Iis6.0 server rack site inaccessible solution Summary

Source: Internet
Author: User
Tags metabase

Problem 1: parent path not enabled

Symptom example:

Server. mappath () Error 'asp 0175: 66661'
The path character is not allowed.
/0709/dqyllhsub/news/opendatabase. asp, row 4
The character '...' is not allowed in the path parameter of mappath '..'.

Cause analysis:

In many web pages, such .. /format Statement (that is, return to the previous page, that is, the parent path), and iis6.0 is disabled by default for security considerations.

Solution:

In IIS, choose Properties> Home directory> Configuration> options. Check "enable parent path. Confirm refresh.

Question 2: Improper web Extension Configuration of ASP (also applicable to ASP. NET and CGI)

Symptom example:

HTTP Error 404-file or directory not found.

Cause analysis:

Added web in iis6.0ProgramYou can enable or disable ASP, ASP. NET, CGI, IDC, and other programs. asp and other programs are prohibited by default.

Solution:

Select Active Server Pages in the Web service extension in IIS and click "allow ".

Problem 3: Incorrect Identity Authentication Configuration

Symptom example:

HTTP Error 401.2-unauthorized: access is denied due to server configuration.

Cause Analysis: IIS supports the following Web authentication methods:

Anonymous Authentication

IIS creates an IUSR _ computer name account (where the computer name is the name of the server running IIS) to authenticate anonymous users when they request web content. This account grants the User Local logon permission. You can reset anonymous user access to any valid Windows account.

Basic Authentication

You can use basic authentication to restrict access to files on an NTFS-format web server. To use basic authentication, you must enter creden。 and access is based on the user ID. Both the user ID and password are sent between networks in plain text.

Windows integrated Authentication

Windows Integrated Identity Authentication is safer than basic identity authentication, and plays a role well in the Intranet environment where the user has a Windows domain account. In integrated Windows authentication, the browser attempts to use the creden used by the current user during domain login. If the attempt fails, the browser prompts the user to enter the user name and password. If you use integrated Windows authentication, your password will not be transferred to the server. If the user logs on to the local computer as a domain user, the user does not have to perform authentication again when accessing the network computer in this domain.

Digest Authentication

Abstract identity verification overcomes many disadvantages of basic identity authentication. When digest authentication is used, the password is not sent in plain text. In addition, you can use digest authentication on the proxy server. Digest authentication uses a challenge/response mechanism (integrated with the mechanism used for Windows Authentication), where the password is sent encrypted.

. NET Passport Authentication

Microsoft. NET Passport is a user authentication service that allows a single security check-in, making it safer for users to access. NET Passport-enabled web sites and services. Websites with. NET Passport enabled rely on the. NET Passport central server to authenticate users. However, the central server does not authorize or deny specific users access to sites with. NET Passport enabled.

Solution:

Configure different identity authentication as needed (generally anonymous identity authentication, which is used by most sites ). The authentication option is configured under Properties> Security> authentication and access control of IIS.

Problem 4: Improper IP address restriction Configuration

Symptom example:

HTTP Error 403.6-Access prohibited: the client's IP address is denied.

Cause analysis:

IIS provides an IP address restriction mechanism. You can configure to restrict certain IP addresses from accessing the site, or restrict only some IP addresses from accessing the site, if the client is within the IP address range blocked by you, or is not within the permitted range, an error message is displayed.

Solution:

Go to IIS Properties> Security> IP address and domain name restrictions. If you want to restrict access from some IP addresses, You need to select authorized access. Click Add to select an IP address that is not allowed. Otherwise, only access from some IP addresses is allowed.

Question 5: the IUSR account is disabled

Symptom example:

HTTP Error 401.1-unauthorized: access is denied due to invalid creden.

Cause analysis:

Because the account used for anonymous access is the IUSR _ machine name, if this account is disabled, the user cannot access it.

Solution:

Control Panel-> Administrative Tools-> Computer Management-> local users and groups, enable IUSR _ machine name account.

Question 6: Improper NTFS permission settings

Symptom example:

HTTP Error 401.3-unauthorized: access to requested resources is denied due to ACL settings.

Cause analysis:

The Web Client user belongs to the user group. Therefore, if the NTFS permission of the file is insufficient (for example, the file has no read permission), the page cannot be accessed.

Solution:

Go to the Security tab of the folder and configure user permissions. At least read permissions are required. The NTFS permission settings are not described here.

Problem 7: the IWAM account is not synchronized

Symptom example:

HTTP 500-Internal Server Error

Cause analysis:

The IWAM account is a built-in account automatically created when IIS is installed. After the IWAM account is created, it is used by the Active Directory, IIS metabase database, and COM + applications. The account and password are respectively saved by the three parties, the operating system is responsible for synchronizing the IWAM password stored by the three parties. The system sometimes fails to synchronize the password of the IWAM account, resulting in inconsistent passwords used by the IWAM account.

Solution:

If ad exists, choose Start> program> Administrative Tools> Active Directory user and computer. Set a password for the IWAM account.

Run c: \ Inetpub \ adminscripts> adsutil set w3svc/wamuserpass + password to synchronize IIS metabase Database Password
Run cscript c: \ Inetpub \ adminscripts \ synciwam. vbs-V to synchronize the password of the IWAM account in the COM + application

Problem 8: MIME settings make some types of files unable to be downloaded (take ISO as an example)

Symptom example:

HTTP Error 404-file or directory not found.

Cause analysis:

Iis6.0 canceled support for some MIME types, such as ISO, resulting in client download errors.

Solution:

In IIS, choose Properties> HTTP header> MIME type> New. In the subsequent dialog box, enter. ISO for the extension, and the MIME type is application.

In addition, factors such as firewall blocking, ODBC configuration errors, web server performance restrictions, and thread restrictions are also possible causes for IIS server access failure. Here we will not repeat them one by one. I hope this post can solve most of your problems :)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.