| Groups | Blog | Home |
iis security : UNC path authentication problem
"EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > A virtual directory is set to an UNC path and > I've specified the user and password IIS will used to connect to remote > share. > But when I browse the virtual directory in IE, > I got 500 Internal Server Error. > > Afte some experiments I found that on the local computer running IIS > there MUST EXIST A LOCAL ACCOUNT with the same username and password, > or I'll get a 500 Internal Server Error. > > I've read about UNC authentication setting in IIS manual and several web > pages on microsoft.com, > but there's NO document mentioned about this point. > All they say is the user must exist on the remote computer or > is a domain accountand and have correct password. Yes, that *IS* the documentation on this point - as user with the same username and password must exists on the target server. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iisfaq.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://www.tryiis.com
A virtual directory is set to an UNC path and
I've specified the user and password IIS will used to connect to remote share. But when I browse the virtual directory in IE, I got 500 Internal Server Error. Afte some experiments I found that on the local computer running IIS there MUST EXIST A LOCAL ACCOUNT with the same username and password, or I'll get a 500 Internal Server Error. I've read about UNC authentication setting in IIS manual and several web pages on microsoft.com, but there's NO document mentioned about this point. All they say is the user must exist on the remote computer or is a domain accountand and have correct password. I've tried IIS 5.1 and 6.0, all of my computer is standalone server without joining a domain. Is this normal or there are some design error? Thanks for answering.
Thank you Tom.
I know that the username I specified in IIS Manager must exist on the remote server (server that shares the folder), but I don't see any document says on local server (server running IIS) there must exist a user with the username and password I specified. Maybe I misunderstand you answer, or you misread my statement. Can you show me the link of the document? I've checked the following: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx "Accessing the Remote File Server" Section http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D :cfg1o1$fht19@kcweb01.netnews.att.com... [quoted text, click to view] > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > > A virtual directory is set to an UNC path and > > I've specified the user and password IIS will used to connect to remote > > share. > > But when I browse the virtual directory in IE, > > I got 500 Internal Server Error. > > > > Afte some experiments I found that on the local computer running IIS > > there MUST EXIST A LOCAL ACCOUNT with the same username and password, > > or I'll get a 500 Internal Server Error. > > > > I've read about UNC authentication setting in IIS manual and several web > > pages on microsoft.com, > > but there's NO document mentioned about this point. > > All they say is the user must exist on the remote computer or > > is a domain accountand and have correct password. > > Yes, that *IS* the documentation on this point - as user with the same > username and password must exists on the target server. > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iisfaq.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > http://www.tryiis.com > >
Hi,
A local user does not need to exist. In internet explorer, please uncheck "Show Friendly HTTP Errors" in tools -> internet options -> advanced. Reload the page, and post the error you now see. Cheers Ken [quoted text, click to view] "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message news:OiRfqWIgEHA.384@TK2MSFTNGP10.phx.gbl... > Thank you Tom. > > I know that the username I specified in IIS Manager must exist on the > remote > server (server that shares the folder), > but I don't see any document says on local server (server running IIS) > there > must exist a user with the username and password I specified. > Maybe I misunderstand you answer, or you misread my statement. > > Can you show me the link of the document? > I've checked the following: > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx > "Accessing the Remote File Server" Section > http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx > http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx > > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D > :cfg1o1$fht19@kcweb01.netnews.att.com... >> "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message >> news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... >> > A virtual directory is set to an UNC path and >> > I've specified the user and password IIS will used to connect to remote >> > share. >> > But when I browse the virtual directory in IE, >> > I got 500 Internal Server Error. >> > >> > Afte some experiments I found that on the local computer running IIS >> > there MUST EXIST A LOCAL ACCOUNT with the same username and password, >> > or I'll get a 500 Internal Server Error. >> > >> > I've read about UNC authentication setting in IIS manual and several >> > web >> > pages on microsoft.com, >> > but there's NO document mentioned about this point. >> > All they say is the user must exist on the remote computer or >> > is a domain accountand and have correct password. >> >> Yes, that *IS* the documentation on this point - as user with the same >> username and password must exists on the target server. >> >> -- >> Tom Kaminski IIS MVP >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ >> http://mvp.support.microsoft.com/ >> http://www.iisfaq.com/ >> http://www.iistoolshed.com/ - tools, scripts, and utilities for running > IIS >> http://www.tryiis.com >> >> > >
Ken, I agree with you.
