Can IIS authenticate users from external AD forests?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ IIS
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Is this possible? I have an application that uses PHP to write out a configuration file. The configuration is the first web page that pops up after the application is copied to a valid IIS website directory. The problem that I have is with permission to write the configuration file. Is there a way to give permission to write files to the IIS website directory to this application ONLY when run from the local PC....OR is there a way to give write permission to only the admin running the application? Thanks! Tag: Can IIS authenticate users from external AD forests? Tag: 403384
  - 2
    - IIS Can anyone tell me if IIS uses DTC / dynamic port allocation? Where can I determine this? I am about to reboot a web server and wonder if I will have the same problems as I experienced with our SQL Server machine which uses Dynamic Allocation. I realize this is a very broad question, but any insight , tips or links would be a great help? Thanks Scott Tag: Can IIS authenticate users from external AD forests? Tag: 403381
  - 3
    - Question about Index Server Hi there, I have a questions about Index Server and I couldn't find a newsgroup for Index Server so I am posting it here. I am hoping that some of you must have used Index Server for searching website. I created a new catalog and then added a directory that I want to index. Over a period of time, users will add documents to this directory(and it's sub-directories) or delete old documents. Will Index Server, automatically re-index the directory on it's own or do I need to manually re-index the directory. I won't know when users will add or delete documents from the folder that I am indexing. Thanks in advance for any information. Joe Tag: Can IIS authenticate users from external AD forests? Tag: 403380
  - 4
    - IIS idle Hi, i've build a web app based on WestWindWebConnection (Visual Foxpro). On my testserver everything works fine, but on my life server IIS goed idle from time to time. So when i click on a hyperlink, i can see this in my WebConnection logging, but not in the iis logging. When i click again it's back to normal. I've set the session timeout to 20 minutes, the asp timeout to 1200 secs and the connection timeout to 999 secs. When it goes idle the w3wp.exe is still available. What did i overlook? Rotsj Tag: Can IIS authenticate users from external AD forests? Tag: 403374
  - 5
    - Website Search Problem We are in the process of upgrading our website to Windows 2003 and I found a problem. Currently we have IIS 5.0 website running on Windows 2000 SP4. When I try to search the website using the search page, I get a message back "there is no catalog". Yet when I do a manual search on the server through the index service, it works. This was working up until about two weeks ago and nothing has changed that I am aware of. Also test server IIS 6.0 website running on Windows 2003 R2. Same web code, but when I try to do a search, I get an error 405. Doing some research, I found that there was no permissions for the IDQ page that is used for the search. So I have manually set up .IDQ with all permissions, but it didn't help. Any ideas? Thanks Brian Tag: Can IIS authenticate users from external AD forests? Tag: 403373
  - 6
    - iis 6.0 and local policy question I have a Windows 2003 server that's just in a workgroup, no domain/ad, etc. I've applied a custom policy to the server, tweaking a variety of rights and settings. The policy takes, but after every reboot, the IUSR, IWAM accounts and IIS_WPG group are automatically getting added back to a handful of "User Rights Assignment" permissions, such as "access this computer from the network", "log on locally", "log on as a batch job", among others. This MS article documents that these are the default IIS permissions, but it seems as if after every reboot, they're being forced back on me. My apps don't require all of these permissions. http://www.microsoft.com/mspress/books/sampchap/5804.aspx Any idea what could be going on and/or how I can keep these permissions from getting automatically re-added to my policy after a reboot? Thanks. Steve Tag: Can IIS authenticate users from external AD forests? Tag: 403372
  - 7
    - How to block echoping requests ? Hello one of my IIS6 web sites is continuously logging echoping requests from an external computer. The message looks like this: 2008-05-02 07:30:25 W3SVC194609876 <my ip address> GET / -443 <external IP address> Echoping/6.0.2 401 2 This occurs every 5 minutes. The message is clear, but how can I block the external host BEFORE it comes to IIS ? pher Tag: Can IIS authenticate users from external AD forests? Tag: 403367
  - 8
    - IIS 7 Hello all, I have just setup a Windows 2008 Server (x64) and for the life of me I cant get IIS 7 to function at all. Looks like all the roles I need are there. Have setup IIS 6 many times, never had a problem. Granted 7 is waaay different but I can't even get it to display my "This is a test page" test page. I try going to http://localhost/index.htm and it just chugs for a minute then I get the http 500 error. Have been up, down and all around in th manager and everything I see says it should be going. Anyone have any ideas? :) Right now, I just want to see my simple little test page. That shouldn't take much. John Tag: Can IIS authenticate users from external AD forests? Tag: 403361
  - 9
