I'm not sure if this is the right newsgroup. But every time I am on the internet, I get this message (about ten minutes into it)telling me that there was an error, send an error report to Microsoft or not. I have tried both ways, and I get the message that NT Authoriy/System is shutting do...more >>

Hi, We have a 'mixed domain' with NT4, W2k and W2k3 servers, NT4,W2k and XP clients, IIS 5, 5.1 and 6, IE5.5 and 6. All our web apps use Basic or Integrated Authentication. I am wondering if it would reduce the OS/network load if I made a lot of the resources (eg gifs, pop-ups, includes ...more >>

This may be rather basic in nature, but... If someone can point me to a tutorial on setting this up, or give instructions, that would be great. I have done some searches, but unfortunately the questions/responses seem to assume too much previous knowledge, or do not address some of the topics...more >>

Hi All, We dial-in into 2003 server and doing FTP to another NT-4 server. It looks like based on the IP address assigned to the remote client - FTP some time works and other time it gives error Cannot connect to remote host. At that time we're not able to ping the remote server. This specially happ...more >>

I've written a web application (using ASP) and sporadically we get a login dialog asking for username, password and domain (this is not a web form that I created for logging in). The web server is IIS 5.0 running on a Windows 2000 box. Can someone point me at what might be causing this? BB...more >>

I would like to deny access to computers from 102.168.0.0 - 102.168.254.254 with a subnet mask of 255.255.255.0 When I enter in 102.168.0.0 with subnet mask 255.255.255.0 - it does not deny. when I enter in 102.168.0.0 subnet 255.255.0.0 it DOES DENY. My iis server is on subnet 255.255.0.0, but I...more >>

Hi, I have an ASP.NET app that sends HTTP WebRequests to an exchange server that requires NTLM authentication. To do so, the ASP.NET app is configured to impersonate the current user. Everything works fine, except on our test Win 2003 machine, where the web requests fail with a 401 answ...more >>

Just rebuilt my Web server and added back all the user accounts. When I switch on Basic Authentication, the ASP that pull information from the SQL server fail to make the DSN connection with the following message:- "Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [Microsoft][ODBC SQL...more >>

Well I am fairly certain this is something I am somehow foolishly missing in IIS configuration, I have a subfolder below my default site that has a complete coldfusion app I would like to run, but I would like it to be open to read by anonymous iusr. Now for some strange reason, the folder serves HT...more >>

We just migrated to IIS 6.0, and in our previous production environment, we had basic authentication against "\" for authenticating across trusted domains. The same setting does not work with IIS 6.0. Is there a new way to authenticate across domains in IIS 6? ...more >>

I'm trying to get a distance learning software package (Flex Training by Online Development) up. This software is based primarily on Active Server Pages (ASP). It works fine without SSL/128 enabled. But once I enable SSL, the final page that is supposed to launch the "class" returns a H...more >>

Does anyone know how to redirect http:// requests that hit a SSL site automaticlly to https:// ??? I'm not a programmer so please go easy on my... :-) Thanks!!! Scott...more >>

Hi, I think that I have encountered a somewhat serious "bug" somewhere. I can't tell if it's a CryptoAPI bug, an IIS bug, or whatever, so I'm cross-posting this to several newsgroups. This seems like (to me) a rather serious problem, and I'll try to describe what's happening as best I can, ...more >>

We have internally developed apps running on our IIS 5.0 Intranet server. These apps use the anonymous login to query AD for object resolution in order to process security permissions. This worked great with W2K DCs. Since we have upgraded to W2K3 DCs only, it has stopped working. My educated gue...more >>

Hi all, I have an Intranet Win2K server running IIS 5. 3 websites are defined - the default on port 80, and the admin site and a sharepoint site on alternate ports. Security is set to Window authentication for all sites, and NTFS security to the appropriate directories is set accordingly....more >>

Hi all I installed a new SSL certificate this morning on one of our web servers [NT 4.0 SP6a with IIS 4.0]. I can see in Key Manager that the certificate has been installed OK and is valid, but the SSL secured area of our web site no longer functions - just get page can not be displayed. I ...more >>

Hello all, Before I get to babbling on, please feel free to correct me if I'm wrong at any point, and please forgive the massive long post for such a simple queery! I'm in the process of designing the infrastructure for when we move to Win2k network/domain. I'm not very experianced in I...more >>

I had some hackers break into my web server when I was running NT 4.0. I upgraded to 2000 and put URLScan on the system and it appears to have stopped them but they continue to try and gain access. Most often now they simply give up after entering a command that looks like this in the log ...more >>