As I learned from MCSE traning courses and online webpages, the local user does not need to exist. But in my experiment, create a local user with the user name and password I specified in IIS can solve the problem. Have you done any setting like this successfully recently? Another message titled "Win2k IIS5 FTP Server Error" by RG in this newsgroup a week ago seems to have the same problem as mine. Here's the message. Nothing seems helpful. The page cannot be displayed There is a problem with the page you are looking for, and it cannot be displayed. ---------------------------------------------------------------------------- ---- Please try the following: Contact the Web site administrator to inform them that this error has occured for this URL address. HTTP Error 500 - Internal server error. Internet Information Services (IIS) ---------------------------------------------------------------------------- ---- Technical Information (for support personnel) Go to Microsoft Product Support Services and perform a title search for the words HTTP and 500. Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Administration, and About Custom Error Messages. In the IIS Software Development Kit (SDK) or at the MSDN Online Library, search for topics titled Debugging ASP Scripts, Debugging Components, and Debugging ISAPI Extensions and Filters. "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ¼¶¼g©ó¶l¥ó·s»D :#rn0U8NgEHA.140@TK2MSFTNGP12.phx.gbl... [quoted text, click to view] > Hi, > > A local user does not need to exist. In internet explorer, please uncheck > "Show Friendly HTTP Errors" in tools -> internet options -> advanced. Reload > the page, and post the error you now see. > > Cheers > Ken > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > news:OiRfqWIgEHA.384@TK2MSFTNGP10.phx.gbl... > > Thank you Tom. > > > > I know that the username I specified in IIS Manager must exist on the > > remote > > server (server that shares the folder), > > but I don't see any document says on local server (server running IIS) > > there > > must exist a user with the username and password I specified. > > Maybe I misunderstand you answer, or you misread my statement. > > > > Can you show me the link of the document? > > I've checked the following: > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx > > "Accessing the Remote File Server" Section > > http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx > > http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx > > > > > > > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D > > :cfg1o1$fht19@kcweb01.netnews.att.com... > >> "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > >> news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > >> > A virtual directory is set to an UNC path and > >> > I've specified the user and password IIS will used to connect to remote > >> > share. > >> > But when I browse the virtual directory in IE, > >> > I got 500 Internal Server Error. > >> > > >> > Afte some experiments I found that on the local computer running IIS > >> > there MUST EXIST A LOCAL ACCOUNT with the same username and password, > >> > or I'll get a 500 Internal Server Error. > >> > > >> > I've read about UNC authentication setting in IIS manual and several > >> > web > >> > pages on microsoft.com, > >> > but there's NO document mentioned about this point. > >> > All they say is the user must exist on the remote computer or > >> > is a domain accountand and have correct password. > >> > >> Yes, that *IS* the documentation on this point - as user with the same > >> username and password must exists on the target server. > >> > >> -- > >> Tom Kaminski IIS MVP > >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ > >> http://mvp.support.microsoft.com/ > >> http://www.iisfaq.com/ > >> http://www.iistoolshed.com/ - tools, scripts, and utilities for running > > IIS > >> http://www.tryiis.com > >> > >> > > > > > >
[quoted text, click to view]
"EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message news:%23qBDO%23TgEHA.2908@TK2MSFTNGP10.phx.gbl... > In order to let it work, > I have to create an extra local account with the same name and password I > specified in virtual dir. setting. > (both are stand-alone server) > Now it works. How else can IIS verify the account if it doesn't exist locally? I will check with some internal resources on this. -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iisfaq.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://www.tryiis.com
[quoted text, click to view]
"EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message news:upjWsUWgEHA.904@TK2MSFTNGP09.phx.gbl... > Thank you very much, Tom. > Looking forward to your investigation... : ) > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D > :cfivur$fk912@kcweb01.netnews.att.com... > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > news:%23qBDO%23TgEHA.2908@TK2MSFTNGP10.phx.gbl... > > > In order to let it work, > > > I have to create an extra local account with the same name and password > I > > > specified in virtual dir. setting. > > > (both are stand-alone server) > > > Now it works. > > > > How else can IIS verify the account if it doesn't exist locally? I will > > check with some internal resources on this. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;269009 and the line: "Create an account on the UNC server that has the same username and password as the user account that is being used to access Web pages on the IIS server." -- Tom Kaminski IIS MVP http://www.microsoft.com/windowsserver2003/community/centers/iis/ http://mvp.support.microsoft.com/ http://www.iisfaq.com/ http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://www.tryiis.com
If it's within same domain auth, then local user is not needed, if total
standalone box, you will need a local account on the resource box. Post your iis log file here. -- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message news:#9HqlTPgEHA.1184@TK2MSFTNGP12.phx.gbl... > Ken, I agree with you. > As I learned from MCSE traning courses and online webpages, > the local user does not need to exist. > But in my experiment, > create a local user with the user name and password I specified in IIS can > solve the problem. > Have you done any setting like this successfully recently? > Another message titled "Win2k IIS5 FTP Server Error" by RG in this newsgroup > a week ago > seems to have the same problem as mine. > > > Here's the message. Nothing seems helpful. > > The page cannot be displayed > There is a problem with the page you are looking for, and it cannot be > displayed. > -------------------------------------------------------------------------- -- > ---- > > Please try the following: > > Contact the Web site administrator to inform them that this error has > occured for this URL address. > HTTP Error 500 - Internal server error. > Internet Information Services (IIS) > > -------------------------------------------------------------------------- -- > ---- > > Technical Information (for support personnel) > > Go to Microsoft Product Support Services and perform a title search for the > words HTTP and 500. > Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for > topics titled Web Site Administration, and About Custom Error Messages. > In the IIS Software Development Kit (SDK) or at the MSDN Online Library, > search for topics titled Debugging ASP Scripts, Debugging Components, and > Debugging ISAPI Extensions and Filters. > > > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ¼¶¼g©ó¶l¥ó·s»D > :#rn0U8NgEHA.140@TK2MSFTNGP12.phx.gbl... > > Hi, > > > > A local user does not need to exist. In internet explorer, please uncheck > > "Show Friendly HTTP Errors" in tools -> internet options -> advanced. > Reload > > the page, and post the error you now see. > > > > Cheers > > Ken > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > news:OiRfqWIgEHA.384@TK2MSFTNGP10.phx.gbl... > > > Thank you Tom. > > > > > > I know that the username I specified in IIS Manager must exist on the > > > remote > > > server (server that shares the folder), > > > but I don't see any document says on local server (server running IIS) > > > there > > > must exist a user with the username and password I specified. > > > Maybe I misunderstand you answer, or you misread my statement. > > > > > > Can you show me the link of the document? > > > I've checked the following: > > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx > > > "Accessing the Remote File Server" Section > > > > http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx > > > > http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx > > > > > > > > > > > > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D > > > :cfg1o1$fht19@kcweb01.netnews.att.com... > > >> "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > >> news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > > >> > A virtual directory is set to an UNC path and > > >> > I've specified the user and password IIS will used to connect to > remote > > >> > share. > > >> > But when I browse the virtual directory in IE, > > >> > I got 500 Internal Server Error. > > >> > > > >> > Afte some experiments I found that on the local computer running IIS > > >> > there MUST EXIST A LOCAL ACCOUNT with the same username and password, > > >> > or I'll get a 500 Internal Server Error. > > >> > > > >> > I've read about UNC authentication setting in IIS manual and several > > >> > web > > >> > pages on microsoft.com, > > >> > but there's NO document mentioned about this point. > > >> > All they say is the user must exist on the remote computer or > > >> > is a domain accountand and have correct password. > > >> > > >> Yes, that *IS* the documentation on this point - as user with the same > > >> username and password must exists on the target server. > > >> > > >> -- > > >> Tom Kaminski IIS MVP > > >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ > > >> http://mvp.support.microsoft.com/ > > >> http://www.iisfaq.com/ > > >> http://www.iistoolshed.com/ - tools, scripts, and utilities for running > > > IIS > > >> http://www.tryiis.com > > >> > > >> > > > > > > > > > > > >
