Can anyone tell me (as I didn't see it in the big list) if the CRL Checking Timeout option actually made it into SP1. I remember reading a knowledge base document stating the IIS CRL check timeout would be added in SP1. Thanks, Mark ...more >>

I have a site running on IIS 6 that uses Windows File Replication. I have set the permissions to allow anonymous and gave IWAM & IUSR read & execute perms. I am still however getting a 405.1 error. Any ideas? ...more >>

Within IIS 6, I am trying to change the Logon account for all of the IIS services (IIS Admin, HTTP SSL, and WWW) from the Local System account to a custom account in the Administrators group. Whenever I try to start IIS Admin, the service terminates with an error in the Event Log: "Access is ...more >>

Hello -- I'm using IIS on four W2K3 servers in a network load balancing server farm. There is one back-end state server running the .NET State Server. Each IIS server is configured with "StateServer" parameter pointing to the state server. My question is this... does anyone know of any ...more >>

I'm having problems getting my executables to run in IIS 5.1. I have moved my website from a Windows 2K server platform(where everthing runs perfectly) to a PC running XP Pro. I have set up the website with the exact same parameters as before and enabled scripts and executables for the scrip...more >>

I ran this on my IIS box and now no one can access any website on it. how to I undo this and get IIS back to it's default settings NTAuthenticationProviders : (STRING) "Negotiate,NTLM" ...more >>

I want to restrict user access to certain parts of my web site by creating local groups and adding those groups to the data folders that have the web content. Right now, when I create a new local user, and not add them to any group, he can access the web site which is configured to use Integra...more >>

We have a webfarm with 6 webservers. Three of them run Win2k, the other three have recently been upgraded to Win2k3. After installing windows 2003, we applied the Windows 2003 Security Guide templates. (http://www.microsoftcom/downloads/details.aspx?FamilyID=8a2643c1-0685-4d89-b655-521ea6c7b4db...more >>

I'm a college student and I've got my computer hosted by my university so that I can set up generally viewable websites and all that. Since I'm moving around a lot, I've set up RDC, but there are some times when it would be really handy to be able to access a specific file on one of three or fou...more >>

I am looking for a way, perhaps with ISAPI filters, in IIS6 to block someone from sharing files / "porn" pic's under their website. I have users with their www.domainname.com and they are hosting pics and files under their account. There isn't one link of the website at all pointing to these...more >>

Hi I want to install a web certificate for a site configured on IIS 4.0 This server is the last Nt4 in the network, all others servers are on Windows 2000 or 2003. My enterprise CA is on a Windows 200 server. Do I have to create it in the Key Manager on IIS 4.0 and export it to the CA ...more >>

We have an ASP.NET application running on Windows Server 2003, using IIS 6.0, and integrated windows authentication with SQL Server 2000 on the back-end. We store active directory user names in the SQL Server database for use in mapping application user accounts to active directory user accou...more >>

I need to put a 2003 Web Edition server on a DMZ, but it has to be accessible by both internal LAN users from multiple world-wide subnets and by Employees on the outside. I configured it on the internal LAN, then moved it to the DMZ, but I did not put any user groups into it, and now I cann...more >>

I am trying to access the HelloWorld method compiled in one project using a consuming C# code-behind method compiled in a separate project. Both run on localhost. The test drivers provided in Visual Studio .NET 2003 can invoke the method. When I attempt to add a web reference in the consu...more >>

Someone is trying to hack our server via SMTPSVC. When I view the event log (system) I see Event ID 100 SMTPSVC and a login attempt. However, when I try to match the Event log time with the SMTPSVC log time nothing matches. I want to block the IP Address of this potential intruder. How do I fi...more >>

I have an anonymous access web service that is running as IUSR_machineName. This application is set up in IIS 6 running in an application pool under the network service account. I understand that this network service account is low privledged. My question is: What do I have to do to change t...more >>

