I'm currently building a new company website. (asp.Net) Our web server is a stand-alone in the DMZ. On the website, I'd like to have a place for employees to logon using their same internal, network username/password, so they don't need additional logon information. (We do expire passwords r...more >>

ok after I install IIS windows fire wall is disabled and their is now way to enable it due to the Fire wall setting is grayed out. Any Ideas? Corey...more >>

I am running IIS 6 on 2003 servers. If I configuration Integrated Windows Authentication, is it possible to pass one of the user headers to a J2EE application server on another 2003 box? TIA, newpotato ...more >>

I copied over a new Default.htm file to a web server one day, and all of a sudden whenever anyone went to our web site they were being prompted to enter userId and password! Directory access was set to anonymous. Way I fixed it was to: 1) right click Default.htm and bring up properties 2) Go...more >>

It is said that the name in "issue to" section in the certificate should be the same as the external server name of your web server. I have installed an enterprise CA and tried to creat a new certificate from the directory security in IIS. I noticed that the certificate will work no matter...more >>

Howdy All, My client had a web server die and we have stood a new one up. Now I am tring to get the cert installed to set the site up for SSL. I have the pvk and crt files but I do not have the pfx file. Also the machine the original request came from is the one that died. How can I get ...more >>

Can someone tell me how to monitor IIS to see if users are using http or https to access my site. Internet users should be using HTTPS, and users on the Intranet should use HTTP. How can I monitor this activity. Thanks...more >>

I am running IIS 5.0 on Windows 2000 PRO. Our web developers needed to create or edit websites, for security reasons I cannot simply give them admin rights or the password to the admin account. For security reasons, we create the developers machines with non-admin profile. They do not have...more >>

For the love of god, please help me. I can't afford to pull out any more hair. I have a small domain setup at my organization, all servers are windows 2003. We are trying to configure certificate based logins using the directory services method (not IIS certificate mapping). My issue is ...more >>

I have 2 W2K3 servers set up in a test domain. Server1 has both AD and IIS while Server2 only has IIS. I am using the Default Web Site on both IIS servers and have IWA checked for Directory Security. Anonymous Access is not allowed except on the aspnet_client directory. While logged into Serve...more >>

Hello, my client's IIS certificate has expired. They got another one from a cert auth, without generating a new request in IIS. So, they got a cert without the private key. They have the expired cert with the private key. They want to glue them together. How can they accomplish this? Reg...more >>

Our VB program downloads an XML file from a URL on our website to our client's machine using HTTP control. When it does that, it got the following error: "403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) Internet Security and Acceleration Server" I ca...more >>

WinXP Pro sp2 IIS 5.1 ASP.NET 2.0.50727 Visual Studio 2005 I wrote a simple (I thought) webservice that talks to a running application that has an activeX interface. Then I made a simple website to consume this web service. Everything works fine when running in the Visual Studio web dev...more >>

Hello, As a programmer I would like to keep all my source code together on a FileDiskImage created with the FileDisk tool. ( http://www.winimage.com/misc/filedisk64.htm ) However when Internet Information Server tries to read/execute the web application a Server Error happens, can this ...more >>

I am having trouble with WSE3 and domain authentication\authorisation for a web service. When using a the 'NETWORK SERVICE' account for the application pool in IIS 6.0 the web service work perfectly correctly, we are able to call the web service end point and we can authenticate through our...more >>

When you use a Domain ID for your anonymous UserID, can IIS still manage the password?...more >>

Does anyone have a list of services that are unrelated to IIS that should be shut down? What I mean here is that these should be services that are not needed or required that can be shut down as a means of reducing potential vulnerability for the server as a whole. Thanks in advance....more >>

I need to authenticate users agains an Active Directory (or rather ADAM)... I've red about a new feature in IIS 6.0: URL Authentication and I did manage to set-up a situation where users are authenticated by use of LDAP query: (&(objectCategory=user)(CN=*))) But, now comes the stange part, ...more >>

We just upgraded to Server 2003 and we run a program that now requires https. The certificate was installed to change the site along with the certificate to access the server. When trying to connect to the https site, I get a page cannot be displayed, cannot connect to server or DNS error. ...more >>