I DO have an account with the user name and password I specified in virtual
directory setting on the resource box. I DON'T have an account with the user name and password I specified in virtual directory setting on the IIS box. In this circumstance, the settings doesn't work! After I create the same account on the IIS computer, it start working. This is my IIS log before I create the account on the IIS computer. 04:58:51 GET /zwai - 140.113.91.245 500 16 1326 04:59:18 GET /zwai - 140.113.91.245 500 16 1326 04:59:18 GET /zwai - 140.113.91.245 500 16 1326 "Bernard" <qbernard@hotmail.com.discuss> ¼¶¼g©ó¶l¥ó·s»D :uAiPGSQgEHA.1972@TK2MSFTNGP09.phx.gbl... [quoted text, click to view] > If it's within same domain auth, then local user is not needed, if total > standalone box, you will need a local account on the resource box. Post your > iis log file here. > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > news:#9HqlTPgEHA.1184@TK2MSFTNGP12.phx.gbl... > > Ken, I agree with you. > > As I learned from MCSE traning courses and online webpages, > > the local user does not need to exist. > > But in my experiment, > > create a local user with the user name and password I specified in IIS can > > solve the problem. > > Have you done any setting like this successfully recently? > > Another message titled "Win2k IIS5 FTP Server Error" by RG in this > newsgroup > > a week ago > > seems to have the same problem as mine. > > > > > > Here's the message. Nothing seems helpful. > > > > The page cannot be displayed > > There is a problem with the page you are looking for, and it cannot be > > displayed. > > -------------------------------------------------------------------------- > -- > > ---- > > > > Please try the following: > > > > Contact the Web site administrator to inform them that this error has > > occured for this URL address. > > HTTP Error 500 - Internal server error. > > Internet Information Services (IIS) > > > > -------------------------------------------------------------------------- > -- > > ---- > > > > Technical Information (for support personnel) > > > > Go to Microsoft Product Support Services and perform a title search for > the > > words HTTP and 500. > > Open IIS Help, which is accessible in IIS Manager (inetmgr), and search > for > > topics titled Web Site Administration, and About Custom Error Messages. > > In the IIS Software Development Kit (SDK) or at the MSDN Online Library, > > search for topics titled Debugging ASP Scripts, Debugging Components, and > > Debugging ISAPI Extensions and Filters. > > > > > > > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ¼¶¼g©ó¶l¥ó·s»D > > :#rn0U8NgEHA.140@TK2MSFTNGP12.phx.gbl... > > > Hi, > > > > > > A local user does not need to exist. In internet explorer, please > uncheck > > > "Show Friendly HTTP Errors" in tools -> internet options -> advanced. > > Reload > > > the page, and post the error you now see. > > > > > > Cheers > > > Ken > > > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > news:OiRfqWIgEHA.384@TK2MSFTNGP10.phx.gbl... > > > > Thank you Tom. > > > > > > > > I know that the username I specified in IIS Manager must exist on the > > > > remote > > > > server (server that shares the folder), > > > > but I don't see any document says on local server (server running IIS) > > > > there > > > > must exist a user with the username and password I specified. > > > > Maybe I misunderstand you answer, or you misread my statement. > > > > > > > > Can you show me the link of the document? > > > > I've checked the following: > > > > > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx > > > > "Accessing the Remote File Server" Section > > > > > > > http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx > > > > > > > http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx > > > > > > > > > > > > > > > > > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D > > > > :cfg1o1$fht19@kcweb01.netnews.att.com... > > > >> "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > >> news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > > > >> > A virtual directory is set to an UNC path and > > > >> > I've specified the user and password IIS will used to connect to > > remote > > > >> > share. > > > >> > But when I browse the virtual directory in IE, > > > >> > I got 500 Internal Server Error. > > > >> > > > > >> > Afte some experiments I found that on the local computer running > IIS > > > >> > there MUST EXIST A LOCAL ACCOUNT with the same username and > password, > > > >> > or I'll get a 500 Internal Server