    - IIS7 FastCGI / PHP Hi there, I'm following the instructions in this guide: http://learn.iis.net/page.aspx/208/fastcgi-with-php/ The part where it says: PHP Process Recycling Behavior Make sure that FastCGI always recycles php-cgi.exe processes before the native PHP recycling kicks in. The FastCGI process recycling behavior is controlled by the configuration property instanceMaxRequests. This property specifies how many requests FastCGI process will process before recycling. PHP also has a similar process recycling functionality that is controlled by an environment variable PHP_FCGI_MAX_REQUESTS. By setting instanceMaxRequests to be smaller or equal to PHP_FCGI_MAX_REQUESTS, you can ensure that native PHP process recycling logic will never kick in. To set these configuration properties use the following commands: C:\>%windir%\system32\inetsrv\appcmd set config -section:system.webServer/fastCgi /[fullPath='c:\{php_folder}\php-cgi.exe'].instanceMaxRequests:10000 C:\>%windir%\system32\inetsrv\appcmd set config -section:system.webServer/fastCgi /+[fullPath='c:\{php_folder}\php-cgi.exe'].environmentVariables.[name='PHP_FCGI_MAX_REQUESTS', value='10000'] Note: If those parameters have not been set the first command works ok, the second one returns: ERROR ( message:Cannot find SITE object with identifier "value='10000']". ) anyone have any ideas? thanks, Andy Tag: Can IIS authenticate users from external AD forests? Tag: 403360
  - 10
    - IIS IUSR_MachineName I am setting up Symantec EndPoint Protect on a Server which uses IIS. I was not able to view or access the web site so I ran a Window IIS Auth Diagnostic tool and found the problem to be that the IUSR_ManchineName did not have the user rights: access this computer from the network. I went to add the user, but the Add button is grayed out. I researched further and found out the Add button was grayed out because of the domain group policy. Last Week I had a major problem with the domain group policy and I prefer not to edit the group policy. I did notice that the Domain\Users had rights to access this computer from the network. My question is: Can I add the local server user: IUSR_ManchineName to the Active Directory domain users? I noticed that the IUSR_ManchineName2 from another server that has IIS was an Active Directory domain user. I looked a copying the IUSR_ManchineName2 or creating a new user, but the user SID would be different and it will not work with IIS. There has to be a way to add a local server user to a domain server active directory, I searched the internet and found nothing...... Tag: Can IIS authenticate users from external AD forests? Tag: 403359
  - 11
    - IIS locks file that it serves Guru's, I have an application that updates xml files as new information comes in. These xml files are served by IIS on our website. If a customer is being served one of these files by IIS, the the application cannot update the page. It seems that it has to wait until the file is completely served to the customer before it can update the page. Is there a way to configure IIS to serve the file while at the same time allowing an application to update the file? -- Don Tag: Can IIS authenticate users from external AD forests? Tag: 403357
  - 12
    - ASP.Net 2.0, .Net Framework 2.0 and IIS 5.0 in Win2K problem Hi All Please help me out of the following situation. I have a setup of Windows 2000 (with SP4) with IIS 5.0 and .Net Framework 2.0. I am using ASP.Net 2.0 to develop some application. When I am trying to deploy it in IIS 5.0, I get the error in the browser as: "Failed to map path '/MyWebApp/App_GlobalResources/'." This message is followed by a stack error message. Where "MyWebApp" is the name of my virtual directory. I don't have any global or local resource files in my application but still it is looking for it. I am not sure about it. Please help. Thanks in Advance Tag: Can IIS authenticate users from external AD forests? Tag: 403356
  - 13
    - IIS Compression and SSL I've configured my IIS 6 server to use compression as documented in http://weblogs.asp.net/owscott/archive/2004/01/12/57916.aspx. Seems to work fine under normal http access. But when I access the same server via SSL, everything works fine, but there is no compression. I'm using Fiddler to see if the responses are compressed. Is there some additional configuration step I need to perform to allow compression under SSL? -- ...Mike Tag: Can IIS authenticate users from external AD forests? Tag: 403355
  - 14
    - IIS 6.0 Application pool does not start - identity problem Gurus, Running Windows Server 2003 SP2. I'm currently having a problem with an IIS 6.0 application pool. It seems everytime I restart the server I get the error message "At least one service or driver failed to start" and when I look in the event log it's always due to an application pool not starting - the event log indicates the cause is due to a bad identity. I am using an Active Directory user account for this application pool (not Network Service). When I plug in the password to this account I can successfully start the application pool but when I restart the server this application pool does not start on it's own and again barks about a bad identity in the event logs. Anyone seen this behavior or have a recommendation for a fix? -- Spin Tag: Can IIS authenticate users from external AD forests? Tag: 403344
  - 15
