IIS6 set up a Web site often encounter problems please see

Source: Internet
Author: User
Tags anonymous iis net range domain domain name access metabase
A lot of friends in the use of IIS6 site encountered a lot of problems, and some of these problems in the past in the IIS5 of the encounter, and some are new, did a lot of experiments, combined with the previous debugging experience, made this summary, I hope to help you.

Issue 1: Parent Path not enabled

Examples of symptoms:

Server.MapPath () error ' ASP 0175:80,004,005 '

The Path character is not allowed

/0709/dqyllhsub/news/opendatabase.asp, line 4

The character ' ... ' is not allowed in the Path parameter of MapPath.

Reason Analysis:

Many web pages use statements such as../Format (that is, a page that goes back to the previous level, which is the parent path), and IIS6.0 for security reasons, this option is turned off by default.

Workaround:

In IIS Properties-"Home directory-" configuration-"option. Check the "Enable Parent path" front. Confirm the refresh.

Problem 2:asp Web extensions improperly configured (same applies to asp.net, CGI)

Examples of symptoms:

HTTP Error 404-file or directory not found.

Reason Analysis:

The new Web application extension option is added to IIS6.0, where you can allow or disallow ASP, ASP.net, CGI, and IDC programs, which are prohibited by default.

Workaround:

In the Web service extension in IIS, select Active Server Pages and click Allow.

Issue 3: Improperly configured identity authentication

Examples of symptoms:

HTTP Error 401.2-Unauthorized: Access was denied due to server configuration.

Reason Analysis:

IIS supports the following types of Web authentication methods:

(1) Anonymous authentication

IIS creates a IUSR_ computer name account, where the computer name is the name of the server that is running IIS, and is used to authenticate anonymous users when they request Web content. This account grants the user local logon rights. You can reset anonymous user access to use any valid Windows account.

(2) Basic authentication

Use Basic authentication to restrict access to files on an NTFS-formatted WEB server. Using Basic authentication, the user must enter credentials and access is based on the user ID. Both the user ID and password are sent across the network in clear text.

(3) Windows Integrated authentication

Windows Integrated authentication is more secure than basic authentication and works well in the intranet environment where users have Windows domain accounts. In Integrated Windows authentication, the browser attempts to use the credentials that the current user uses during the domain logon process and prompts the user for a user name and password if the attempt fails. If you use Integrated Windows authentication, the user's password will not be transferred to the server. If the user logs on to the local computer as a domain user, he does not have to authenticate again when he accesses a network computer in this domain.

(4) Digest authentication

Digest authentication overcomes many of the drawbacks of basic authentication. When Digest authentication is used, the password is not sent in clear text. In addition, you can use Digest authentication through a proxy server. Digest authentication uses a challenge/response mechanism (the mechanism that is used to integrate Windows authentication), where passwords are sent in encrypted form.

. NET Passport Authentication

Microsoft. NET Passport is a user authentication service that allows single check-in security to make it more secure for users to access the. NET Passport-enabled WEB sites and services. A. NET Passport-enabled site relies on a. NET Passport central server to authenticate users. However, the hub server does not authorize or deny specific users access to each of the. NET Passport-enabled sites.

Workaround:

Configure different identity authentication (typically anonymous authentication, which is the authentication method used by most sites) as needed. Authentication options are configured under IIS Properties-security-authentication and access control.

Problem 4:IP Limited improperly configured

Examples of symptoms:

HTTP Error 403.6-Prohibit access: The IP address of the client is denied.

Reason Analysis:

IIS provides a mechanism for IP restrictions that you can configure to limit the access of certain IPs to sites, or to restrict access to sites by only certain IP, and error prompts if the client is within the range of IP that you are blocking, or not within the range you allow.

Workaround:

Access to IIS Properties-"Security-" IP address and domain name restrictions. If you want to restrict access to certain IP addresses, you need to select an authorized access point to add an IP address that is not allowed. Conversely, you can only allow access to certain IP addresses.

Problem 5:IUSR account is disabled

Examples of symptoms:

HTTP Error 401.1-Unauthorized: Access denied due to invalid credentials.

Reason Analysis:

Because the user is using anonymous access account is the IUSR_ machine name, so if this account is disabled, will cause users inaccessible.

Solution:

Control Panel-"Management tools-" Computer Management-"Local Users and groups, the IUSR_ machine name account is enabled.

Problem 6:ntfs permissions set improperly

Examples of symptoms:

HTTP Error 401.3-Unauthorized: Access because the ACL's settings for the requested resource were denied.

Reason Analysis:

Users of a Web client are subordinate to the user group, so if the file has insufficient NTFS permissions, such as no Read permissions, it will cause the page to be inaccessible.

Solution:

Enter the Security tab of the folder, configure user permissions, or at least Read permissions. About NTFS permission settings are no longer fed here.

Problem 7:iwam account is not synchronized

Examples of symptoms:

HTTP 500-Internal server error

Reason Analysis:

The IWAM account is a built-in account that the system automatically builds when IIS is installed. IWAM account is established by active Directory, IIS metabase database and COM + application tripartite use, the account password is saved by three parties, and the operating system is responsible for the three-party saved IWAM Password synchronization work. The system to IWAM account password synchronization work sometimes ineffective, resulting in IWAM account password is not uniform.

Solution:

If there is an ad, select Start-"program-" admin Tool-"Active directory Users and Computers." Set the password for the IWAM account. Run C:inetpubadminscripts "adsutil SET w3svc/wamuserpass + Password Sync IIS metabase database password run cscript c: Inetpubadminscriptssynciwam.vbs-v sync IWAM account password in COM + applications

Problem 8:mime Setup problem causes some types of files to be downloaded (for example, ISO)

Examples of symptoms:

HTTP Error 404-file or directory not found.

Reason Analysis:

IIS6.0 has canceled support for some MIME types, such as ISO, causing client downloads to go awry.

Workaround:

Properties in IIS-"HTTP headers-" MIME Type-"new." In the dialog box that follows, the extension is filled in. The Iso,mime type is application.

In addition, firewall blocking, ODBC configuration errors, Web server performance restrictions, thread restrictions, and other factors that cause the IIS server can not access the possible reasons, here is no longer one by one feed.



Related Article

Alibaba Cloud 10 Year Anniversary

With You, We are Shaping a Digital World, 2009-2019

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.