Error. > > > >> > > > > >> > I've read about UNC authentication setting in IIS manual and > several > > > >> > web > > > >> > pages on microsoft.com, > > > >> > but there's NO document mentioned about this point. > > > >> > All they say is the user must exist on the remote computer or > > > >> > is a domain accountand and have correct password. > > > >> > > > >> Yes, that *IS* the documentation on this point - as user with the > same > > > >> username and password must exists on the target server. > > > >> > > > >> -- > > > >> Tom Kaminski IIS MVP > > > >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ > > > >> http://mvp.support.microsoft.com/ > > > >> http://www.iisfaq.com/ > > > >> http://www.iistoolshed.com/ - tools, scripts, and utilities for > running > > > > IIS > > > >> http://www.tryiis.com > > > >> > > > >> > > > > > > > > > > > > > > > > > > > >
If you don't specify user credential in the UNC path setting, then you want
pass-through authentication, which either use the authenticated users of the app, either an authenticated user (in basic or other auth) or iusr for the case of anonymous access. since these identities doens't have valid account in the remote resource, ACL checking will failed and you got - 500.16 500.16 ¨C UNC authorization credentials incorrect. so pass-through is good if you want to authenticated user to access remote resource, and the resource server able to authenticate that particular user, if not the best is create a account in resource server, specify the user credential at the UNC path configuration. Opne IIS MMC, F1- look for UNC authentication. -- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message
news:#LoZh9QgEHA.3548@TK2MSFTNGP09.phx.gbl... > I DO have an account with the user name and password I specified in virtual > directory setting on the resource box. > I DON'T have an account with the user name and password I specified in > virtual directory setting on the IIS box. > In this circumstance, the settings doesn't work! > > After I create the same account on the IIS computer, > it start working. > > This is my IIS log before I create the account on the IIS computer. > 04:58:51 GET /zwai - 140.113.91.245 500 16 1326 > 04:59:18 GET /zwai - 140.113.91.245 500 16 1326 > 04:59:18 GET /zwai - 140.113.91.245 500 16 1326 > > "Bernard" <qbernard@hotmail.com.discuss> ¼¶¼g©ó¶l¥ó·s»D > :uAiPGSQgEHA.1972@TK2MSFTNGP09.phx.gbl... > > If it's within same domain auth, then local user is not needed, if total > > standalone box, you will need a local account on the resource box. Post > your > > iis log file here. > > > > -- > > Regards, > > Bernard Cheah > > http://www.tryiis.com/ > > http://support.microsoft.com/ > > http://www.msmvps.com/bernard/ > > > > > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > news:#9HqlTPgEHA.1184@TK2MSFTNGP12.phx.gbl... > > > Ken, I agree with you. > > > As I learned from MCSE traning courses and online webpages, > > > the local user does not need to exist. > > > But in my experiment, > > > create a local user with the user name and password I specified in IIS > can > > > solve the problem. > > > Have you done any setting like this successfully recently? > > > Another message titled "Win2k IIS5 FTP Server Error" by RG in this > > newsgroup > > > a week ago > > > seems to have the same problem as mine. > > > > > > > > > Here's the message. Nothing seems helpful. > > > > > > The page cannot be displayed > > > There is a problem with the page you are looking for, and it cannot be > > > displayed. > > > > -------------------------------------------------------------------------- > > -- > > > ---- > > > > > > Please try the following: > > > > > > Contact the Web site administrator to inform them that this error has > > > occured for this URL address. > > > HTTP Error 500 - Internal server error. > > > Internet Information Services (IIS) > > > > > > > -------------------------------------------------------------------------- > > -- > > > ---- > > > > > > Technical Information (for support personnel) > > > > > > Go to Microsoft Product Support Services and perform a title search for > > the > > > words HTTP and 500. > > > Open IIS Help, which is accessible in IIS Manager (inetmgr), and search > > for > > > topics titled Web Site Administration, and About Custom Error Messages. > > > In the IIS Software Development Kit (SDK) or at the MSDN Online Library, > > > search for topics titled Debugging ASP Scripts, Debugging Components, > and > > > Debugging ISAPI Extensions and Filters. > > > > > > > > > > > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ¼¶¼g©ó¶l¥ó·s»D > > > :#rn0U8NgEHA.140@TK2MSFTNGP12.phx.gbl... > > > > Hi, > > > > > > > > A local user does not need to exist. In internet explorer, please > > uncheck > > > > "Show Friendly HTTP Errors" in tools -> internet options -> advanced. > > > Reload > > > > the page, and post the error you now