    - w3svc will not start I'm having a problem with the w3svc under IIS6 on W2K3-SP2. We uninstalled some Altiris components from this server that used IIS as a frontend, and now the w3svc won't start (which means our WSUS service is offline). I've gone so far as to uninstall everything under "Application Server" in the Windows Components install screen and delete just about everything out of system32\inetsrv\, but w3svc still will not start with a fresh install and a fresh metabase. IISADMIN, SMTPSVC, and MSFTPSVC all start without problems. Here are the error events I see when attempting to start w3svc: Source: W3SVC Event ID: 1063 Description: The World Wide Web Publishing Service encountered a failure requesting metabase change notifications. The data field contains the error number. Source: W3SVC Event ID: 1036 Description: A failure occurred while initializing the configuration manager for the World Wide Web Publishing Service. The data field contains the error number. Source: W3SVC Event ID: 1005 Description: The World Wide Web Publishing Service is exiting due to an error. The data field contains the error number. Source: W3SVC Event ID: 7024 Description: The World Wide Web Publishing Service service terminated with service- specific error 2147500034 (0x80004002). Tag: Can IIS authenticate users from external AD forests? Tag: 403343
  - 16
    - Question about host headers ... Hi. How can I have a web site listen only for the IP address? If I use the IP address as the Host Header it responds to any host Header. Example Site 1 IP Address Port HostHeader 192.168.1.10 80 mydomain.com 192.168.1.10 80 www.mydomain.com Site 2 IP Address Port HostHeader 192.168.1.10 80 192.168.1.10 The I open up %systemroot%\system32\drivers\etc\hosts and add 192.168.1.10 someotherdomain.com I open up my web browser and type in http://someotherdomain.com and site 2 answers? Why? It should repond to the host header of 192.168.1.10 (http://192.168.1.10) not http://someotherdomain.com. Is this a bug or the default behavior of IIS? How can I make the web site respond only to http://192.168.1.10? Tag: Can IIS authenticate users from external AD forests? Tag: 403339
  - 17
    - ISAPI_Rewrite directory to directory.asp I am attempting to use ISAPI_Rewrite v3 to make subdomain.domain.com/ directory to redirect to subdomain.domain.com/directory.asp, but am having no luck. Can anyone help with it. Regex is my down fall. Thanks in advance. Seth Tag: Can IIS authenticate users from external AD forests? Tag: 403337
  - 18
    - App Pool Status after IISRESET In our group we are having a conflict of opinion. The question is "Is it possible that the application pools will not be re-cycled when I issue a IISRESET command" My take is that "The application pools are ALWAYS re-cycle after an IISRESET" the opposing view is "IIS RESET does not re-cycle the app pools ALL THE TIME". Which opinion is true and how to prove to the other person it is true. I have googled extensively but I cannot comeup with arguments/ technical proof for either views.Please help Prahalad Tag: Can IIS authenticate users from external AD forests? Tag: 403336
  - 19
    - Custom 404 handler unable to read post variables after installing a passthru wildcard application mapping Our customer's application uses a custom 404 handler that must read variables that were passed using POST to the "not found" page. Installing our ISAPI extension appears to break this functionality. The custom 404 handler is an ASP script. Our ISAPI extension is implemented as a passthru wildcard application mapping. Environment: IIS 6.0, ASP.NET 2.0. When the custom 404 handler is called, Request.TotalBytes is a positive integer. Request.BinaryRead(Request.TotalBytes) throws the following exception: --------------------------------------------- object error 'ASP 0101 : 80004005' Unexpected error /404.asp, line 12 The function returned |. ----------------------------------------------- The custom 404 handler works smoothly when opened directly from a HTML form. Thanks for your help. Tag: Can IIS authenticate users from external AD forests? Tag: 403334
  - 20
    - W2008 FTPS and Virtual Directory Good Day, I am trying to setup a ssl ftp site for secure communication to our bank. My initial setup was to a local directory and that worked fine, However, for the production environment I need to utilize a virtual directory on another server. I setup a file share on the destination server to recieve the files and gave permissions to the folder to my ftp client. I set the authentication to the directory to the specified users (from pass though auth) When I test the mapping and permissions everything appears to be fine. When I try to connect however, I get "530 User cannot log in, home directory inaccessible" I could really use some assistance in troubleshooting this issue. Note that this is using Microsoft's FTPS with IIS 7. Thanks -- Steve Tag: Can IIS authenticate users from external AD forests? Tag: 403332
  - 21
    - IIS Virtual SMTP Server - Cannot delete Local (Custom) I've inherited some Win2003/IIS 6.0 servers which already had IIS virtual SMTP servers set up and I'm trying to clean up the settings. There is a Local (Custom) domain set up that I don't think is needed but I don't have an option to delete it. What process created this domain, and is it possible to remove it? Thanks in advance for any assistance Tag: Can IIS authenticate users from external AD forests? Tag: 403331
  - 22
    - LOGON_USER ? On a W2K3 IIS SP2, when the user is connecting locally on the server, ServerVariables["LOGON_USER"] is giving me DOMAIN_NAME\COMPUTER_NAME$ instead of the real username of the adminstrator that logged on on the server. The web site of course uses Integrated authentication. And I have no problem when accessing remotely. The problem only occurs locally. And is not even constant. On average of 5 launches of ie , 3 times would give domain\computer$ and my application fails because user not recognized, and 2 times would give the correct administrator name and application run as intended. Thanks. François. Tag: Can IIS authenticate users from external AD forests? Tag: 403329
  - 23