I have the wild card certificate but can't seem to install it anywhere. From the SSL Diag I get: ServerComment = test.mantis-tgi.com ServerAutoStart = True ServerState = Server started #Could not impersonate server account SSLCertHash = 63 76 90 4b 71 d3 33 95 c9 92 a1 64 cc 05 89 c0 1c d3 5...more >>

I had a security audit, and following was found: "http trace method enabled" Could somebody explain to me how to remediate this and what consequences if any i might have. Thank you....more >>

Hi all - I have created an Intranet site for my user's within my network. The Intranet is on a W2K3 server in a W2K domain. Within the site, I created a form using FP2003. My user's logon to the Intranet site without any prompting of passwords based upon the security I have set. However...more >>

On IIS v6.0, when logged in as local administrator or Domain Administrator, I am able to browse the website. However, once log out, I am not able to browse the website (page can't be displayed). Can anybody help?? Here is the iislog. 2006-10-12 14:50:04 W3SVC1 NYIISLAB 10.19.11.36 GET /d...more >>

Hello. I have two separate Web sites running on one IIS server. We'll call them server A and server B. I purchased a verisign certificate for server A some time ago and it's been fine. I just purchased one for server B and set it up on server B. I was careful to use the fully qualified doma...more >>

Hello All I set a window authentication + permission for an active dir user in my extranet. os w2003r2 iis6 Everything work fine but today I received many feedbacks about firefox 1.5 and ie5.5, still not working! Do I have to set something in iis6 or is a client problem? I test...more >>

I have a customer that when they log into their SSL server it only allows local users to that server to log in. It does not allow Active Directory users to log in. I have checked the Website's security and Integrated Windows authentication is checked. Any idea why this is not working. Thanks!...more >>

Hi just a quick question. I have a webpage which sits at a http address. This page accespts a username and password from the user and then posts this information to an https (secure) page. Is this secure? Does it matter that the initial page is not https? Will the data be sent encrypted or sho...more >>

I am attempting to password protect a single html page on my website, so that only people I give the login/password to can access it. Where can I find some simple instructions on what I need to do, in order to lock down user access to a single page under IIS 6.0. I am running the server on...more >>

I'm getting the following error message when accessing one of our intranet site from one machine with IE6. All other machines with IE6 will get logon prompt when accessing the site but this one. On this machine, the logon window doesn't show. Please advise how to resolve this. Thank you! ...more >>

I've tried setting up Impersonation with Delegation and I can't get it to work. When the IIS application is trying to connect to a remote SQL Server, I'm getting NTLM authentication instead of Kerberos, so causing my delegation to fail, and I can't see why. My test enviroment is a Virtual S...more >>

This may be an obvious question, but I am new to IIS administration. We have an Intranet site running on IIS on a w2k server. In the Security Event Log we are getting lots of 'Event ID 538 ANONYMOUS LOGON' messages. We want to get rid of these messages and have access logged by user name. ...more >>

Hi, I have setting up two intranet web sites (say Site_A and Site_B) on the same IIS 6 server. Both serve internal staff only. For Site_A, I leave everything as default. For Site_B, I modified "Multiple identities for this Web site" as follows: IP Address: 130.20.1.20 TCP port: 80...more >>

after enabelling SSLv3 (Require client certificate) , the authentication proccess fails. I know that while the SSL/TLS Handshake, the server send a certificateRequest message that prompt the client browser for a valid certificate. The CertificateRequest message include only Root CA certifi...more >>

Hi, I have a Windows 2000 server [IIS5] inside a DMZ with no access onto the LAN except required ports [SQL etc]. The LAN server is part of a Windows 2003 domain while the IIS machine is non-domain. I need to upload files from our website and after trying to create the Virtual Directory ran int...more >>

Hi, I am having an issue with IWA. This is the environment in which I am working in. Front end - Perl Page displayed on IE 6.0. Web Server - IIS 5.0 Windows 2k Default Web Server Properties: Directory Security tab: Annoynymous Access & Authentication Control: Integrated Windows A...more >>

W2K3 R2 IIS 6.0 FrontPage extensions 5.0.6790 I have installed and can use the FrontPage extensions (sites published from FrontPage can see the extensions). I have a Microsoft Sharepoint Administrator item in my Administrative tools and in IIS. I can open this page and do things like extend...more >>