We have a site that has a "sample request " form where future customers can order sample of some of our paper. Well, apparenty some people found it and posted it on sites such as freesamplesite.com and fatwallet.com. So we have hundreds of orders for samples!! Is there any way we can blo...more >>

Hi, needed some assistance or affirmation. I am in the process of installing a SSL Certificate for our web server and deleted the original pending requested that matches a certificate that was obtained from the CA. Is there a way of getting that back into IIS from the original saved request...more >>

I want https to be the only option on my webserver. How do I disable http/80?...more >>

Ok here is the situation we have recently upgraded our 2000 server to 2003. We have several Virtual directories that authenticate anonymously, everything was working fine on the 2000 server. Now we experience errors when loading asp pages pointing to either mdb or sql, unless I perform the wor...more >>

Hello, folks. I have setup literally dozens of IIS6 Web sites and just ran into subject problem. I read the following from Mr. Wang in a German IT forum: "401.1 means that the username/password that you gave to IIS for authentication was incorrect. If this happens when you have Anonymous a...more >>

I’m trying to write a script for IIS 5.1 (hosted in XP embedded). I need the script to change the root of the ftp service to “c:\directoryname”, enable both read and write access and lastly allow only a sinlge user access to the site. The user is one built into the OS, so I also want the...more >>

I am seeing that many websites are using AES-256 bit certificates. Is there a way to generate these using Windows 2000 Certificate Server? If it is not offered in 2000, is it available in 2003 Server?...more >>

Hello, I started a new ASP.NET Web Service project in VS .NET 2003 on a remote web server and the only way I could get it to work was by installing the Front Page Server Extensions on the server. I feel very uncomfortable, however, because of the insecure nature of the extensions, in the past...more >>

Hello, I`d appreciate help with the following scenario: I have a Sharepoint installation, obviously on top of IIS. We generated several sites via Sharepoint, that are accessible as third level domains: home.ourdomain.com project1.ourdomain.com, project2.ourdomain.com etc. They are all ho...more >>

I have a number of pre-existing local groups on my Win2k3 box and I want to use them for authentication via IIS. The problem is, I can't add those groups to a site because IIS wants to create it's own local group and therefore won't allow nesting of MY existing group. How can I get IIS to NOT c...more >>

I am a web developer needing IIS to develop web pages on my PC. I am trying to get IIS installed on my PC within a fully developed network (e.g. DMZ, Firewalls, Network Servers, & Security). According to the network team, IIS poses too much of a threat to be installed on a user PC within t...more >>

http://www.securiteam.com/windowsntfocus/5EP0E20F6C.html Anyone have a fix for this?...more >>

I've setup an ASP page to allow users to change their password from a website in ADS. The script I have is working, I can change the password, then login with a workstation with the new password and the old password won't work. However, if I connect to a website requiring basic authenticat...more >>

Hi, I have three w2k3 servers (live, staging and development) currently being setup to service our Intranet. I have built the servers is an identical fashion and use Integrated Windows Authentication to determine who can see certain links on the page. When initially setup all server...more >>

Hello all, I have a home development server and need a simple, easy to use and preferably free firewall. Is there such a thing? If not free at lease good. I have had Symantec’s 2002 firewall running but the updates do not work on Win servers. Much thanks David S ...more >>

Hi, Theoretical, architecture-type question here: -=- If one wants to have an Asp.Net app programmatically create new VirDir's, how should you implement this? Open the doors wide-open to the ASPNET user account? (not!) Some Background: -=- We have an Asp.Net app that we ported from A...more >>

Hello all! Sometimes I have a problem with the message: The page cannot be displayed There are too many people accessing the Web site at this time. -------------------------------------------------------------------------- Please try the following: a.....more >>

We use IIS 5.0 for Outlook Web Access under a secure https port and have a certificate. The original certificate has been replaced with a new one and the original completly removed yet when you go to the site and double click the little lock on the browser to see the SSL details it is still s...more >>

