We currently run an ASP application on W2K with IIS5 that calls COM+ components on another W2K server. We are upgrading to W2K3 with IIS6. The ASP pages now fail when it tries to create the COM+ object. We tried IIS5 isolation mode but the same thing happens. KB article 810564 seems to address ...more >>

Hello, I can't get into my hotmail. When i go to log in it pops up Error: unable to access because of error with Secure Channel Support. I've tried regsvr32_rsabase.dll, but to no avail. What can I do? HELP! John Yurcik...more >>

When IIS6 is installed on Windows 2003, it is in a locked- down state. How do I remove this?...more >>

Hi, I am developing a pay-per-view web based application. I am writing an ISAPI filter that handles the security issues. When a user requests a page with embedded media file located in a particular directory the ISAPI checks whether the request came from a proper place by checking cookies. If...more >>

Hi, we are setting up an application that pops-up a windown where credentials are to entered (using IIS), we want to authenticate this credentials against an ADSI DB within our LAN. The DMZ is a workgroup (no domain). Using a ColdFusion application authentication is OK, IIS seems to be ...more >>

I have servers in my DMZ that show people attempting to logon guessing the user accounts and passwords, they are getting denied but wanted to know if there is any way to prevent them from even attempting to access the server. Also I have one server where they are trying local accounts and...more >>

is there anyway of monitoring/finding programs that are calling up the use of the dialer. I find that soemthing is calling up my dialer and connecting me to the internet even though I have auto connect unchecked. Any/all help will be greatly appreciated....more >>

We seem to be under attack... My company is experiencing problems with all of our public facing ASP sites. The OWA and our CItrix server are returning ASP errors. The OWA error is... ASP error 0115 (if memory serves) Citrix allows the initial login through both the secure connection and from...more >>

I have a problem in the configuration of these two events in windows 2000 advance server and I will welcome your help in this area. Thank you and have a nice day. M. Akram Arain E-mail: zuneca@skyinet.net...more >>

Hi. I'm looking for some recommondation on which firewall type (hw:i.e. cisco/sw: i.e. stonegate?) is best suited for my w2k adv. + IIS 5.0 webserver. As I've been hacked 100%, I want to make sure that my next installation is protected as efficient as possible. Thx....more >>

Can anybody help me with code on automating the procedure of assigining an exisiting Server Certificate to a given web site in IIS? I need this pretty Urgent. Thanks in advance Srinivas K...more >>

I have a web server setup on a DMZ with an ASP application that is trying to access JPEGS on a file server that is not on the DMZ. I have a mapped drive setup on the web server pointing to the location of the JPEG images. When the pop-up appears within the ASP application that shows the ...more >>

The other day I was in Yahoo chat, and someone popped up and told me to click on to their web site. I did, and it ended up being a webcam porn site. I clicked out got off line. The next day, I got into Yahoo Messanger to check my mail, and the porn site came up. It now comes up everytime I...more >>

I was chatting the other day on yahoo, and in the chat room, someone sent me a website to go to. I went and it ended up being some porn webcam site. I clicked out, but now, everytime I want to check my mail from my messenger or view someone's profile from it, that site always pops up. What...more >>

__________________________________________________________________ Benny Yuan ICQ#: 168627973 Current ICQ status: + More ways to contact me __________________________________________________________________ ...more >>

Hi, I would like to get a wildcard certificate for my institution. We have many servers requiring SSL, and it is getting expensive. Knowlege base article 258858 says that wildcards are not acceptable with Windows 2000 IIS, but it sound like this should have been fixed after sp1. Is t...more >>

We installed the iis lock down software that is supposed to help secure an IIS server. Once we did this we would go to our intranet site using the server name only... ex.. webserver/index.html this would allow us to view the pages fine. Once we started using the fully qualified Domain...more >>

Windows version 2003, IIS 6.0, Exchange 2003 I am getting event id 20 source KDC the currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system admini...more >>

Hi, I got this "GET /scripts/nsiislog.dll - 401 -" in my IIS 5 log file. Does anybody have any idea? Thanks Tan...more >>

Hello, Desc. : I have completed the process for certification and installed it already to Default WebSite. write port 443 CN is my computer name. I am using this for test perpose on my local PC. So there is no firewall. ::::Main problem I am getting "The page cannot be displayed..." message...more >>

