locked
IIS 5.1 Fresh Install Web Server Setup RRS feed

  • Question

  • User-379005390 posted

    I just installed IIS to setup a local web server for test web applications. My problem is when i browse the default root directory, it keeps prompting me for username/password.

     
    It's been awhile sine i've setup a web server and first time i've done it on XP Pro. All default options are left untouched so Anonymous access is on to the IUSR_xxxx user, allow IIS to control password is checked as well as intergrated windows authentication.

     

    Please some help would be great! thanks in advance
     

    Wednesday, March 7, 2007 11:50 PM

All replies

  • User989702501 posted

    Check if the iusr_computername user has permissions to read those files.

     

    Wednesday, March 7, 2007 11:52 PM
  • User-379005390 posted

    Apologee to my ignorant sound.

     So taking into consideration your reply (thanks btw).. I turned off simple sharing and now should i audit the permissions at inetpub level? or just wwwroot? I might consider using an ftp as well in the future.

     
    I just want to make sure so i don't make any big mistakes.

     

    Also, whats the difference between auditing using the Security tab as oppose to using the Web Sharing tab?
     

    Wednesday, March 7, 2007 11:56 PM
  • User989702501 posted
    Yes, turn of simple file sharing, check if those files hve proper permissions configured, if not grant access accordingly. Only on to the files, not the entire directy, unless you want all files underneath the wwwroot to have the same access config.

    if all files already have correct permissions assigned, then look at the IIS log files, post those 401 related entries here.
    Wednesday, March 7, 2007 11:59 PM
  • User-379005390 posted

    Turns out that the wwwroot folder is already being shared to the appropriate iusr_xxxx. I guess the permissions were set during installation.

    IIS is still prompting me for user/pwd tho. 

    I located the logfiles in the windows/system32/logfiles dir and it shows the following information:

     

    #Software: Microsoft Internet Information Services 5.1
    #Version: 1.0
    #Date: 2007-03-08 04:14:25
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    04:14:25 192.168.1.104 GET /iisstart.asp 302
    04:14:25 192.168.1.104 GET /localstart.asp 401
    04:14:41 192.168.1.104 GET /localstart.asp 401
    04:14:43 192.168.1.104 GET /favicon.ico 404
    04:22:00 127.0.0.1 GET /iisstart.asp 302
    04:22:00 127.0.0.1 GET /localstart.asp 401
    04:24:30 127.0.0.1 GET /localstart.asp 401
    04:24:36 127.0.0.1 GET /localstart.asp 401
    04:25:01 127.0.0.1 GET /favicon.ico 404
    04:25:59 127.0.0.1 GET /favicon.ico 404
    #Software: Microsoft Internet Information Services 5.1
    #Version: 1.0
    #Date: 2007-03-08 04:28:19
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    04:28:19 127.0.0.1 GET /iisstart.asp 302
    04:28:19 127.0.0.1 GET /localstart.asp 401
    04:28:31 127.0.0.1 GET /localstart.asp 401
    04:29:17 127.0.0.1 GET /iisstart.asp 302
    04:29:17 127.0.0.1 GET /localstart.asp 401
    04:29:25 127.0.0.1 GET /localstart.asp 401
    04:29:27 127.0.0.1 GET /localstart.asp 401
    04:29:27 127.0.0.1 GET /localstart.asp 401
    04:31:17 127.0.0.1 GET /localstart.asp 401
    04:32:01 127.0.0.1 GET /favicon.ico 404
    04:34:13 127.0.0.1 GET /localstart.asp 401
    04:34:24 127.0.0.1 GET /localstart.asp 401
    04:34:31 127.0.0.1 GET /localstart.asp 401
    04:34:57 127.0.0.1 GET /localstart.asp 401
    04:35:24 127.0.0.1 GET /localstart.asp 401
    04:36:53 127.0.0.1 GET /winxp.gif 200
    04:36:59 127.0.0.1 GET /localstart.asp 401
    04:37:05 127.0.0.1 GET /iisstart.asp 302
    04:37:05 127.0.0.1 GET /localstart.asp 401
    04:38:00 127.0.0.1 GET /iisstart.asp 302
    04:38:00 127.0.0.1 GET /localstart.asp 401
    04:38:00 127.0.0.1 GET /localstart.asp 401
    04:38:05 127.0.0.1 GET /localstart.asp 401
    04:38:08 127.0.0.1 GET /localstart.asp 401
    04:38:08 127.0.0.1 GET /localstart.asp 401
    04:40:00 127.0.0.1 GET /iisstart.asp 302
    04:40:00 127.0.0.1 GET /localstart.asp 401
    04:40:00 127.0.0.1 GET /localstart.asp 401
    04:40:01 127.0.0.1 GET /localstart.asp 401
    04:40:01 127.0.0.1 GET /localstart.asp 401
    04:40:01 127.0.0.1 GET /localstart.asp 401
    04:43:23 127.0.0.1 GET /iisstart.asp 302
    04:43:23 127.0.0.1 GET /localstart.asp 401
    04:43:23 127.0.0.1 GET /localstart.asp 401
    #Software: Microsoft Internet Information Services 5.1
    #Version: 1.0
    #Date: 2007-03-08 05:30:38
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    05:30:38 127.0.0.1 GET /localstart.asp 401

    Thursday, March 8, 2007 12:35 AM
  • User1073881637 posted
    Download Filemon from sysinternals and see what is folders are being denied.  This is handy when trying to find permissions issues.
    Thursday, March 8, 2007 1:32 AM
  • User-823196590 posted
    You can also add User Name (cs-username) to the extended logging properties so we can see what user is getting denied in the logs.
    Thursday, March 8, 2007 8:05 AM
  • User-379005390 posted

    You can also add User Name (cs-username) to the extended logging properties so we can see what user is getting denied in the logs.

