 Setup
|
|
| WebGuyBob 2005-03-23, 6:09 pm |
| Hello, folks.
I have setup literally dozens of IIS6 Web sites and just ran into subject
problem. I read the following from Mr. Wang in a German IT forum:
"401.1 means that the username/password that you gave to IIS for
authentication was incorrect. If this happens when you have Anonymous access
enabled, it means that the username/password you configured in IIS for the
anonymous user is NOT the same as the NT user in the local SAM. Please
synchronize them and try again."
Being fairly new systems administration, my question is...How do I
synchronize these accounts?
TIA,
Bob
| |
| Bernard 2005-03-23, 8:51 pm |
| For Local SAM - open computer management, local users and groups, find the
IUSR_COMPUTER name account, right mouse on the account, and reset the
password.
Then go to IIS MMC, open the site property, directory security tab,
anonymous access, reselect the iusr account, enter the password, click ok to
save.
then go to command prompt, enter 'iisreset.exe' to restart IIS services.
then test browse your site.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"WebGuyBob" <WebGuyBob@discussions.microsoft.com> wrote in message
news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com...
> Hello, folks.
>
> I have setup literally dozens of IIS6 Web sites and just ran into subject
> problem. I read the following from Mr. Wang in a German IT forum:
>
> "401.1 means that the username/password that you gave to IIS for
> authentication was incorrect. If this happens when you have Anonymous
> access
> enabled, it means that the username/password you configured in IIS for the
> anonymous user is NOT the same as the NT user in the local SAM. Please
> synchronize them and try again."
>
> Being fairly new systems administration, my question is...How do I
> synchronize these accounts?
>
> TIA,
>
> Bob
| |
| WebGuyBob 2005-03-24, 2:54 am |
| Bernard,
As soon as I get in tomorrow morning, I will give that a shot and respond.
Thanks,
Bob
"Bernard" wrote:
> For Local SAM - open computer management, local users and groups, find the
> IUSR_COMPUTER name account, right mouse on the account, and reset the
> password.
>
> Then go to IIS MMC, open the site property, directory security tab,
> anonymous access, reselect the iusr account, enter the password, click ok to
> save.
>
> then go to command prompt, enter 'iisreset.exe' to restart IIS services.
>
> then test browse your site.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
> "WebGuyBob" <WebGuyBob@discussions.microsoft.com> wrote in message
> news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com...
>
>
>
| |
| WebGuyBob 2005-03-24, 5:52 pm |
| Hi, Bernard.
Thanks for responding in this and the asp.net site's forum. For the sake of
the users of this forum, I'll try to keep the thread alive here also.
I appreciate the input. I followed your instructions explicitly, but I'm
still getting the 401.1 error. Below my sig is the error in the Security
Event Log. Am I to the point where I should delete the IIS site or at least
the docroot folder and start over, reselecting the appropriate users and
perms? Is IWAM a factor here?
I'm really wondering if there might be something about the security policy
happening here. The reason I say that is because of the "Reason" indicated in
the error event:
"The user has not been granted the requested logon type at this machine"
Note: "logon type". Is that a clue?
TIA,
Bob
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 3/24/2005
Time: 8:18:05 PM
User: NT AUTHORITY\SYSTEM
Computer: USPLSWEBH104
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name: IUSR_USPLSWEBH104
Domain: USPLSWEBH104
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: USPLSWEBH104
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 1596
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"Bernard" wrote:
> For Local SAM - open computer management, local users and groups, find the
> IUSR_COMPUTER name account, right mouse on the account, and reset the
> password.
>
> Then go to IIS MMC, open the site property, directory security tab,
> anonymous access, reselect the iusr account, enter the password, click ok to
> save.
>
> then go to command prompt, enter 'iisreset.exe' to restart IIS services.
>
> then test browse your site.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
> "WebGuyBob" <WebGuyBob@discussions.microsoft.com> wrote in message
> news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com...
>
>
>
| |
| WebGuyBob 2005-03-24, 5:52 pm |
| Hi, Bernard.
Thanks for responding in this and the asp.net site's forum. For the sake of
the users of this forum, I'll try to keep the thread alive here also.
I appreciate the input. I followed your instructions explicitly, but I'm
still getting the 401.1 error. Below my sig is the error in the Security
Event Log. Am I to the point where I should delete the IIS site or at least
the docroot folder and start over, reselecting the appropriate users and
perms? Is IWAM a factor here?
I'm really wondering if there might be something about the security policy
happening here. The reason I say that is because of the "Reason" indicated in
the error event:
"The user has not been granted the requested logon type at this machine"
Note: "logon type". Is that a clue?
TIA,
Bob
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 3/24/2005
Time: 8:18:05 PM
User: NT AUTHORITY\SYSTEM
Computer: USPLSWEBH104
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name: IUSR_USPLSWEBH104
Domain: USPLSWEBH104
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: USPLSWEBH104
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 1596
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"Bernard" wrote:
> For Local SAM - open computer management, local users and groups, find the
> IUSR_COMPUTER name account, right mouse on the account, and reset the
> password.
>
> Then go to IIS MMC, open the site property, directory security tab,
> anonymous access, reselect the iusr account, enter the password, click ok to
> save.
>
> then go to command prompt, enter 'iisreset.exe' to restart IIS services.
>
> then test browse your site.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
> "WebGuyBob" <WebGuyBob@discussions.microsoft.com> wrote in message
> news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com...
>
>
>
| |
| Bernard 2005-03-24, 8:47 pm |
| Yes, in this cause, the user has no right to logon to the machine. check if
there's any local or domain policy which remove the user rights. You need
access from network, etc, refer this kb.
Default permissions and user rights for IIS 6.0
http://support.microsoft.com/?id=812614
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"WebGuyBob" <WebGuyBob@discussions.microsoft.com> wrote in message
news:0A10BF70-0A78-427B-A1B3-D1664D83BEB4@microsoft.com...[vbcol=seagreen]
> Hi, Bernard.
>
> Thanks for responding in this and the asp.net site's forum. For the sake
> of
> the users of this forum, I'll try to keep the thread alive here also.
>
> I appreciate the input. I followed your instructions explicitly, but I'm
> still getting the 401.1 error. Below my sig is the error in the Security
> Event Log. Am I to the point where I should delete the IIS site or at
> least
> the docroot folder and start over, reselecting the appropriate users and
> perms? Is IWAM a factor here?
>
> I'm really wondering if there might be something about the security policy
> happening here. The reason I say that is because of the "Reason" indicated
> in
> the error event:
>
> "The user has not been granted the requested logon type at this machine"
>
> Note: "logon type". Is that a clue?
>
> TIA,
>
> Bob
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 534
> Date: 3/24/2005
> Time: 8:18:05 PM
> User: NT AUTHORITY\SYSTEM
> Computer: USPLSWEBH104
> Description:
> Logon Failure:
> Reason: The user has not been granted the requested
> logon type at this machine
> User Name: IUSR_USPLSWEBH104
> Domain: USPLSWEBH104
> Logon Type: 8
> Logon Process: Advapi
> Authentication Package: Negotiate
> Workstation Name: USPLSWEBH104
> Caller User Name: NETWORK SERVICE
> Caller Domain: NT AUTHORITY
> Caller Logon ID: (0x0,0x3E4)
> Caller Process ID: 1596
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> "Bernard" wrote:
>
|
|
|
|
|