    - How to use Inetload Hi Any one know how to use InetLoad and more specifically understand the output in the log files. I am actually using this app in it's Exchange Stress and Performance mode, but what I am looking for is information on how to work out what the logs are telling me. EG 2008/04/30 10:20:05:788,client 1 cookie = null :GetAuthenticationPage 2008/04/30 10:20:05:788,client 1 cookie = null :Server asked to close the connection 2008/04/30 10:20:05:788,ltcy 2, clnt 1, cmd GetAuthenticationPage , resp 302 : 2008/04/30 10:20:05:788,ltcy 1, clnt 1, cmd AutoFollowup /owa/auth/logon.aspx?url=http://domain/owa&reason=0 GetAuthenticationPage, resp 400 : 2008/04/30 10:20:05:788,client 1 cookie = null : Http page: 2008/04/30 10:20:05:788,client 1: Error:The following request got an error response: 2008/04/30 10:20:05:788,client 1 cookie = null : Http page: GET /owa/auth/logon.aspx?url=http://domain/owa&reason=0 HTTP/1.1 Tag: Can IIS authenticate users from external AD forests? Tag: 403328
  - 24
    - problem solved problem solved! my boss decided to install exchange 2007... thanks anyway nice greetings from germany Tag: Can IIS authenticate users from external AD forests? Tag: 403327
  - 25
    - IIS 6 VD reset Hi, my name is Marko. I startetd work in a new company one week ago. My parent configured so much wron, so that i need to reset the virtuall directories. I want to open the Mcrosoft Knowledgebase articel, but the site is not reachable. http://support.microsoft.com/kb/883380/en-us How can i get these information. How can i reset these directories without the ressource kit, only with notepad or others? Thanks for your help Tag: Can IIS authenticate users from external AD forests? Tag: 403326
- Next
  - 1
    - WWW publishing and localhost not working WinXP Pro SP2 WWW publishing is not working. Originally, I had three hard drives on my computer. Drive 1 was partitioned as C and E. Suddenly, I started having problems reading the drive, so I used a data recovery program, got the website files off of the drive(s) and reformatted them. I ran tests on the drives and they were working fine - so I put the files back in their original directories. When I originally opened up IIS, all the virtual websites had red question marks next to them. Trying to browse one of them from IIS, I got a server too busy error. I rebooted, and they looked fine, but when I tried to browse them, I got a cannot find server message. I have tried using localhost, 127.0.0.1, my computer name, and nothing. I went back to IIS, and noticed the default web site was stopped. I started it, opened up the browser, and tried to load a page. I could see that the page was trying to load, because I could see the document size (this is in Opera, but NO browsers will open any pages). It never finished loading. So, I went to services and tried to restart WWW publishing. I got a message about WWW not being able to stop in a timely manner. Then I tried to stop IIS itself. WWW depends on IIS, so it tried again to stop WWW, but got the same message again. Any thoughts? Reinstall windows? -- Adrienne Boswell at Home Arbpen Web Site Design Services http://www.cavalcade-of-coding.info Please respond to the group so others can share Tag: Can IIS authenticate users from external AD forests? Tag: 403323
  - 2
    - check the Require SSL option Hi, I want to check the Require SSL option in Default web site of IIS; How can I do that with c#? Tag: Can IIS authenticate users from external AD forests? Tag: 403316
  - 3
    - redirect incoming request to apache. Hello. I have an IIS server running on Windows 2003. I also have an apache server running on a linux box. (192.168.1.250) I only have 1 external ip address and currently forward port 80 requests from my outside ip address to port 80 on the windows box (192.168.1.11) through a cisco pix box. I have an application that runs only on linux on apache server. I want to have IIS take the port 80 request for the app and forward it to port 80 on the linux server. I know I can just use port 801 and forward it to port 80 on the linux server, but i would prefer to NOT do it that way. Any suggestions? Thanks Tag: Can IIS authenticate users from external AD forests? Tag: 403315
  - 4
    - How to generate CRS including an email address in IIS 6 ? Hi! I've a IIS 6 installation and need to generate an CSR to sign this CSR with an enterprise CA based on OpenSSL. All works fine and I can generate an CSR using the wizzard. The signing works fine too and the certificate can be used for SSL encryption. But I want to generate an CSR which includes an email address in the field "email Address". Is it possible to include an email address in the CSR? In older versions of IIS there was an input field for the email address. How can i generate an CSR with email address for IIS 6? Thanks a lot in advance for any hints. Regards. Tobias Kastner Tag: Can IIS authenticate users from external AD forests? Tag: 403314
  - 5
    - IIS 6 on Windows 2003 SP2 stopping app I'm having an intermitent problem with an app I've deployed on IIS6 in a Windows 2003 server. I'm using a VS2008 created installer for the app, and some times, the installer leaves the server with the app stopped, meaning my customers see a 'Service unavailable' error on their browsers. The only way I could bring the app online again by restarting IIS. This doesn't happen always, it seems to happen at random, and it's really driving me crazy! Can anyone tell me where to look (logs, docs, anything) to see what's causing this behavior? Many thanks, Pablo -- Beam me up, Scotty! No intelligent life on this BBS! Pablo Montilla www.odyssey.com.uy Tag: Can IIS authenticate users from external AD forests? Tag: 403313
  - 6
