IIS6 website settings frequently encountered problems Xiangjie

Many of my friends encountered many problems in the IIS6 rack site, and some of these problems encountered in the past inside IIS5, some new, do a lot of tests, combined with previous troubleshooting experience to make This summary, I hope to help you.

Problem 1: Parent Path Not Enabled Symptoms Example:

Server.MapPath () error 'ASP 0175: 80004005'

Path character not allowed

/0709/dqyllhsub/news/OpenDatabase.asp, line 4

Character '..' is not allowed in MapPath's Path parameter.

Cause Analysis:

Many Web pages to use such as ../ format statement (that is, back to the previous page, which is the parent path), and IIS6.0 for security reasons, this option is turned off by default.

Solution:

In IIS Properties -> Home Directory -> Configuration -> Options. Put "enable parent path" tick in front. Confirm refresh.

Question 2: ASP Web Extensions Misconfigured (Also for ASP.NET, CGI)
For example:

HTTP Error 404 - File or Directory not found.

Cause Analysis:

IIS6.0 in the new web program to expand this option, which you can ASP, ASP.NET, CGI, IDC and other programs to allow or prohibit, by default, ASP and other programs are prohibited.

Solution:

Select Active Server Pages in the Web Services Extensions in IIS and click "Allow."

Question 3: Authentication is not properly configured Example of symptoms:

HTTP Error 401.2 - Unauthorized: Access was denied due to server configuration.

Cause Analysis:

IIS supports the following Web authentication methods:

(1) anonymous authentication

IIS creates an IUSR_ machine name account (where machine name is the name of the server that is running IIS) that is used to authenticate anonymous users when they request Web content. This account grants users local login permissions. You can reset anonymous user access to use any valid Windows account.

(2) Basic authentication

Use basic authentication to restrict access to files on NTFS formatted web servers. With basic authentication, the user must enter the credentials, and the access is based on the user ID. User ID and password are sent in clear text across the network.

(3) Windows integrated authentication

Windows Integrated Authentication is more secure than Basic Authentication and works well in intranet environments where users have Windows domain accounts. In integrated Windows authentication, the browser attempts to use the credentials the current user used during the domain logon, and if the attempt fails, he is prompted to enter the user name and password. If you use integrated Windows authentication, the user's password will not be sent to the server. If the user logs on to the local computer as a domain user, he does not have to authenticate again when accessing the network computer in this domain.

(4) Digest authentication

Summary authentication overcomes many of the weaknesses of basic authentication. When using digest authentication, the password is not sent in clear text. In addition, you can use digest authentication through a proxy server. Summary authentication uses a challenge / response mechanism (a mechanism used by integrated Windows authentication) where the passwords are sent in encrypted form.

.NET Passport authentication
Microsoft .NET Passport is a user authentication service that allows for single sign-in security, making it even more secure for users to access .NET Passport-enabled Web sites and services. .NET Passport-enabled sites rely on the .NET Passport Central Server to authenticate users. However, the hub server does not authorize or deny certain users access to each. NET Passport-enabled site.

Solution:

Configure different authentication as needed (typically anonymous authentication, which is the authentication method used by most sites). The authentication options are configured under IIS Properties -> Security -> Authentication and Access Control.

Problem 4: Incorrect IP Limit Configuration Symptoms Example:

HTTP Error 403.6 - Forbidden: The client's IP address is denied.

Cause Analysis:

IIS provides a mechanism for IP restrictions. You can configure to restrict certain IPs from accessing the site or to restrict access to only certain IPs. If the client is in the IP range that you are blocking, or if it is not Within the range, you will get an error message.

Solution:

Into IIS Properties -> Security -> IP address and domain name restrictions. If you want to restrict access to certain IP addresses, you need to select Authorized Access and click Add to select an IP address that is not allowed. Conversely, you can only allow access to some IP addresses.

Question 5: IUSR account is disabled Symptoms example:

HTTP Error 401.1 - Unauthorized: Access was denied due to invalid credentials.

Cause Analysis:

Since the account used by the user for anonymous access is the IUSR_ machine name, if this account is disabled, the user can not be accessed.

Solution:

Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, the IUSR_ machine name account enabled.

Question 6: NTFS permissions are not set properly Symptoms example:

HTTP Error 401.3 - Unauthorized: Access was denied due to ACL's setting on the requested resource.

Cause Analysis:

Users of the Web client belong to the user group, so if the file has insufficient NTFS permissions (for example, no read permission), the page can not be accessed.

Solution:

Into the folder's security tab, configure the user's permissions, at least give read permission. About NTFS permissions set no longer feed here.

Question 7: IWAM account is not synchronized
For example:

HTTP 500 - Internal server error

Cause Analysis:

IWAM account is a built-in account that is automatically created by the system when IIS is installed. After IWAM account is established, Active Directory, the IIS metabase database and the COM + application are used together. The account password is saved by three parties, and the operating system is responsible for the synchronization of IWAM passwords saved by these three parties. IWAM account system password synchronization work sometimes fails, resulting IWAM account password is not unified.

Solution:

If there is AD, select Start -> Programs -> Administrative Tools -> Active Directory Users and Computers. Set password for IWAM account. Run c: InetpubAdminScripts> adsutil SET w3svc / WAMUserPass + password synchronization IIS metabase database password run cscript c: inetpubadminscriptssynciwam.vbs -v password synchronization IWAM account in the COM + application

Q8: MIME setup issues cause some types of files can not be downloaded (ISO as an example)

For example:

HTTP Error 404 - File or Directory not found.

Cause Analysis:

IIS6.0 canceled some MIME types of support, such as ISO, resulting in client download error.

Solution:

In IIS properties -> HTTP headers -> MIME type -> New. In the subsequent dialog box, the extension is filled in .ISO and the MIME type is application.

In addition, firewall blocking, ODBC configuration errors, Web server performance limitations, thread constraints and other factors is also caused by the IIS server can not access the possible reasons, here is no longer one by one fed.