Hi, Anyone knows what the below entry in a urlscan log means? "Received malformed request which resulted in error 50 while modifying the 'SERVER' header.Request will be rejected with response code 400." I looked up the corresponding entry in the weblog, and it was served with a 200 status...more >>

It started out with a massive comms bill. 1GB over the download limit for a month. I couldn't work it out, but the same thing happened the next month, and this month. I started to have a look around.. My ISP shows we are downloading roughly 100MB every 24 hours which is ridiculous for the type...more >>

I set up a simple web page which I can access from inside the office. I configured my dsl router to direct HTTP requests to my IIS server. But for some reason, from outside, I get the message, we "cannot find the web site." Does IIS have some automatic security feature blocking requests fr...more >>

I get the following message page when I visit a commercial web site I normally visit to shop. What does it mean and how should I respond? Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details o...more >>

I have installed and run the IIS lockdown tool today. It caused a failure of a perl based web calendar called WebEvent. Everytime we open the .pl file, we receive an error that the page cannot be found. I edited the urlscan.ini file to allow for .pl files. However, when opening the URL in the br...more >>

Hi, I have a client who is thinking about running a intranet on IIS6 with Integrated Windows authentication. As the client is using Novell Directory Service, I need to know if the integrated windows authentification will work with NDS instead of an Active Directory. Has anyone here had any exp...more >>

How should a firewalll be configured to allow Windows Update? ...more >>

The last couple of months we have gotten thousands of: Sent verb 'SEARCH', which is not specifically allowed. Request will be rejected. In our URL scan logs. Is this a worm or what? It bugs me I can't see all the information being sent from the logs. ...more >>

-What exactly does the Lockdown do? -Does it just reset existing switches or does it load additional software? -If switches are reset, what are they and what are they set to? -Is there an undo?...more >>

We have spam and pop ups on our internet. Can you recommend any package to remove these and prevent them in future. Thanks please reply to fredron@vhe0310.freeserve.co.uk...more >>

"403 Forbidden - The server denies the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) Internet Security and Acceleration Server" I get this message everytime i access http://localhost but i can access my default asp.net page by going to http://machinename. ...more >>

Can I establish a connection between IE6 and IIS6 and require that connection to be 256bit SSL using the AES algorithm? OR can the AES (rijndael) algorithm be used even at 128bit natively within IIS? ...more >>

Is there a way to increase the number of authentication attempts you are allowed to submit before you fail and get the 401.3 authentication failed page. We have a situation where a client is intermittently failing authentication to our server. While we are investigating the root cause of...more >>

I have searched google but it's obvious I am using the wrong keywords as I get a lot of articles that don't answer my problem. My manager wants some software, free preferably or low cost, that will show him virus attempts on our IIS server by analyzing the log files. I have told him to ign...more >>

i am getting the 'HTTP 403.9 - Access Forbidden: Too many users are connected Internet Information Services' error....im running xp pro with a workgroup setup and i am wondering how i can fix this problem...it only happens after i try to access the intranet site after a few times... Che...more >>

My corporate web site is running on Win2k SP4\IIS5. Currently, all the = content is either HTML or ASP. My web developer has developed some cgi = scripts (Perl 5) to do a price calculation. Are there any serious = security considerations that should prevent me from loading a Perl = interprete...more >>

Hi, Firstly I have noticed that the URLScan bundled with IISLockdown is version 2. You need to update to 2.5 afterwards. Why isn't iislockd relased with 2.5 bundled? I am looking at doing unattended install of iislockdown across over 100 servers. IISLockdown installs URLScan 2 in ...more >>

I have a range of IPs I would like to block from accessing IIS. Can anyone help with the format of the IP address/Subnet mask to add in the "IP Address and Domain Name Restrictions" page? For instance, I would like to block all addresses in the 61.32.x.x range. Is the correct entry 61.32.0.1 ...more >>

Does anyone know how to redirect http:// requests to an SSL site to HTTPS:// on the IIS server? Thanks in advance! Scott...more >>

I created my own cert server. I generated an SSL certificate and installed it into IIS 5. It works fine but I get the security alert dialog box everytime. How do I force the client to trust the certificate? If you click view certificate and then install certificate it still pops up eve...more >>

Greetings: Ever since I moved to IIS 6.0/Win 2003 Server Web, my ISAPI dll can't write to the event log using the vb app.logevent method. There is no error, just no data. If I evoke the ISAPI DLL from a stand-alone app running as a logged in user, it works fine; and also works fine unde...more >>

