IS troubleshooting for better Web Services

IIS is a widely used Web platform. It is relatively simple to build a Web site. However, during use, the Web cannot run properly due to improper IIS settings or other reasons, which is very common. As a Web administrator, it is particularly important to master the necessary troubleshooting skills to solve IIS faults.

1. The client IP address is rejected

After the IIS Web is successfully deployed, some users are notified that they cannot access the Web page. When they access the Web site, the browser displays an error page, the error message is "HTTP Error 403.6-Access prohibited: The Client IP address is denied ".

Figure 1

The error message is displayed because IIS provides an IP address restriction mechanism. You can configure to restrict certain IP addresses from accessing the site, or restrict only some IP addresses from accessing the site, if the client is within the IP address range blocked by you, or is not within the permitted range, an error message is displayed. This function can enhance Web security and restrict IP access to the Web. Sometimes, due to administrator negligence, some IP addresses that should have been accessed are set as forbidden, which may cause such errors.

Solution: Run "IIS manager" to go to the properties page of the site, on the "Directory Security" tab page, click "edit" under "IP address and domain name restrictions" to go to the "IP address and domain name restrictions" page, and then authorize the IP address as needed. If you want to restrict access from some IP addresses, You must select authorized access. Click Add to select an IP address that is not allowed. Otherwise, only access from some IP addresses is allowed.

2. access is denied due to ACL settings on the requested resource

When a client accesses a web site, an error page is displayed. You do not have the permission to view the directory or page because the access control list (ACL) configures the resource on the Web server. The error message is "HTTP Error 401.3-unauthorized: access to requested resources is denied due to ACL settings ."

Figure 3

This is caused by improper permission settings for Web directories. We know that Web client users belong to the user group. Therefore, if you do not grant the users read permission to the NTFS permission in the Web directory, the page cannot be accessed.

Solution: Open IIS manager, find the Web directory, right-click "properties", and add the users Group under the "Security" tab, then, Grant "read and run", "list folder directories", and "read" permissions to them.

3. Do not have the permission to view the directory or page using the provided creden

When the client accesses the Web site, an error page is displayed: you do not have the permission to view the directory or page with the provided creden. Error message: HTTP Error 401.1-unauthorized: access is denied because the credential is invalid. "HTTP Error 401.1-unauthorized: access is denied because the credential is invalid.

Figure 5

We know that the client accesses the Web site using an IUSR account, which is used for anonymous access. Therefore, if this account is disabled, the user cannot access it.

Solution: "Start> Run" and enter lusrmgr. msc open the local user and group tool, and double-click IUSR_LW-SERVER in user (LW-SERVER is the name of the server, varies by machine ), deselect "Account Disabled" and click "OK" to exit.

4. The parent path is not allowed.

When the client accesses the Web site, an error page is displayed, which is similar to "Active Server Pages error ASP 0131 disallow parent path/BBS/Admin/BbsFace. asp, line 1 contains files .. /conn. asp cannot be used .. indicates the parent directory.

Figure 7

7. The error message is displayed because the dynamic Web pages such as asp need to call .. /format statement, that is, it is returned to the previous directory, and IIS6.0 is not allowed by default for security reasons. To solve this IIS error, open the IIS manager, find the Web directory, right-click "properties", and click "configuration" under the "main directory" tab to open the "Application configuration" window, click the "options" tab and select "enable parent path" under "application configuration.

Figure 8

5. file or directory not found

When the client accesses the Asp Dynamic Web site, it prompts "this page cannot be found", and the IIS error prompt is "HTTP Error 404-file or directory found ".

Figure 9

As shown in Figure 9, the error message is displayed not because the file or directory of the Web site does not exist, but because IIS cannot parse ASP. The Web program extension option is added to IIS6.0. You can allow and disable operations on ASP, ASP.net, CGI, IDC, and other programs. By default, the "Active Server Pages" extension is disabled, which may cause the preceding IIS error. Solution: Open IIS manager, click "Web Service extension" on the left, and select "Active Server Pages" to allow

6. Internal Service error

When a client accesses a Web site, the system prompts "HTTP 500-internal server error". Such IIS error prompts are not frequent, but troubleshooting is troublesome. The reason is that the IWAM account is not synchronized. the IWAM account is a built-in account automatically created by the system when IIS is installed. After the IWAM account is created, it is used by the Active Directory, IIS metabase database, and COM + applications. The account and password are respectively saved by the three parties, the operating system is responsible for synchronizing the IWAM password stored by the three parties. The system sometimes fails to synchronize the password of the IWAM account, resulting in inconsistent passwords used by the IWAM account.

Figure 11

Solution: If Active Directory is Active, choose Start> program> Administrative Tools> Active Directory user and computer to set a password for the IWAM account. Then run the command (cmd.exe) to enter the c: InetpubAdminScripts directory and run the command: adsutil SET w3svc/WAMUserPass test (test is the password, you can SET it yourself ). Then run synciwam. vbs-v under the command line to synchronize the password of the IWAM account in the COM + application.

7. Improper Identity Authentication Configuration

When you access a Web site, the system prompts that you do not have the permission to use the provided creden to view the directory or page. The error code is "HTTP Error 401.1-unauthorized: access is denied due to invalid creden ".

Figure 13

This IIS fault is caused by identity authentication. IIS supports multiple Web authentication methods, including basic authentication, Windows integrated authentication, digest authentication, and. NET Pawwport authentication. These verifications have different security levels that apply to different security requirements. Improper setup may cause errors. Generally anonymous identity authentication is used by most sites.

Solution: Open IIS manager, find the Web directory, right-click "properties", and open the site Properties window, under "authentication and Access Control" under the "Directory Security" tab, click "edit" to open the "authentication method" panel, and then select the corresponding authentication method based on security requirements. For normal sites, we can select "enable Anonymous access.