     

     I was able to enable cs-username but i don't anticipate the log file spitting out useful data.

     
    Oddly enough, i was able to logon to the IIS site with a username that i created but not the IUSR_xxxx.

     Also, with the IIS running i turned off my firewall briefly and i was able to connect to the web server via different network computer. It returned under construction web page.

     
    log file goes as follows:

    #Software: Microsoft Internet Information Services 5.1
    #Version: 1.0
    #Date: 2007-03-08 14:40:09
    #Fields: time c-ip cs-username cs-method cs-uri-stem sc-status
    14:40:09 127.0.0.1 - GET /iisstart.asp 302
    14:40:09 127.0.0.1 - GET /localstart.asp 401
    14:40:21 127.0.0.1 SHUT\clo GET /localstart.asp 200
    14:40:21 127.0.0.1 SHUT\clo GET /warning.gif 200
    14:40:21 127.0.0.1 SHUT\clo GET /web.gif 200
    14:40:21 127.0.0.1 SHUT\clo GET /mmc.gif 200
    14:40:21 127.0.0.1 SHUT\clo GET /help.gif 200
    14:40:21 127.0.0.1 SHUT\clo GET /print.gif 200
    14:40:23 127.0.0.1 - GET /winXP.gif 200
    14:40:41 127.0.0.1 SHUT\clo GET /iisstart.asp 302
    14:40:41 127.0.0.1 - GET /localstart.asp 401
    14:40:41 127.0.0.1 SHUT\clo GET /localstart.asp 200
    14:40:46 127.0.0.1 SHUT\clo GET /localstart.asp 200
    14:42:18 192.168.1.101 - GET /iisstart.asp 200
    14:42:18 192.168.1.101 - GET /pagerror.gif 200
    14:42:18 192.168.1.101 - GET /favicon.ico 404
    14:42:19 192.168.1.101 - GET /iisstart.asp 200
    14:42:19 192.168.1.101 - GET /iisstart.asp 200
    14:42:19 192.168.1.101 - GET /iisstart.asp 200
    14:42:20 192.168.1.101 - GET /iisstart.asp 200
    14:42:20 192.168.1.101 - GET /iisstart.asp 200
    14:42:20 192.168.1.101 - GET /iisstart.asp 200
    14:42:21 192.168.1.101 - GET /iisstart.asp 200
    14:42:21 192.168.1.101 - GET /iisstart.asp 200
    14:42:21 192.168.1.101 - GET /iisstart.asp 200
    14:42:23 192.168.1.101 - GET /iisstart.asp 200
    14:42:23 192.168.1.101 - GET /iisstart.asp 200
    14:46:17 127.0.0.1 - GET /iisstart.asp 302
    14:46:17 127.0.0.1 - GET /localstart.asp 401
    14:46:22 127.0.0.1 - GET /localstart.asp 401

     

    Thursday, March 8, 2007 9:53 AM
  • User-823196590 posted
    It's useful because it confirms for us that the problem is with IUSR.  What NTFS permissions are set for localstart.asp?  I suspect IUSR does not have access.
    Thursday, March 8, 2007 10:35 AM
  • User-379005390 posted

    It's useful because it confirms for us that the problem is with IUSR.  What NTFS permissions are set for localstart.asp?  I suspect IUSR does not have access.

    AHHH! ok now i see whats going on, the permissions aren't set right.  Since the user clo is the primary and only account being used, i will set it to full control (admin rights)

     IUSR_

    IWAM_

     
    should be set to what?
     

    I will type word for word what it says

     

    Group or user names:

     clo(SHUT/clo) <<==logged user

    Permissions:

    none 

    Internet Guest Account (SHUT/IUSR_SHUT)

     Permissions:

    Write = deny

    Launch IIS Process Account (SHUT/IWAM_SHUT)

    Permissions:

     Write = deny
     

     

    Thursday, March 8, 2007 2:04 PM
  • User-823196590 posted
    IUSR_SHUT should have NTFS Read permissions to the file.  What does it have for the iisstart.asp ?
    Thursday, March 8, 2007 2:46 PM
  • User-379005390 posted

    IUSR_SHUT should have NTFS Read permissions to the file.  What does it have for the iisstart.asp ?

     

    0 permissions at all. I'm confused I thought if i put permissions on one folder it would automatically inherit the down the heiarchy of sub folders. am i mistaken? Thanks for your replies. big help 

    Thursday, March 8, 2007 5:39 PM
  • User989702501 posted

    Zzz for localstart.asp, I believe it needs local administrative rights If I remembered correctly. Hence after you enter the username, you will see the content. Look at the file itself (localstart.asp), check it's authentication method, I believe anonymous access is not checked (IIS MMC property page - file security tab). and what you seeing is by default. iisstart.asp will invoke localstart.asp if it is visit via localhost, etc. if not it will just display 'page under construction'. That's why you see in the log - iisstart.asp is status code 302, when it redirected to localstart.asp.

    Thursday, March 8, 2007 8:57 PM
  • User-823196590 posted

    So it sounds like this is by design. 

    I have never used those files so I never ran into this myself.  If you create a default.asp (or default.aspx/default.htm) and set that as the default document on the root do you still get prompted?

    Friday, March 9, 2007 10:15 AM
  • User99455409 posted

    Hi,

    Just had the same problem yesterday (IIS 5.1 and IE7). Some googling told me that in IE7:
    - go to Tools -> options
    - security tab -> local intranet
    - click 'Sites' and uncheck the 'automaticcally detect....'
    - add http://localhost as trusted

    That did the trick, hope it works!

    Regards,
    Tom

     

    Monday, March 12, 2007 4:50 AM