ASP_NET_IIS _ Problem and Solution

Many of my friends have encountered many problems when using IIS6 websites. Some of these problems have been encountered in IIS5 in the past, and some of them are new. I have been busy for one afternoon.

I have tried many times and made this conclusion based on my previous troubleshooting experience. I hope I can help you with this :)

 

Problem 1: parent path not enabled

Symptom example:

Server. MapPath () Error 'asp 0175: 66661'

The Path character is not allowed.

/0709/dqyllhsub/news/OpenDatabase. asp, row 4

The character '...' is not allowed in the Path parameter of MapPath '..'.

Cause analysis:

Many Web pages use statements such as ../format (that is, return to the previous page, that is, the parent path). IIS6.0 is disabled by default for security reasons.

.

Solution:

In IIS, choose Properties> Home directory> Configuration> options. Check "enable parent path. Confirm refresh.

 

Question 2: Improper Web Extension Configuration of ASP (also applicable to ASP. NET and CGI)

Symptom example:

HTTP Error 404-file or directory not found.

Cause analysis:

The web program extension option is added in IIS6.0. You can allow or disable ASP, ASP. NET, CGI, IDC, and other programs. By default, ASP and other programs are

Forbidden.

Solution:

Select Active Server Pages in the Web service extension in IIS and click "allow ".

 

Problem 3: Incorrect Identity Authentication Configuration

Symptom example:

HTTP Error 401.2-unauthorized: access is denied due to server configuration.

Cause Analysis: IIS supports the following Web authentication methods:

Anonymous Authentication

IIS creates an IUSR _ computer name account (where the computer name is the name of the server running IIS) for anonymous users to request Web content

For authentication. This account grants the User Local logon permission. You can reset anonymous user access to any valid Windows account.

Basic Authentication

You can use basic authentication to restrict access to files on an NTFS-format Web server. To use basic authentication, the user must enter creden and access is based on the user

ID. Both the user ID and password are sent between networks in plain text.

Windows integrated Authentication

Windows Integrated Identity Authentication is safer than basic identity authentication, and plays a role well in the Intranet environment where the user has a Windows domain account. In the integrated

In Windows authentication, the browser attempts to use the creden used by the current user during domain login. If the attempt fails, the browser prompts the user to enter the user name and password. For example

If you use integrated Windows authentication, your password will not be transferred to the server. If the user logs on to the local computer as a domain user, he is accessing this domain

The network computer in does not have to perform another authentication.

Digest Authentication

Abstract identity verification overcomes many disadvantages of basic identity authentication. When digest authentication is used, the password is not sent in plain text. In addition, you can use the Proxy Server

Use digest authentication. Abstract authentication uses a challenge/response mechanism (integrated with the mechanism used for Windows Authentication), where the password is encrypted

.

. NET Passport Authentication

Microsoft. NET Passport is a user authentication service that allows a single check-in security, allowing users to access websites with. NET Passport enabled.

And Service Security. Websites with. NET Passport enabled perform identity authentication on the central server of *. NET Passport. However, the central server

It does not authorize or deny specific users access to sites with. NET Passport enabled.

Solution:

Configure different identity authentication as needed (generally anonymous identity authentication, which is used by most sites ). The authentication option is in IIS properties-> Security-> Authentication

Under certificate and access control.

 

Problem 4: Improper IP address restriction Configuration

Symptom example:

HTTP Error 403.6-Access prohibited: the client's IP address is denied.

Cause analysis:

IIS provides an IP address restriction mechanism. You can configure it to restrict a deployment P from accessing the site, or restrict that only some IP addresses can access the site. If the client is

If the blocked IP address is within or outside the permitted range, an error message is displayed.

Solution:

Go to IIS Properties> Security> IP address and domain name restrictions. If you want to restrict access from some IP addresses, You need to select authorized access. Click Add to select an IP address that is not allowed. Reverse

Only access from some IP addresses is allowed.

 

Question 5: the IUSR account is disabled

Symptom example:

HTTP Error 401.1-unauthorized: access is denied due to invalid creden.

Cause analysis:

Because the account used for anonymous access is the IUSR _ machine name, if this account is disabled, the user cannot access it.

Solution:

Control Panel-> Administrative Tools-> Computer Management-> local users and groups, enable IUSR _ machine name account.

 

Question 6: Improper NTFS permission settings

Symptom example:

HTTP Error 401.3-unauthorized: access to requested resources is denied due to ACL settings.

Cause analysis:

The Web Client user belongs to the user group. Therefore, if the NTFS permission of the file is insufficient (for example, the file has no read permission), the page cannot be accessed.

Solution:

Go to the Security tab of the folder and configure user permissions. At least read permissions are required. The NTFS permission settings are not described here.

 

Problem 7: the IWAM account is not synchronized

Symptom example:

HTTP 500-Internal Server Error

Cause analysis:

The IWAM account is a built-in account automatically created when IIS is installed. The IWAM account is created by Active Directory, IIS metabase database, and COM + application.

The account and password are respectively saved by the three parties, and the operating system is responsible for synchronizing the IWAM passwords stored by the three parties. The password of the IWAM account is synchronized by the system.

The password of the IWAM account is invalid.

Solution:

If AD exists, choose Start> program> Administrative Tools> Active Directory user and computer. Set a password for the IWAM account.

Run c: \ Inetpub \ AdminScripts> adsutil SET w3svc/WAMUserPass + password to synchronize IIS metabase Database Password

Run cscript c :\\ inetpub \ adminscripts \ synciwam. vbs-v to synchronize the password of the IWAM account in the COM + application

 

Problem 8: MIME settings make some types of files unable to be downloaded (take ISO as an example)

Symptom example:

HTTP Error 404-file or directory not found.

Cause analysis:

IIS6.0 canceled support for some MIME types, such as ISO, resulting in client download errors.

Solution:

In IIS, choose Properties> HTTP header> MIME type> New. In the subsequent dialog box, enter. ISO for the extension, and the MIME type is application.

 

In addition, factors such as firewall blocking, ODBC configuration errors, Web server performance restrictions, and thread restrictions are also possible causes of IIS server access failure.

Feedback.