    - Best practices for security for developers deploying web apps to I I'm looking for information on best practices (and least privilege security) for developers that are deploying ASP web applications to an IIS 6 server. We would like to know if our developers need to have administrator privileges on our productions web servers, to do these tasks. The applications are written in a mix of vb6, .net 1.1 and .net 2.0. What permissions should these developers have, and are there any white papers or best practices guidelines for how to set them up? Tag: Can IIS authenticate users from external AD forests? Tag: 403312
  - 7
    - Default System Codepage for IIS Hello gentelmen, Where can I change the system codepage for IIS 6.0 (Windows 2003)? I would like to use as default "Central Europe (Windows)". I use software which based on ASP but doesn't have defined CodePage in the source. The users (client) want set the IE to "automaticaly" entcoding, but the codepage is recognised wrong as "Central Europe (ISO)". So, the characters don't look properly. The default code page for IIS scripts should be "Central Europe (Windows)". If I change the client IE to this manual the pages are sohwed properly. kind regrads Norbert LÃ¶we Tag: Can IIS authenticate users from external AD forests? Tag: 403310
  - 8
    - IIS and certificate mapping Hi all, I m working with IIS6 and a stand alone certification authority. I have deploy 500 certficate (pfx) to remote users now i need to map this certificate on iss, all certificate has a commonname equal to username on IIS server (integrated auth). is possible to map this user via csv,command line, script? in 6 month i will have to do all again and already the export by hand of pfx take time, do the map will be longer thanks for help Michele Mascolo Rome-Italy Tag: Can IIS authenticate users from external AD forests? Tag: 403307
  - 9
    - How to use IIS 7 with Com Objects We have an application that use IIS 6.0 with com objects, it's VB 6.0 desktop app. How to configure IIS 7 to work like previous version? Thanks Tag: Can IIS authenticate users from external AD forests? Tag: 403304
  - 10
    - XSS Cross-Site Scripting - Can you enable XSS in IIS 6.0/7.0? I know you could do XSS in the past with IIS 5.0 until it got plugged, but now I have a "real need". Is it possible to loosen up the security in a control fashion? Tag: Can IIS authenticate users from external AD forests? Tag: 403301
  - 11
    - File upload errors even after setting AspMaxRequestEntityAllowed I'm using Windows 2003 running IIS 6.0. I have Enable Direct Metabase Edit checked. I edited the MetaBase.xml file and changed AspMaxRequestEntityAllowed to: AspMaxRequestEntityAllowed="1073741824" Then I did "iisreset". I am using a script from www.freeaspupload.net to upload files. But it is still crapping out on a file that is like 89 MB. I get the error: ASP 0101 Unexpected error. Function returned | The docs for freeaspupload.net and on several other sites seem to say that this is the only setting I would need to change to allow larger file uploads. But it does not seem to have any effect. Is there anything else I need to do or check? If I look at the script, it is bombing on this line: VarArrayBinRequest = Request.BinaryRead(Request.TotalBytes) Thanks! Tag: Can IIS authenticate users from external AD forests? Tag: 403300
  - 12
    - Log on Locally user right for IIS Lockdown servers Hello, This is a very belated followup to the below issue, I am the original poster. I recently was creating a new OU structure and new security policy and during testing it was noticed that in fact happened on a server that has a web-app that uses Windows integrated authentication, which was a surprise to me. Does this "Log on Locally" policy also affect web-apps using Windows Integrated Authentication? Thanks. --------------------------------------------------------- Basic Auth requires that the authenticating user have "login locally" privilege on the server. The reason that your changes to IUSR/VUSR/Web Anonymous group have no effect is because those users are NOT used for basic auth (they are accounts used for Anonymous auth) The actual user accounts authenticating under Basic auth needs to have "login locally" privilege. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // <-> wrote in message news:OLg0S3e7EHA.3236@TK2MSFTNGP15.phx.gbl... Hello, We have a server that has IIS lockdown and basic authentication for a website and when the server team applied a policy that restricted logon only to administrators, no one was able to log into the application. The application users are not actually logging in locally, so I am thinking that there is something in the IIS definition that requires that they have this privilege. In addition, we took the IUSR and VUSR accounts and also Web anonymous (all "Web" groups local to the machines) and added them, and still no luck. We added the Everyone group, and this resolved the problem. Is there any way to preserve non Single Sign-on authentication and not have to have the Everyone group with the log on locally user right? Thanks. Tag: Can IIS authenticate users from external AD forests? Tag: 403299
  - 13