A Search engine is somehow setting itself on my MS Explorer menu as my homepage every morning. I reset the homepage and delete all the files from this search engine i can locate to no avail. When i login the next morning, this Search engine is once again my 'Homepage'. How do I keep thi...more >>

I found out that disabling or removing IUSR/... user account is not enough to disable anonymous access to Web site. There is a user account NETWORK in directory wwwroot which MUST be disabled or removed to really deny anonymous access (clean install IIS 6.0, Windows Server 2003, integrated...more >>

Hi All, I have a web app that uses IIS 5 Metabase to store ODBC connection details as described here (http://www.devarticles.com/art/1/592). Our comapany would like to migrate their win2k server to Windows 2003 to increase the security but when i try to add the custom class's using t...more >>

Can anyone explain why i get INFO: popup every sec and they build up this makes it very fraustrating i'm about ready to slam my system to the ground?...more >>

I am getting scanned to death today on the web dav vulnerability discussed in MS03-007 security bulletin. I installed the IIS lockdown tool and URLScan and they are denying the connections but I am seeing scans at least every minute. Is there all of a sudden a new outbreak of this? Why tod...more >>

What is the password of IUSR should be set?...more >>

Hello, Is it possible to install 404.dll on IIS without using the full-blown IIS Lockdown tool? Thanks, Jose...more >>

We have a domain setup for only the main servers of the company (workstations in a seperate domain).We are adding an internet web/application server to the server domain. Is it absolutely wrong to make this web server part of this server domain? I want this new webserver to communicate fla...more >>

This happened a couple of years ago: How do feel about a boss who wants to know everybody's Passwords on the server, including FTP user names and passwords. I worked for this fellow who hired me as their administrator to the networks and web servers, he wanted me to keep track of all the user...more >>

Help! I am configuring a intranet application, here is the logic 1- When the user hits the site, authentication is required, and we are using their windows user. 2-A query is then run depending on the user. A menu of items the user can do are displasyed. This step works and we know then that the ...more >>

I have a site in IIS that "Require secure chanel (SSL)" is checked. TCP Port : 6666 SSL Port : 7777 When I try http://mysite:6666 - I see a page indicate that the site require SSL - GOOD ! When I try https://mysite:7777 - I see my page with the yellow lock and when I double-click on the lo...more >>

Hi All, I have a web app that uses IIS 5 Metabase to store ODBC connection details as described here (http://www.devarticles.com/art/1/592/2). Our comapany would like to migrate their win2k server to Win 2003 to increase the security but when i try to add the custom class's using the m...more >>

I had to do a repair on nt4 with iis4. Now iusr_ account is missing from user manager. How can this be recreated short of uninstalling option pack and reinstalling it?...more >>

Hi , We have a product that uses Win 2000 Server /IIS 5 . We have not problems with this setup in accessing elements via ASP - The product works fine We are moving to Win 2003 Ent / IIS 6 and we have run into trouble. We cannot perform a task that we were able to do. It seems it we do...more >>

IIS 5 using NTFS permissions on Windows 2000 Server. Within the site there is a trusted users login. I can test the login successfully but some users outside the corp. domain or LAN are unable to access this part of the web. Some are getting no login box and immediatly get the 401.3 err...more >>

My home page defaults to one of two search engine pages I deleted all files with these names and reset my home page but they keep returning....more >>

I am new to my company, so I did not set this up but, they hired me to support it.anyway..I have two 2000 Advanced Servers clustered to have a 24/7 uptime for IIS Version 5 here is where I am stuck, I can run IIS on node 1 without any problems, but when I move the IIS group from node 1 to ...more >>

Hello I've been told today that when sending or retrieving data from a webserver using NT authentication then IDs and passwords are sent as plain text. Does anyone know if something can be put in place to encript this information. Thanks...more >>

Hi All, Here is the error I keep getting on an IIS server, it is a member of a 2k domain, and it runs fine for a couple of hours but then stop giving access. Error from IE: HTTP 401.1 - Unauthorized: Logon Failed Internet Information Services System Event log Error from server: Eve...more >>

I am in desperate need of some help here. Halloween weekend I had around 20 GB of Spam traffic go through my server. I am running 2000 Server with the default SMTP server that comes with IIS 5.0 The messages seemed to be the same messages coming from different IP addresses and addressed to...more >>