Hi, I'm getting to be at my wits end on this one and thought I'd do a shout out to the community to see if I could get some help. We're running IIS v5 on two machines that sit behind a load balancer (Cisco Content Switch if you must know). In this scenario any requests that come i...more >>

Hi all, We have a website running on our local network. We need to make this website accessable for a few people on the Internet so we use ISA server publishing to "securely publish" this site online. How can we make sure a password is required for the website, unless the request comes from ou...more >>

A developer has created a page on our non-ssl site that asks the user for login information. When the user hits submit they are sent to a page on our secure ssl site which process the information and authenticates the user. He says that when the user hits submit a secure connection is es...more >>

Hi, I need to give some users on the local machines right privileges to administer IIS 5.0. These users belong to USER group (not ADMINISTRATOR) on local computer (these are not domain accounts but only local). IIS is working on local PC and users ought to be allowed to do all activities that...more >>

I am not an expert at this, so I hope this is not a stupid question. I have people putting their name and addresses into a contact list on a Sharpoint Team website. Is there a way to get SSL or something else to make the link encrypted? I have had several people say they don't want to...more >>

I originally posted this in IIS group, but I thought I'd try here, I'm really stuck getting integrated authentication to work accross a web server to a UNC share on another server If anyone feels so inclined, Id really appreciate any help on offer. Heres the problem It seems that when ...more >>

I have an IIS server which allows an upload to an internal SQL database. How can I virus protect the data stream? On access virus protection products such as SOPHOS will not work in isolation since the uploaded file doesn't "Touch the sides" and is not saved to the IIS disk. Is there anythi...more >>

I am running SSL on one of my sites. A scan was recently performed by QualysGuard. It recommends disableing SSL 2. I found this article on MS. Shouls SSL2 be disabled? Server is NT4, sp6a, IIS4, urlscan and fully patched. http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 Th...more >>

How would you go about identifying and then moving the SSL Certificates from a Win2K IIS 5.0 server to a new Server? What would be the best method to accomplish this?...more >>

Hi What is the recomended way to conect to a sql db from webserver iis 2000 to sql 2000 in mixed mode I am looking for a technet etc. artical showning users / password for direct and via com+ i.e. do I just grant I_USSER rights to all the db's I need to access! If so how do I pr...more >>

im having trouble accessing an site over a local intranet from other computers. I cant allow anonymous access as the site wont work properly...but when it asked for a user name and passwork nothing i try will work...and i dont have a clue where to configure those user accounts. i am using ...more >>

I have a Windows2000 server with IIS 5 and I set up 3 website on it. It's OK with HTTP protocol. Now my manager want to use SSL with all 3 sites. I configured the first site and it worked well. But when I configured the second site, I can not open the first site with HTTPS. It's always tak...more >>

I am new to administering IIS. I notice an incredible number of file access to = "system32\inetsrv\ntinst1.mdb" there is another dbase called=20 system32\inetsrv\ntdfault.mdb as well, but that one is not open. is this the metadatabase, and should there be several access(s) a = second, or do ...more >>

We have a Windows 2000 Server with SP4 applied. The server is running IIS, and has URLSCAN installed. The IIS lockdown tool has been run on this server. I have edited the registry and set "DisableWebPrinting" to "0". I have edited URLSCAN and allowed the .printer extension. W...more >>

I have a citrix enviroment that I have publised the IIS Admin tool. I, unfortunatley, am not in an Active Directory enviroment. I need to lock down the tool to prevent 2nd level admins from being able to delete any websites. As well the only way that I can get them access to the tool is to...more >>

I have a web author who would like to restrict access to one directory on his web site. He would like to use a global login for memeber access only. Where do I start to implement this? Thanks...more >>

Can anyone provide a complete list of what will be blocked/denied if I prohibit 'All unknown CGI Extensions' and 'All unknown ISAPI Extensions'?...more >>

Hi. I am about to install a Windows 2000 webserver on the internet. However I am concerned about it getting attacked. Can anyone point me to info on how to secure it or know of any software I can use. Thanks....more >>

A few days ago I received two e-mails from Microsoft saying that I had to upload a patch. When I went to the attachment it did not seem from Microsoft so I closed and deleted this e-mail. I contacted you (lost the file number you gave me) and know I have received this message 3 times wit...more >>

Error message: "Keyset does not exist" System: Win2000 Server with IIS5 I get the above error message on the final stage of the wizard when trying to install an SSL certificate on a website. I have tried many times with certs from different CAs with the same result. As suggested in an MS K...more >>