    - IIS Hang I've been having some issues with IIS where it pins the processor until the app pool is recycled. This sequence of events from an IIS State log seems to be the culprit every time: Thread ID: 29 System Thread ID: 16d4 Kernel Time: 0:0:6.218 User Time: 1:45:8.500 Thread Type: ASP # ChildEBP RetAddr 00 0b57df30 7357c7f6 MSVBVM60! _COLE2TEMPLATE_vtbl::put__AUTOVERBMENUIPROP_CLIENT+0x7 01 0b57df98 7363bc3a MSVBVM60!VBDataObjectFiles::`vftable'+0x36 02 0b57e24c 735e2b6e MSVBVM60!EpiInvokeMethod+0x441 03 0b57e288 735e8642 MSVBVM60!FORM::LoadProp+0x1d 04 0b57e384 735e8226 MSVBVM60!CTLUSER::GetPropA+0x88 05 0b57e3c0 776b13af MSVBVM60!CTLUSER::SetPropA+0x26 06 0b57e4b0 776b1275 ole32!ICoCreateInstanceEx+0xcb 07 0b57e4d8 776b1244 ole32!CComActivator::DoCreateInstance+0x28 08 0b57e4fc 73653937 ole32!CoCreateInstanceEx+0x23 09 0b57e56c 73675e68 MSVBVM60!qsort+0xb7 0a 0b57e584 73675e98 MSVBVM60!Adjustor954 0b 0b57e5c4 73671ce7 MSVBVM60!Adjustor960 0c 0b57e6dc 77d06de9 MSVBVM60!lblEX_ThisVCallR8+0x4f 0d 0b57e6f8 73646a6f OLEAUT32!DispCallFunc+0x16a 0e 0b57f054 7363a0d4 MSVBVM60!VBStrToLong+0xcf 0f 0b57f0b0 70a146eb MSVBVM60!rtFindFirstFile+0x185 10 0b57f13c 70a14968 asp!CPageObject::TryInvokeMethod+0x73 11 0b57f188 70a01594 asp!CPageObject::InvokeMethod+0x4c 12 0b57f1d8 709ee237 asp!CPageComponentManager::OnStartPage+0x1a4 13 0b57f200 709f76ff asp! CPageComponentManager::AddScopedUnnamedInstantiated+0xb6 14 0b57f24c 709ee04c asp!CTypelibCache::CreateComponent+0x13b 15 0b57f28c 77d06de9 asp!CServer::CreateObject+0x66 16 0b57f2ac 77d06c80 OLEAUT32!DispCallFunc+0x16a 17 0b57f33c 709edf7d OLEAUT32!CTypeInfo2::Invoke+0x234 18 0b57f364 73469f71 asp!CDispatchImpl<IServer>::Invoke+0x55 19 0b57f3b8 73468f37 vbscript!CatchIDispatchInvoke+0x46 1a 0b57f3f8 73468ea6 vbscript!IDispatchInvoke2+0xaf 1b 0b57f434 73469000 vbscript!IDispatchInvoke+0x59 1c 0b57f548 73467bb6 vbscript!InvokeDispatch+0x13a 1d 0b57f56c 73468fbd vbscript!InvokeByName+0x42 1e 0b57f848 73464940 vbscript!CScriptRuntime::Run+0x2581 1f 0b57f940 73464cd2 vbscript!CScriptEntryPoint::Call+0x5c 20 0b57f998 73465522 vbscript!CSession::Execute+0xb4 21 0b57f9e8 7346189b vbscript!COleScript::ExecutePendingScripts+0x13e 22 0b57fa04 709e2f5a vbscript!COleScript::SetScriptState+0x150 23 0b57fa30 709e2f1a asp!CActiveScriptEngine::TryCall+0x19 24 0b57fa6c 709e2e50 asp!CActiveScriptEngine::Call+0x31 25 0b57fa88 709e2d54 asp!CallScriptFunctionOfEngine+0x5b 26 0b57fadc 709e2c7f asp!ExecuteRequest+0x17e 27 0b57fb44 709e2a4d asp!Execute+0x249 28 0b57fb98 709e271a asp!CHitObj::ViperAsyncCallback+0x3e8 29 0b57fbb4 75bd72a5 asp!CViperAsyncRequest::OnCall+0x92 2a 0b57fbd0 7770f0eb comsvcs!CSTAActivityWork::STAActivityWorkHelper +0x32 2b 0b57fc1c 7770fb38 ole32!EnterForCallback+0xc4 2c 0b57fd7c 77710042 ole32!SwitchForCallback+0x1a3 2d 0b57fda8 77694098 ole32!PerformCallback+0x54 2e 0b57fe40 777127fd ole32!CObjectContext::InternalContextCallback +0x159 2f 0b57fe60 75bd7649 ole32!CObjectContext::DoCallback+0x1c 30 0b57fecc 75bd79a5 comsvcs!CSTAActivityWork::DoWork+0x12d 31 0b57fee4 75bd833e comsvcs!CSTAThread::DoWork+0x18 Does this look familiar to anyone? Thanks in advance. Tag: Can IIS authenticate users from external AD forests? Tag: 403298
  - 14
    - WebDAV Server Issue - Sub folders and site name iise WebDAV Server Issue: I am unable to get WebDAV to work properly on my Public Windows 2003 IIS Server. I have two sites on this server (the default site and second site running with a host header) The default site is configured with a certificate and SSL. The default site is also configured with my WebDAV virtual directory and the virtual directory uses digest authentication. When connecting from a XP Pro client with the add network places wizard I am able to connect to the site by entering the URL. For example (https://site.mydomain.com/uploads) . I am prompted for the password as expected and I can log in. This is where my problems start. Inside of my WebDAV enabled folder I see a folder with the same name as my WebDAV folder. Uploads in the above example. I also see the other sub folders that are actually in my WebDAV folder. When I try to open uploads (a folder that does not actually exist in this location) or any other folders I get a login prompt for the actual host name of the server, not the domain name of the website I originally connected to. I have two concerns with this. 1) Why is my Server\WebDAV exposing the internal network name of my server 2) External clients are unable to connect to sub folders using this name because it is not routable over the internet. The clients do have the ability to add files and delete files for the WebDAV share as long as it is in the root folder only, but they do not appear to have full WebDAV functionality (Edit files in place, etc.) This is what I have tried so far 1) Removed and recreated the WebDAV share 2) Removed custom headers from the site 3) Restarted IIS 4) Verified installation off all Critical and Important updates 5) Rebooted Server Any help would be greatly appreciated Thanks Tag: Can IIS authenticate users from external AD forests? Tag: 403297
  - 15
    - IIS integration against a non-Windows KDC I am running a Windows IIS machine (standalone) and would like to allow users to authenticate against our existing back-end KDC (MIT Kerberos realm authentication). IIS is running a COTS app, so I don't have any flexibility to muck with the code. Ideas? Thanks Blake Tag: Can IIS authenticate users from external AD forests? Tag: 403296
  - 16
    - Enable HTTP Connectivity i own problem on proclariy dashboard 6.3 ,this prblem in login page is disable controls how to Enable HTTP Connectivity ? thanks Tag: Can IIS authenticate users from external AD forests? Tag: 403295
  - 17
    - Error 401.1 I just got a dedicated Windows 2003 server at Brinkster (IIS6). It had Plesk 8.3 on it, but some things just didn't seem right with Plesk, so I uninstalled it. This is my first dedicated server, and I'd really rather learn about the inner workings than be dependent on Plesk. The first problem I have run into after the uninstallation of Plesk 8.3 is that I cannot view the web pages in the "Default Web Site". When I type "http://localhost" into IE I get a login dialog - which fails to take my admin username and password - and then fails, showing "You are not authorized to view this page" (a 401.1 error). I even created a new website (allowing anonymous access) and I get the same dialog box and error trying to access that site. What is going on? Tag: Can IIS authenticate users from external AD forests? Tag: 403283
  - 18
    - applicationhost.config error I seem to have a problem in applicationhost.config but I don't know what it is or how to correct. I am running IIS7 under Vista. It was working normally, until I tried to add a patch that would allow frontpage server extensions, and the administration pack. Then IIS wouldn't start and I would get the error "Cannot start service W3SVC on computer '.'." In the system event log, I see two related errors: The Application Host Helper Service encountered an error while reading the data for SID mapping. Please ensure that the application pool name data is correct in the configuration file. To resolve this issue, please recommit the changes or restart this service. The data field contains the error number. and The Application Host Helper Service encountered an error trying to process the configuration data for config history. The feature will be disabled. To resolve this issue, please confirm that the configuration file is correct, has correct attribute values for config history and recommit the changes. The feature will be enabled again if the configuration is correct. The data field contains the error number. (02000780) When I ran "C:\windows\system32\inetsrv\appcmd.exe list apppools I got error < message:configuration error Filename: \\?\C:\windows\system32\inetsrv\config\applicationhost.config Line Number: 784 Description: Configuration file is not well-formed XML Then when I check applicationhost.config I found that line 784 is the last line of the file! Actually the last line is 783, which is </configuration>. So I tried removing the last empty line 784, but then appcmd says the error is on line 783. I'm no further ahead. Do these error characteristics suggest some problem I could correct? Although it is complaining about applicationhost.config it's hard to see where the problem might be. Tag: Can IIS authenticate users from external AD forests? Tag: 403279
  - 19
    - C# CGI Fails with System.ArgumentException Hi... I'm attempting to use C# for CGI. I am able to use both Perl and C without a problem but C# fails with: "Unhandled Exception: System.ArgumentException: The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))" I have reduced the test to basics with the C source of: #include <stdio.h> int main() { printf("Content-Type: text/html\r\n\r\n"); printf("<html> <head>\n"); printf("<title>Hello, World!</title>\n"); printf("</head>\n"); printf("<body>\n"); printf("<h1>Hello, World!</h1>\n"); printf("</body> </html>\n"); } which is envoked by: http://localhost/CGI/HelloWorld_C.exe The C# source is: using System; namespace HelloWorld_CGI_CS { class Program { static void Main() { Console.Write("Content-Type: text/html\n\n"); Console.Write("<html><head><title>Hello World</title></head>"); Console.Write("<body><h1>Hello</h1></body></html>"); } } } Which is envoked by: http://localhost/CGI/HelloWorld_CGI_CS.exe If I drop the C# .exe on a cmd screen I get what I expected: Content-Type: text/html <html><head><title>Hello World</title></head><body><h1>Hello</h1></body></html> Environment: Win 2003 SP2 IE 7 Framework 2.0 Web Service Extention: Hello_CS File Name: C:\CGI\HelloWorld_CGI_CS.exe Status: Allowed Both the C and C# .exes are in Virtual Directory CGI. I tried sending a message to a log file first thing in Main to see if the page is being processed. It never reached that point. Ran the compiled C# against ildasm and got: .class private auto ansi beforefieldinit HelloWorld_CGI_CS.Program extends [mscorlib]System.Object { } // end of class HelloWorld_CGI_CS.Program .method public hidebysig specialname rtspecialname instance void .ctor() cil managed { // Code size 7 (0x7) .maxstack 8 IL_0000: ldarg.0 IL_0001: call instance void [mscorlib]System.Object::.ctor() IL_0006: ret } // end of method Program::.ctor .method private hidebysig static void Main() cil managed { .entrypoint // Code size 31 (0x1f) .maxstack 8 IL_0000: ldstr "Content-Type: text/html\n\n" IL_0005: call void [mscorlib]System.Console::Write(string) IL_000a: ldstr "<html><head><title>Hello World</title></head>" IL_000f: call void [mscorlib]System.Console::Write(string) IL_0014: ldstr "<body><h1>Hello</h1></body></html>" IL_0019: call void [mscorlib]System.Console::Write(string) IL_001e: ret } // end of method Program::Main Thanks... Don Bretz Tag: Can IIS authenticate users from external AD forests? Tag: 403268
  - 20
    - [No relevant source lines] WS2008 box using IIS7 on subnet 192.168.100.x is trying to connect to a storage array on 192.168.200.x. I have an IP, 192.168.100.220, that allows me read-only access from the .100 subnet to the storage array on the .200 subnet. I can map a drive through this link and read any files on the storage array. Now I'm trying to get http access to these files via IIS7 using a UNC as the path. I was able to create a virtual directory using the UNC and a common userid/password for authentication. I was able to place a web.config on the UNC and I enabled Directory Browsing. This was all working fine, for about 5 minutes! I was able to browse to the VD and it was working... I swear it was working. I tried the http connection this morning and am now getting the following error. Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: An error occurred loading a configuration file: Failed to start monitoring changes to '\\ptlpsrv04\bkodbc' because access is denied. Source Error: [No relevant source lines] Source File: \\ptlpsrv04\bkodbc\web.config Line: 0 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.1434; ASP.NET Version:2.0.50727.1434 The last thing I did last night before leaving was to install the IIS7 throttling app and the IIS7 playlist app CTP2. Can anyone tell me why this would work one minute and not the next? I can set up a local path as a VD and it works fine so I strongly suspect that it is a security issue. But why would it work in the evening, I thried it several times and from multiple machines, and then fail in the morning? Thanks in advance for any hair you can save on my head! -- stullhe104 Tag: Can IIS authenticate users from external AD forests? Tag: 403263