I can't get a search engine to work help me eliminate the problem please? can some one walk me through it?...more >>

Suppose that I have two servers each running different sites. They both require authentication (using NT authentication). They are both on the same domain so when a user logs into either, they can use the same username/password. On one of the machines, there are hyperlinks pointing to conten...more >>

I am experiencing some very bizarre authentication problems with an ASP.Net app on IIS 6. I'm on Server 2003 standard, using a virtual dir on the default site. The virtual dir has only integrated authentication checked. Users authenticate just fine if they are on Win2K. Clients with XP ge...more >>

Hi i have secured a web site with a certificate and basic auhtentication. when a user goes to the web site with IE via https to the web site he is prompted for a passwors, which is OK, but the user then marks the save password option. my question is - SSL is not supposed to do that, h...more >>

I run XpPro & IIS 5.0 and have been sucsesfully using ASP and Access database on my web server. After re-installing my OS I can't set folder permissions or remember how I did it before. Any changes are reset to Read Only. Most documentation I see says to grant the IUSR_computername user a...more >>

Not sure if I am in the right section on this Someone reset the aspnet account password during a server lockdown, now my .net applications won't work. Is there a way that I can get the applications back in sync with the password that the aspnet account now uses? Or do I have to reinstal...more >>

Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http:...more >>

What does this mean? /scripts/root.exe /c+dir /MSADC/root.exe /c+dir 403 /c/winnt/system32/cmd.exe /c+dir 404 /d/winnt/system32/cmd.exe /c+dir 404 /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 - /_vti_bin/..%5c../..%5c../..% 5c../winnt/system32/cmd.exe /c+dir 500 - /_mem_bin/..%5c../....more >>

Hello, Is there security issues with frontpage 2000 if you are not utilizing frontpage extensions on the webserver? I only use frontpage to creage the .htm document that I upload to the server and was told that since it is a frontpage document there are security issues...more >>

I know very little about hacking or the like. I have a problem I hope someone can help me with. My FTP server is getting modified by someone or something. I am running IIS on win2k server. I have NAV Corporate Edition 2.7. I have a hardware-based firewall with ports open for FTP, SMTP, P...more >>

I am trying to setup my OWA on my server. I was told I have to enable SSL and then enable Forms Based Authentication, on the IIS?? I cannot find where Forms based authentication is locations?? Can anyone help>...more >>

This should be a simple question, but it has turned into quite the quagmire for us here at work that's lasted . In short, how should an ISP configure IIS/Win2K to allow secure dynamic access to Access/Jet databases via ASP and ADO, with particular emphasis on the "secure"? We found the standar...more >>

I am involved in trying to setup a website that will give users of our domain a heads up and also allow them to change their passwords through the web server for our domain. I have not come across an article that clearly shows the process. Does anyone have any ideas where I could find one ...more >>

Can't figure out how to get prompted for user logon. All users are using Internet Explorer 6.0 or better. How can I setup the logon screen so users can login? Windows 2003 w/ IIS 6.0 Just setup IIS 6.0 on my new 2003 server. Added a new FTP site and pointed to folder on local machine - ...more >>

I have Windows Server 2003 with Project Server 2003 installed. Project web access works through http. I then installed a certificate and configured site for SSL, 128 bit. When I access the site now, I receive Page not found. If I try to access via http, I receive a message indicating I...more >>

I'm migrating a asp.net webapp from win2000 to win2003. the app is making a trusted connection from ASP.NET to SQL Server. the error is: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. kb: http://support.microsoft.com/default.aspx?kbid=316989 says: CAUSE When you use ASP.NET, the defa...more >>

Can anyone give me good references on tools for IIS web server? I mean from administrators point of view, what famous/common third-party tools that we should use to administer IIS? Or just IIS itself is good enough? Please advise! Thanks ...more >>

Hi, [Apologies again for the cross-post, as I think that some questions overlap NG coverages.] Background ========== I've been testing with SSL client authentication scenarios with both Win2K/IIS5 and Win2K3/IIS6. Most recently, this work has been with Win2K/IIS5, as that is the produc...more >>

Hi, =20 I'm confronted with the following scenario: I want to host INTERNET = sites and INTRANET sited on an IIS. The communication should be = encrypted. I therefore plan to install a certificate. My question is now = weather I need two different certificates or if one is enough? Best...more >>