see. > > > > > > > > Cheers > > > > Ken > > > > > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > > news:OiRfqWIgEHA.384@TK2MSFTNGP10.phx.gbl... > > > > > Thank you Tom. > > > > > > > > > > I know that the username I specified in IIS Manager must exist on > the > > > > > remote > > > > > server (server that shares the folder), > > > > > but I don't see any document says on local server (server running > IIS) > > > > > there > > > > > must exist a user with the username and password I specified. > > > > > Maybe I misunderstand you answer, or you misread my statement. > > > > > > > > > > Can you show me the link of the document? > > > > > I've checked the following: > > > > > > > > > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx > > > > > "Accessing the Remote File Server" Section > > > > > > > > > > > http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx > > > > > > > > > > > http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx > > > > > > > > > > > > > > > > > > > > > > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D > > > > > :cfg1o1$fht19@kcweb01.netnews.att.com... > > > > >> "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > > >> news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > > > > >> > A virtual directory is set to an UNC path and > > > > >> > I've specified the user and password IIS will used to connect to > > > remote > > > > >> > share. > > > > >> > But when I browse the virtual directory in IE, > > > > >> > I got 500 Internal Server Error. > > > > >> > > > > > >> > Afte some experiments I found that on the local computer running > > IIS > > > > >> > there MUST EXIST A LOCAL ACCOUNT with the same username and > > password, > > > > >> > or I'll get a 500 Internal Server Error. > > > > >> > > > > > >> > I've read about UNC authentication setting in IIS manual and > > several > > > > >> > web > > > > >> > pages on microsoft.com, > > > > >> > but there's NO document mentioned about this point. > > > > >> > All they say is the user must exist on the remote computer or > > > > >> > is a domain accountand and have correct password. > > > > >> > > > > >> Yes, that *IS* the documentation on this point - as user with the > > same > > > > >> username and password must exists on the target server. > > > > >> > > > > >> -- > > > > >> Tom Kaminski IIS MVP > > > > >> http://www.microsoft.com/windowsserver2003/community/centers/iis/ > > > > >> http://mvp.support.microsoft.com/
Bernard, thank you for explaning 500.16 error.
Pass-through authentication is not what I need. I'm sure username and password I typed in virtual dir. setting is correct. It does exist on remote file server. I connect to the UNC share so many times to verify that. I got 500.16 even though the it's correct. In order to let it work, I have to create an extra local account with the same name and password I specified in virtual dir. setting. (both are stand-alone server) Now it works. This is an undocumented action. Is this normal or not? (I haven't seen any document says I must create extra local account.) Maybe there're some design problems in IIS. "Bernard" <qbernard@hotmail.com.discuss> ¼¶¼g©ó¶l¥ó·s»D :ud4thKSgEHA.2896@TK2MSFTNGP11.phx.gbl... [quoted text, click to view] > If you don't specify user credential in the UNC path setting, then you
want > pass-through authentication, which either use the authenticated users of the > app, either an authenticated user (in basic or other auth) or iusr for the > case of anonymous access. since these identities doens't have valid account > in the remote resource, ACL checking will failed and you got - 500.16 > 500.16 ¨C UNC authorization credentials incorrect. > > so pass-through is good if you want to authenticated user to access remote > resource, and the resource server able to authenticate that particular user, > if not the best is create a account in resource server, specify the user > credential at the UNC path configuration. > > Opne IIS MMC, F1- look for UNC authentication. > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > news:#LoZh9QgEHA.3548@TK2MSFTNGP09.phx.gbl... > > I DO have an account with the user name and password I specified in > virtual > > directory setting on the resource box. > > I DON'T have an account with the user name and password I specified in > > virtual directory setting on the IIS box. > > In this circumstance, the settings doesn't work! > > > > After I create the same account on the IIS computer, > > it start working. > > > > This is my IIS log before I create the account on the IIS computer. > > 04:58:51 GET /zwai - 140.113.91.245 500 16 1326 > > 04:59:18 GET /zwai - 140.113.91.245 500 16 1326 > > 04:59:18 GET /zwai - 140.113.91.245 500 16 1326 > > > > "Bernard" <qbernard@hotmail.com.discuss> ¼¶¼g©ó¶l¥ó·s»D > > :uAiPGSQgEHA.1972@TK2MSFTNGP09.phx.gbl... > > > If it's within same domain auth, then local user is not needed, if total > > > standalone box, you will need a local account on the resource box. Post > > your > > > iis log file here. > > > > > > -- > > > Regards, > > > Bernard Cheah > > > http://www.tryiis.com/ > > > http://support.microsoft.com/ > > > http://www.msmvps.com/bernard/ > > > > > > > > > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > news:#9HqlTPgEHA.1184@TK2MSFTNGP12.phx.gbl... > > > > Ken, I agree with you. > > > > As I learned from MCSE traning courses and online webpages, > > > > the local user does not need to exist. > > > > But in my experiment, > > > > create a local user with the user name and password I specified in IIS > > can > > > > solve the problem. > > > > Have you done any setting like this successfully recently? > > > > Another message titled "Win2k IIS5 FTP Server Error" by RG in this > > > newsgroup > > > > a week ago > > > > seems to have the same problem as mine. > > > > > > > > > > > > Here's the message. Nothing seems helpful. > > > > > > > > The page cannot be displayed > > > > There is a problem with the page you are looking for, and it cannot be > > > > displayed. > > > > > > > -------------------------------------------------------------------------- > > > -- > > > > ---- > > > > > > > > Please try the following: > > > > > > > > Contact the Web site administrator to inform them that this error has > > > > occured for this URL address. > > > > HTTP Error 500 - Internal server error. > > > > Internet Information Services (IIS) > > > > > > > > > > > -------------------------------------------------------------------------- > > > -- > > > > ---- > > > > > > > > Technical Information (for support personnel) > > > > > > > > Go to Microsoft Product Support Services and perform a title search > for > > > the > > > > words HTTP and 500. > > > > Open IIS Help, which is accessible in IIS Manager (inetmgr), and > search > > > for > > > > topics titled Web Site Administration, and About Custom Error > Messages. > > > > In the IIS Software Development Kit (SDK) or at the MSDN Online > Library, > > > > search for topics titled Debugging ASP Scripts, Debugging Components, > > and > > > > Debugging ISAPI Extensions and Filters. > > > > > > > > > > > > > > > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> ¼¶¼g©ó¶l¥ó·s»D > > > > :#rn0U8NgEHA.140@TK2MSFTNGP12.phx.gbl... > > > > > Hi, > > > > > > > > > > A local user does not need to exist. In internet explorer, please > > > uncheck > > > > > "Show Friendly HTTP Errors" in tools -> internet options -> > advanced. > > > > Reload > > > > > the page, and post the error you now see. > > > > > > > > > > Cheers > > > > > Ken > > > > > > > > > > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > > > news:OiRfqWIgEHA.384@TK2MSFTNGP10.phx.gbl... > > > > > > Thank you Tom. > > > > > > > > > > > > I know that the username I specified in IIS Manager must exist on > > the > > > > > > remote > > > > > > server (server that shares the folder), > > > > > > but I don't see any document says on local server (server running > > IIS) > > > > > > there > > > > > > must exist a user with the username and password I specified. > > > > > > Maybe I misunderstand you answer, or you misread my statement. > > > > > > > > > > > > Can you show me the link of the document? > > > > > > I've checked the following: > > > > > > > > > > > > > > > > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/remstorg.mspx > > > > > > "Accessing the Remote File Server" Section > > > > > > > > > > > > > > > > http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_uncauth.mspx > > > > > > > > > > > > > > > > http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SCA_45.mspx > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s »D > > > > > > :cfg1o1$fht19@kcweb01.netnews.att.com... > > > > > >> "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > > > > > >> news:emd3X%23HgEHA.3292@TK2MSFTNGP10.phx.gbl... > > > > > >> > A virtual directory is set to an UNC path and
Thank you very much, Tom.
Looking forward to your investigation... : ) "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> ¼¶¼g©ó¶l¥ó·s»D :cfivur$fk912@kcweb01.netnews.att.com... [quoted text, click to view] > "EricTsai - ½²©v¿«" <erictsai@yam.com.asdfoup> wrote in message > news:%23qBDO%23TgEHA.2908@TK2MSFTNGP10.phx.gbl... > > In order to let it work, > > I have to create an extra local account with the same name and password I > > specified in virtual dir. setting. > > (both are stand-alone server) > > Now it works. > > How else can IIS verify the account if it doesn't exist locally? I will > check with some internal resources on this. > > -- > Tom Kaminski IIS MVP > http://www.microsoft.com/windowsserver2003/community/centers/iis/ > http://mvp.support.microsoft.com/ > http://www.iisfaq.com/ > http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS > http://www.tryiis.com > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |