IIS6 sending anonymous authentication

TheMSsForum.com: The Microsoft Software Forum

Hi NGs,
I've a very strange behavior of an IIS.

Situation:

We have a Windows 2000 Server with IIS5 and SQL 2000 SP3 installed
(call it oldserver). it's located in the domain [oldRD]
next we have a Windows 2003 server running IIS6 and SQL2000 SP3
[newserver]. this one is located in domain [newRD]
[oldrd] and [newrd] have a oneway trust: [oldrd] trusts [newrd].
now we have a Domain User located in [newRD] let's call him [myuser].
[myuser] is logged on to a workstation located in [newrd] -Windows XP
Sp1.
he is member of local administrators on all relevant machines.
There are two databases, one located on [newserver] the other on
[oldserver] -lets name them [oldDB] and [newDB] ;-)
On both server is the same website installed. The site contains
ASP-scripts.
On [oldserver] there is a SystemDSN pointing to [oldDB].
On [newserver] there are two SystemDSNs one pointing to [oldDB] on
[oldserver] and the other pointing to [newdb] on [newserver].
All DSNs are tested successfully on the server using WinAuth.
Now if [myuser] opens the web on [oldserver] accessing [olddb]
everything works.
If [myuser] opens the web on [newserver] accessing [newdb] everything
works fine.
But if [myuser] opens the web on [newserver] accessing [olddb] the
odbc sends back an error:

[Microsoft][ODBC SQL Server Driver][SQL Server]Error authenticating
user 'NT AUTHORITY\ANONYMOUS LOGON'
/serverdata/sharedfiles/dbconnect.asp, line 3.

DBCONNECT.ASP looks like this:
<%
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "DSN=serverdata;USR=_runtimeusername;PWD=_runtimepassword"
%>

The IIS-logs on [newserver] show the [newrd]\[myuser] loading the web.

If the user connects to the [newserver] using RDP and loads the web
localy, it works.
What is it, that IIS6 prevents sending the runtimeuser to DSN if this
web is loaded remotly?

thanks ind advance
Carsten Lahme
Top

Re: IIS6 sending anonymous authentication by carsten

carsten
Fri Oct 22 02:05:57 CDT 2004

Hi Again,
this seems to be not this easy, doesn't it?

OK, here are some additional informations.
The problem always occours if a server-script that is started by IIS6
tries to connect to another server via robocopy in this case.
The script runs with userpermissions, but not in an userenvironment
like under IIS5. If I echo the SET sequence to a txt-file this is,
what it says:

USERPROFILE=C:\Documents and Settings\LocalService
AUTH_USER=[MyDomain]\[MyUser]
UNMAPPED_REMOTE_USER=[MyDomain]\[MyUser]

Username, logonserver, etc.. are missing.
Therefor I think it has not domainticket to sebd to the remote server
when copying files.
Did You get the point?
Do You know, what i have to do, to get this working?

thanks

Carsten
Top

Re: IIS6 sending anonymous authentication by carsten

carsten
Fri Oct 29 07:17:23 CDT 2004

and again, here I am....
wonder why nobody comments?!
This is how far I came up to now.
The problem is located in impersonation.
As far as I understand, You can tell the workerprocess for an specific
applicationpool to user user-authentication.
All exambles seem to point to a file called web.config and is written
in VB-Projects.
Well, I'm not using any VB Dev-Enviroment, but write my code manually.
How do I setup an applicationpool with impersonation manually?
Cann I embed it into a asp-header-file? Do I need to edit any
reg-keys?

Is there a step by step / how-To somerwhere?

thanks in advance

Carsten

carsten@carsten-lahme.de (Carsten Lahme) wrote in message news:<b5ba7295.0410212305.738314a8@posting.google.com>...
> Hi Again,
> this seems to be not this easy, doesn't it?
>
> OK, here are some additional informations.
Top