- The server was unable to logon the Windows NT account 'IUSR_HYUNDAI' due to the following error: Logon failure: user not allowed to log on to this computer. The data is the error code. - anyone please? all sites hosted by this web server could not be accessed, after a full system patch. ...more >>

I have five users on my w2k3 server and they are setup to view a specific directory accessible via my website in IIS6. Last weekend my users started to fail their logins. I looked at the user setup and all of them had their properties changed to need to change password on next login. When I...more >>

We just had our annual security audit. We were advised that we should not have IIS 6.0 tools installed on web server connected to the internet. I can not find any information that states this. Does anyone know Microsoft's policy on resource kit installations?...more >>

We have a clustered application that required the use of a specific account for anonymous access. The application was configured with a local user account on each node in the cluster and has been working correctly since November. This week 2 situations occured that caused both nodes in the ...more >>

I've installed an app that requires ASP.NET 1.1. I'm running on Windows 2k Server, with IIS 5.0, Active Directory and ASP.NET 1.1. I get to the login screen of the app, but I get an error message after that. Here is what I've tried so far: 1.) Created ASPUSER account and given it full access ...more >>

I'm having this huge problem on which I have been working for more than a day now and I'm getting desperate. I'm also running out of time as the site is down at this moment. I hope someone here can give me some input on a possible solution. I have an SSL site which is listening on port 443....more >>

I've been trying to figure this out for weeks but have been too stuborn to ask. I created an FTP site using IIS. I run the permissions wizard and there is only one option - public FTP site. (note that public does not allow users to upload). I want users to be able to upload. How do I crea...more >>

The webserver receives a 404 response code from an IIS filter. However, when it returns the data to the browser, it appends 200 OK along with the content of the target page. Anyone seen this behavior? Anyone knows how to correct this problem? Thanks, Hema ...more >>

I have Win2k Server on Active Directory running IIS 5.0 and acting as an ILS server. When I try to access http://localhost or http://servername I get the following error: EVENT # 39141 EVENT LOG System EVENT TYPE Error SOURCE DCOM EVENT ID 10004 COMPUTERNAME FAX2000 TIME 3/15/20...more >>

I'm using a https web site with SSL certificate on a IIS 6 and now I'm trying to configure the access to this site with "Integrated Windows authentication". If I access the site from my notebook which is connected to the LAN it works fine after I added the site to the trusted sites in the IE of ...more >>

I'm using a https web site with SSL certificate on a IIS 6 and now I'm trying to configure the access to this site with "Integrated Windows authentication". If I access the site from my notebook which is connected to the LAN it works fine after I added the site to the trusted sites in the IE of ...more >>

Hi to all, I have an Internet Server with W2003 and recently we were hacked. I will appreciate if somebody can suggest me a site for novices like me where in a simple language I can find out how to secure my server. Our provider doesn't gives us any support on this matter (he should) and as...more >>

I have a question regarding the securing of Windows 2000 SP4 IIS with AD Windows 2003. The symptoms are that the security prompts users to log in on opening an intranet page. I reset the security setting on the folder and the prompting stops. However, after a reboot of the server or restart of...more >>

I want to set up a ftp site on SBS 2003, IIS 6 and I am unable to. I set up a ftp site with no vdir, port 5001, no anon access, permissions set to the user I created in SBS users on the site and the working directory. My firewall in/out is allowing port. If I test on localhost it works fine, ...more >>

I have IIS 5.1 installed in my Windows XP pro, when my web appilcation is try to create a folder in the wwwrootl dir, it cannot do it so I get an exception error. How can I give full perimsiion to the web application so that it can write to the wwwroot dir? If I create a folder myself in the...more >>

Hi all, I would like to create a client side certificate on my test box so I can attach it to my BizTalk channel and submit a request to an external HTTPS test site. I used SelfSSL to generate one but I got a 406 error when submitting a request to the external HTTPS site. I compared ...more >>