| Ishmealm 2006-09-17, 7:34 pm |
| Hello,
I have a W2K3 (SP1) server that anonymous access only works when I place
the iusr_ account in the administrator group. When not in the admin group I
get a 401.3 error. So far:
1. I’ve verified that IIS is setup to use anonymous access.
2. Using the troubleshooting 401 errors guide, I confirmed that the errors
are related to the anonymous account not having access to the virtual
directory.
http://support.microsoft.com/kb/907273/en-us
3. I’ve verified (and re-verified) that the anonymous account has rights
(RW) to my directories.
4. I’ve verified that the iusr_ account password is correct by using adsutil
to get the password and then by logging in to the machine using the iusr acct
and password. I then manually changed one of my anonymous virtual
directories to use the password that I had gotten from adsutil. Still get
401.3 error.
http://support.microsoft.com/?kbid=297989
5. I’ve verified that the IIS accounts have at least the rights and user
rights of a default IIS 6 installation, using this:
http://support.microsoft.com/kb/812614/
5. The server is in the same OU as all of our other web servers (roughly
20 all IIS 6.0) so it should get the same GPO.
6. Ran IIS Auth Diagnostics. It shows the anonymous virtual directories
as access denied, but doesn’t show anything wrong with registry, user,
Kerberos, or server permissions.
7. Ran File and Regmon. Neither had any noticeable IIS related failures or
access failures. I ran both from the server while I accessed a page through
IE and by browsing from the IIS admin console.
I’m at the point where I'm completely out of ideas and may have to rebuild
the server. I'm hoping that I'm missing something or that someone else had
some advice as to what to do or another way to diagnose it.
Thanks,
Ishmeal
|