I've an authentication problem with IServerXMLHTTPRequest. I've got two web server named WS_1 and WS_2 part of the same NT domain. On WS_1 I've published on the virtual directory virt1 the asp file example1.asp. On WS_2 I've published example2.asp on the virtual directory virt2. Both vi...more >>

Hi all, I wonder if you can help me with getting rid of a double-authentication problem. I have a web service (acutally Exchange OWA) running on server A, and another service (actually an ASP.NET app I've developed) running on server B. The users are not authenticated to the domain these two w...more >>

I've created a medium large library of ASP routine and I've published on a web server part of a NT domain. Now I need to publish this ASP modules on other web servers part of the same NT domain. For not having the problem of synchronization and versioning of ASP modules on different webserv...more >>

Hi, I have an application written in vb.net /sql server 2000. I am hosting a test site with a hosting company that offers shared ssl. They have created a directory for me and I have copied my pages into this directory. Until this point everything worked just fine, however, since moving the ...more >>

I recently disabled parent paths on a Windows 2000 machine running IIS. I ran the Baseline Security Analyzer and the Parent Paths Enabled area came up as red flagged. The 3 sites listed in the entry are all sub sites that are set up as redirect urls like sales.mysite.com, parts.mysite.com, s...more >>

Hi all Is the fact of allowing parent path in IIS 6.0 a security issue? Is it a must for shared hosting accounts not to allow it? Is it true that any domain on the server could read any file from another domain when enabled? Any clues anyone? Thank you ...more >>

HI I need some advice. I am new to IIS on Windows 2003 and I need some adivce. If I have a server on a DMZ and the server is only using http what active steps do I need to take to secure the server. Windows update ! Is that enough ? Do I need to do more then this. Is there a commen "How...more >>

I have E2K3 installed on W2K3 in full native mode. Suddenly 3 days ago, I noticed a tremendous load on my Internet connection. Upon further analysis, I saw that there was an outgoing SMTP connection from my Exchange server to mx1.business.mindspring.com (sometimes mx2, mx3, etc.), that was ...more >>

Hi there, I've just installed 2003 server, and a single site. When I enable the built in firewall, I can no longer visit the site, even when I tick all available service options (including Web Server (HTTP) - Port 80. Any advice much appreciated. Cheers Mike ...more >>

Hi guys, I use the IIS included in Windows XP Pro, I only use it on my home computer for development purposes (ASP, PHP, etc.) I looked up security techniques and it all seems pretty involved and for actually running a Web server. What's some basic stuff I should be doing in my situation ?...more >>

Is there a standard method to prompt someone (when their password expires) and allow them to modify their password? I have a CMS channel that is secured using SSL, IIS (Windows authentication), and the web.config file. When the user hits the URL, they are prompted for a userid and password...more >>

Hi all, I've to access to a network file from an asp pages. I've red a lot of things on old posts and on Microsoft article but I can't still solve my problem. I've got two server inside the same NT domain, each one has its own web server. The web server is always IIS 5.0. One of this ...more >>

Hello everybody, I have an issue with a new site. I can access the website if I type the administrator username and password. If not, I receive the "HTTP 401.3 Unauthorized due to access control list (ACL) on resource" message. I've checked the permissions as per the KB 812614 and everything...more >>

LSASRV SPNEGO error NEGOTIATE_DOWNGRADE_DETECTED The Security System detected an authentication error for the server DNS/nXmsa.abcd.edu. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)"...more >>

what IIS web service extensions should be loaded on my web servers (2003) for export from application to local ms excel or other office apps?...more >>

I have an application that is accessed via a Java Servlet, and so in an IIS environment we have the Jakarta redirector ISAPI filter connecting to Tomcat. This all works perfectly. Now our application has its own username data store and so we want to use that as the basis for authentication. We...more >>

I would like to lockdown IIS as much as possible, without affecting SUS. The web server is used only because SUS requires it, so I dont want to leave my self open if I dont have to....more >>

Hello all! Is it possible to generate some script which will be deleting one value from specific field from MS SQL Server 2000 (which is a datetime field) when the date value is 15 minutes older than the current time. But I want this script to be generating periodicaly in each 5 minutes? I...more >>

I can open file in the CONSOLE process StreamReader sr = new StreamReader(@"\\vas4\c$\odbcconf.log"); but I can NOT open files in the WebForm Page under IIS6,WHY??? thanks Swan ...more >>

Hi all, I have a new web server running 2003. It is a member of a domain but IIS is configured to use all local accounts including IUSR & Network Service. I have begun to see a bunch of failure audits in the Security Event Log: Logon Failure: Reason: An error occurred during logon Use...more >>

I have currently installed URL Scan and configured it for my server. I have a URL for an ecommerce cart that passes this /4.20/modules/fulfill/promotrk.mvc URL Scan log says it was rejected because URL contains '.' in the path. The problem I have is that I allow a . as an extenstion in my ini...more >>

I have two Windows 2003 machine running IIS 6. One of them always returns 404 if the resource being accessed on the URL is jsp or php? The other one these run correctly. I'm suspecting the extension names jsp and php are blocked on the first machine as I'm 100% sure the files are there. Where...more >>

I've used Intergrated Windows Authentication before but have been troubleshooting why a site of mine suddenly stopped working. This required Integrated Windows Authentication, and no other security was required. This was working for those computers who were already in the domain, but any com...more >>

We have a perplexing problem where all of our XP clients and most of our 2000 clients can authenticate to our 2000 Server with IIS 5.0, but one group of 2000 Professional clients can't. XP machines on the same subnet as the problem 2000 machines have no trouble (same user on both machines). Ever...more >>

Hi, I'm having problem configuring SSL on my web server. I created certificate and assign it to my local server. I can veiw it from web site I'm trying to switch to SSL. Then I checked SSL check box and thought it should be enough. But I'm still getting error message from web browser: "The pa...more >>

Hello: I was previously running W2000 and then upgraded to XP Professional. After doing so, I can no longer fully test my cgi because it will no longer update text files (stored in the same directory as the exe). This happened after the OS upgrade. My exe file: C:\Inetpub\wwwroot\Shop...more >>

My IIS5/Windows XP internet server runs a CGI. This CGI tries to instanciate COM objects hosted by a service running on the same machine. My problem is that when the Windows XP SP2 is present, the first CoCreateInstance by the CGI on an object hosted by the service fails with an access den...more >>

Hi group I run IIS 6.0 on W2k3 being an Active Directory Controller in a test lab. Create a virtual directory 'test' with Windows authentication on and anonymous access off. Create a static test.html file in the directory. Open it in a browser and it's ok. Now I configure a separate applicat...more >>

I am new to IIS so please bear with me. I have IIS6 setup on W2K3 Web Edition. I have removed anonymous connections and require users to login. When a user tries to access the website they are greeted with a standard login box. The credentials are compared to the local account list for the...more >>