IIS Website not authenticating anonymous

I just upgraded our systems from Windows 2k Adv. Server to Windows 2k3 Web Edition. I am have a few problems hosting our sites. As I host a site and the anonymouse account-- IUSR_ourserver the rights to access the necessary documents and folders and in iis the anonymous login is IUSR, when i go to the site it asks for a user name and password. If i disable Windows authentication then the error 401.1 comes up, without asking for a user or pass. I have gone through so many times trying to figure out what is wrong. I even gave IUSR full rights to everything and still nothing helped. These sites are flash and I don't think it has to do with the problem. Please let me know how to fix this authentication problem.

I am having the exact same problem, I hope someone replies!

Are you using only plain static html (or htm) pages, or are you using something dynamic such as PHP, ASP, Perl, Server Side Includes etc?

Actually it had something to do with the password syncronization with iis. I had to edit the metabase and then reset the password and it started to work just fine. Thanks again shaun

Shaun,

What in the did you edit in there?

Any ideas anyone? And yes I"ve checked all permissions for the anonymous user and even re-installed IIS.

What version of IIS are you using? If it is version 5 with 2000, on the Authentcation and Access Control page in IIS where you enable Anonymous access untick the option to allow IIS to control the password. Instead, enter your own password. Then, in Computer Management, reset the password for the IUSR_computername to your new password. Maybe this will help.

I think the problem is that if IIS controls the password and the password that IIS has differs from the password set for the user, then it is unable to logon. Not sure exactly how you would edit the metabase to restore functionality allowing IIS to control the password though.

I'll try that, but I am running IIS 6 so I don't know if the option for having IIS control the password is there (not at my server right now.)

I've just checked and there is no option to allow IIS to control the password. I assume, therefore, that by default IIS doesn't control the password (not sure though). Perhaps you can just enter the username: IUSR_computername, and a password of your choice, and then as long as you remember to set the password in the Computer Management, it may work.

Verify that the IUSR account has logon locally rights. Without it, anonymous access will fail.

Hello, I'm having the same problem you described, where anonymous access access fails with an http 401.1 error. Could you please tell me the steps you took to resolve this problem?

Hello,

You could run Filmon to check if there is any "access denied" errors.
You could download Filemon from www.sysinternals.com

Make sure the permissions on the content is set correctly as per this KB article.
812614 Default permissions and user rights for IIS 6.0
http://support.microsoft.com/?id=812614

Try enabling auditing for logon events for Failure it will generate security event log.

Also you might want to verify the IUSR password in sync with IIS metabase and user manager.

HTH.
Ganesh

I have previously checked the permissions based on KB 812614, and it checked out okay. I also checked the security event log and the anonymous logon user (iusr_machinename) is logging on successfully.

If I access an html file in the same directory, there is no problem. But if I access an asp or asp.net file, I get the "401.3 access denied due to an ACL.." error. Both ASP and ASP.NET have been enabled.

Thanks.

could you please check local security policy for any "Deny"?

Try adding IUSR into local admin group.

Try restarting IISadmin service.

Thanks.
Ganesh

I added the IUSR_machinename account to the 'Users' group, restarted IIS, and now asp and asp.net pages are accessible with security set to anonymous access. I'm not sure if this is the correct thing to do, but it works. Is this documented anywhere as a requirement?

Late yesterday I had found an alternate way to get ASP and ASP.NET working. It was by enabling/disabling all the Local Security Settings having to do with Network Access and anonymous users. I set ALL of the following to be the least restrictive setting:

Network access: Allow anonymous SID/Name translation (I CHANGED TO ENABLED)
Network access: Do NOT allow Anonymous enumeration of SAM accounts (I CHANGED TO DISABLED)
Network access: Let Everyone Permissions apply to anonymous users (I ENABLED, but this by itself did NOT fix the problem)
Network access: Restrict anonymous access to Named Pipes and Shares (I CHANGED TO DISABLED)

When ALL of the above were set, asp and asp.net worked following a restart. I've since changed all these settings back to the default, more restrictive settings, since adding IUSR to the "Users" group seems to work.

Thanks for your suggestions. They were really helpful.