Hello, I'm attempting to host a virtual directory that is a CIFS share on a Netapp. I've setup the virtual directory to "Always use the authenticated user's credentials when validating access to the network directory" After reading: "Deploying and Configuring Internet Information Servi...more >>

I am an administrator on my own local box and am trying to access IIS locally (not over the network). If I goto my web app using http://localhost it works fine If I goto my web app using http://machinename or http://127.0.0.1 or http://TheValidIPAddress I get: 401.1 Access is denied due ...more >>

Hi, I have gotten a question about how IIS6 handles the session id (cookie). I've got a very persistent customer who claims, that you can just hijack another session by changing the session id in your own session cookie. I'm no security expert, but I find that very hard to believe. All though...more >>

I recently did a system restore to recover from a driver installation catastrophic failure for my ATi video. (System Restore is a real MONSTER in a closet) In this process I ended up without an SSL Server Certificate for IIS 5.1. It installed fine when I built the machine and served its purp...more >>

Hi there, I get the above error message when I try to open the WSUS 3.0 console on the WSUS server (W2K3). It worked fine before. The problem occurred when I was testing on this production server (stupid me, I know, I know). I added tsweb for testing purposes on the same machine. Normall...more >>

Is there a way to pass windows authentication on while using a FQDN name instead of regular server name while on the network/domain so as to not prompt for credentials? Like when logging into http://computer.domain.com instead of http://computer? It passes credentials properly when using jus...more >>

Hello, I have a domain user account which we've assigned it to the Local Administrators group on a w2k3 server machine in trying to allow this user to access and administrate the iis 6.0 manager. But when this user opens the iis manager console and tries to expand the local machine name it ...more >>

I have an ASP.Net application which accesses a web server hosted on IIS. The web server creates a file in the application directory and writes to it. My application needs to run on 2K, 2K3 and XP, i.e. IIS 5.0, 5.1 and 6.0. I cannot use 'Inegrated Windows Authentication' (on my client's request...more >>

Windows 2003 Server Standard SP1 IIS 6.0 ASP.NET 1.1 My ASP.NET page uses a client-side .NET control. The control is implemented as a .NET assembly which is located in the virtual directory root. This worked on IIS 5.0/Win 2000 server, bit IIS 6.0 refuses to serve the DLL file to the client ...more >>

Hi I have two virtual directories, pointing to the same asp.net application. I want to have different web.config files as I use different authentication methods for those two virtual directories. Is there a simple way to solve this? so that i can have different web.config for each virtua...more >>

I have implemented kerberos in 3 tiers environnmnet where IIS 6.0 access a web services on a separate IIS server. I have properly setup all my SPNs, service account etc.. and it work fine. My problem is I have a requirement to run my webservices server on 8080 web port. I try every combination...more >>

I have a web application that uses Integrated Windows Authentication. Had been having a peculiar problem, where every request to the Web server would give an 401 error, despite using HTTP/1.1 and the same socket. Discovered that having an application pool, I would have to register it with SETSP...more >>

I'm not sure exactly what to ask so I'll just describe something that happened I believe should be impossible. There are only two people that access my computer: me and my husband. My husband has been out of town for the last week. Today he found an e-mail from me with a document attached t...more >>

Hi! I've a problem. I don't no it's my problem or a problem of IIS. The scenario: We have a member server with IIS in a W2K3 domain. There is only one website on it, one Applpool, only one default.htm (simple HTML, no script). Authentication isn't allowed anonym and Authentication methode is W...more >>

I have an intranet setup on IIS 6.0. When users access it automatically requires logon to proceed into the site. I want IIS to notify the users that there password will expire within 12 days of expiring and give them the option to change there password. I would also like IIS to allow the user...more >>

since 2003 or the release of IIS6, there has been 3 advisories for IIS6 1. MS04-030 is a WebDAV XML vulnerability that could lead to DoS - released 10/12/2004 2. MS04-034 is an ASP vulnerability that could lead to remote code execution - released 7/11/2006 What was the tim...more >>

how secure is it to have IIS 6 on dmz? do i need to be using apache web proxy at all? ...more >>