  - 21
    - IIS ODBC LOG Hi, I'm logging my IIS by SQL ODBC. When the SQL Server is OffLine the IIS stops. Anybody knows a registry key to disable this. Thanks. Tag: Can IIS authenticate users from external AD forests? Tag: 403261
  - 22
    - Performance - 1 vs 2 processor In regards to cost vs. performance..... what is the recommendation for a IIS Web Server? Our web server is primarily asp/asp.net communication with a Microsoft SQL Server on a separate server. thanks... Tag: Can IIS authenticate users from external AD forests? Tag: 403243
  - 23
    - IIS / SSL / Site Security / Multiple Sites Have a question about an IIS server with multiple commerce web sites and single SSL certificate Here is the scenario (single server, single static IP) www.TheCompany.com this top level company website has the SSL certificate www.Product1.com \\CompanyServer\c\web\Product1 www.Product2.com \\CompanyServer\c\web\Product2 www.Product3.com \\CompanyServer\c\web\Product3 they both have their own shopping cart, etc. and their own "payment.asp" or "payment.aspx" pages, with their own theme. But I want to handle the credit card number entry screen with https:\\ but with the existing SSL certificate for TheCompany domain, without buying Wild Card cert and without dealing with many certificates. How can I do that? Second acceptable solution is to redirect from Product1.com to Product1.TheCompany.com/payment.asp, but it causes redirction related security problems. Is there any way of solving this issue without changing the URL away from Product1.com with Frames or some other way so that I can use the single Certificate. I believe some of the Hosters are doing this kind of stuff. Any ideas about how it can be done? Thanks a million Tag: Can IIS authenticate users from external AD forests? Tag: 403242
  - 24
    - Tell IIS to ignore Accept header? I found one browser (Obigo) that sends an Accept header that does not include "text/html". It only does this when using SSL. Obviously something wrong with the browser, since it does support text/html. I'm guessing if IIS went ahead and returned text/html the browser would be fine, but currently IIS returns a 406 response. Can I force IIS to ignore the Accept header? I do have an ISAPI filter, so maybe I can use that to modify the Accept header? Would that just be "SetHeader" in the pre-process headers notification? I'm thinking maybe I'll just set the Accept header to */*, all the time... or maybe only if User-Agent contains "Obigo". Tag: Can IIS authenticate users from external AD forests? Tag: 403240
  - 25
    - Check Server Extensions 2002 Just installed IIS on Windows 2003 R2. When logged in as domain administrator, I'm unable to check server extensions on the default web site. But when I log in as the local administrator, it works in that the administration web site appears. Is this normal or have I done something wrong? Thanks, Rob. Tag: Can IIS authenticate users from external AD forests? Tag: 403239

My client has three AD forests, each with external trusts to the
others.

He has an IIS Web server in Forest A, which contains Domains A and B.
We have revoked anonymous access to this server, as we need to match
inbound requests with AD users. This is working fine for Domains A and
B (those in the same forest) -- they can authenticate to the Web
server, access files, and the request comes in under their personal AD
accounts.

However, users in Forest B (which contains Domain C) and Forest C
(which contains Domain D) cannot authenticate to this IIS server. They
are prompted for credentials which are never accepted.

It's not an NTFS problem -- we have ensured these users have file-
level permissions to all the files of the Web site.

So, the question is: can an IIS Web server authenticate users from
different AD Forests? If so, is there some magic setting to allow this
that I'm not aware of?

Top

Re: Can IIS authenticate users from external AD forests? by Ken

Ken
Sat May 03 03:04:51 CDT 2008

How are the clients authenticating?

If using Kerberos, then if you have an external trust, Kerberos referrals
will not work cross-Forest - you need to use a Forest trust instead.

Cheers
Ken

"Deane" <deane.barker@gmail.com> wrote in message
news:05e2dec3-efff-4633-abee-0c43090d2d25@8g2000hse.googlegroups.com...
> My client has three AD forests, each with external trusts to the
> others.
>
> He has an IIS Web server in Forest A, which contains Domains A and B.
> We have revoked anonymous access to this server, as we need to match
> inbound requests with AD users. This is working fine for Domains A and
> B (those in the same forest) -- they can authenticate to the Web
> server, access files, and the request comes in under their personal AD
> accounts.
>
> However, users in Forest B (which contains Domain C) and Forest C
> (which contains Domain D) cannot authenticate to this IIS server. They
> are prompted for credentials which are never accepted.
>
> It's not an NTFS problem -- we have ensured these users have file-
> level permissions to all the files of the Web site.
>
> So, the question is: can an IIS Web server authenticate users from
> different AD Forests? If so, is there some magic setting to allow this
> that I'm not aware of?

Top