I'm investigating a Wildcard Verisign certificate for my server (intranet, internet, special app websites). What I'm wondering about is forcing the user to have 128bit encryption on the pages I've designated as https. If I try to use "In the Secure Communications dialog box, click the Requir...more >>

Hi, HELP!!!!!!!!!!!!! XP Desktop with IIS 5 doing web class development. Virtual directories are required for .Net apps. Our root folder for the web site is located on a drive share. I am trying to create virtual directories using VB script on all developer machines. The following creates...more >>

How do i hide IIS 6 signatures from a scan or netcraft? ...more >>

I'm using Certification Services on my W2K3 server, and wondered if it's possible to issue a certificate to a NetBIOS name for the sake of Internal/Intranet web page. In other words, because the web server will never be access via the Internet can I create a CSR and issue a .cer on a websit...more >>

Dear IIS Users: I would like to know is if the following configuration is secure from hackers. Assume that my application is at MyDomain/myPerlApp/cgi-bin/app.pl and that this is my IIS configuration: 1) Removed anonymous authentication from myPerlApp and enabled Windows Authentic...more >>

We have a few Webs that dont seem to want Windows Mobile users access it. The Windows Mobile users Range from WM2003, to WM5 WM6 using Sprint, AT&T, T-Mobile and WiFi THe Servers are Win2003R2 IIS6 latest Service Packs. Running Some ASP.Net and Sharepoint (WSS3.0) Sites. Both Sites Pro...more >>

Hi I'm trying to build a kind of small intranet page. We have some Intranet users which are member of the active directory, others which aren't. The main idea is that the users can go to http://intranet and if they are authenticated automatically, the just get the page content, if not, the...more >>

Is it necesary to run IIS lockdown tool on IIS 6? ...more >>

WHATS GOING ON????? CFS3 HAS ENDED!!! THERE IS NO SERVER ANY MORE!!! THIS CANT HAPPEN!! WE MUST STAND TOGETHER OVER THIS ISSUE AND FIGHT FOR THE GAME TO RETURN!! IF THIS IS THE CASE AS IT NOW APPEARS TO BE SO WHAT ABOUT ALL THE MONEY WE HAVE SPENT ON THE GAME AND EQUIPMENT? AND WHY THEREFORE IS...more >>

Hello, URLScan breaks the formatting of the IIS 5.0 logs by including a single space character in it's entry in the IIS log, for example, the following entry: /<Rejected-By-UrlScan> ~/ As each column in the IIS 5.0 log is delimited by the space character, I can find no way to load the II...more >>

Windows Server 2003 being connected to through Windows VPN using RMA. Shared remote Panasonic ToughBooks running XPP. generic Windows logon, VPN uses shared non-wss or exchange fake user, and once logged on users enter their user/password in IE logon window. The problem is that one or two...more >>

What is the best practice for suring up the security related to IIS and the protocols that a website accepts? Thanks ...more >>

Hi, First, I'm fairly new to using/administrating IIS. So, speak slow and in a clear voice ;-) I'm writing a mobile application (currently testing on a PC) where I need to send a potentially large file (up to 2MB) to the web server. The web server is IIS 5.1 on Windows Server 2003 R2 (SP...more >>

Hello, dear all, I have a problem with IIS 6^ On domain server installed Windows Server 2003 R2 SP2. I installed Certification Authority few months ago. After that I installing some web applications (Sharepoint services) - and delete it. After that site http://<servername>\certsrv give me...more >>

I have a Windows 2003 server running Citrix. The server has been infected with a virus. I'm not sure what virus. I'm scanning now. What has happened is as follows: when I attempt to log on to the citrix server remotely, the normal login has been replaced with a website "discount pharmacy". ...more >>

Is possible to create CSRs for IIS 6 and use certs resulting wo "Organization Unit" ? Perhaps there is a registry hack or OS Policy change, or even if IIS 6 still uses a Metabase perhaps there is a way to tweak IIS to allow an empty field for "Organization Unit" which is optional on other serv...more >>