Author: Huang Zhenyu --MVP 2004-07-08 04: 9 PM
Many friends have encountered a lot of problems when using IIS6 websites, and these problems have encountered some in the past IIS5, some are new, busy for an afternoon, have made many trials, combined with the previous Drawing bad experience, made this summary, I hope I can help you
Question 1: No parent path is enabled
Symptom Example: Server.mAppath () Error 'ASP 0175: 80004005' Not allowed PATH characters / 0709/dqyllhsub/news/opendatabase.asp, row 4 does not allow character '..' in the Path parameter of MAPPATH.
Cause Analysis: Many web pages should be used, such as ../ format statements (that is, the page of the previous layer, that is, the parent path), and IIS6.0 is for security considerations, this option is closed by default.
Workaround: In IIS Properties -> Home Directory -> Configuration -> Options. Took the "Enable Parent Path". Confirm the refresh.
Question 2: Improped ASP's web extension configuration (equally applicable to ASP.NET, CGI)
Symptom Example: HTTP Error 404 - File or Directory Not found.
Cause Analysis: In IIS6.0, the WEB program extension is added, which you can allow or disabled from ASP, ASP.NET, CGI, IDC, etc., by default, ASP, etc.
Workaround: Select Active Server Pages in Web Service Extensions in IIS, click "Allow".
Improper identity authentication 3: Improper authentication configuration
Example of symptoms: HTTP error 401.2 - Unauthorized: Accessing Due to the server configuration rejected.
Cause Analysis: IIS supports the following Web authentication methods: Anonymous authentication IIS Create IUSR_ Computer Name Account (where the computer name is running the name of the server), used to identify them when an anonymous user requests web content verification. This account grants the user local login permissions. You can reset anonymous users to use any valid Windows account. Basic authentication Use basic authentication to limit access to files on the NTFS format web server. With basic authentication, the user must enter credentials and access is based on user ID. The user ID and password are sent between the network in the form of a clear text. Windows Integrated Authentication Windows Integration Authentication is better than basic authentication security, and can work well in the internal network environment with the user's Windows domain account. In integrated Windows authentication, the browser attempts to use the current user's credentials used in the domain login process. If the attempt fails, you will prompt the user to enter the username and password. If you use an integrated Windows authentication, the user's password will not be transferred to the server. If the user logs in to the local computer as a domain user, he does not have to perform authentication again when accessing the network computer in this domain. Summary Authentication Summary Authentication overcomes many of the shortcomings of basic authentication. When using a summary authentication, the password is not sent in a clear manner. Alternatively, you can use a summary authentication through a proxy server. Summary Authentication Use a challenge / response mechanism (integrated with Windows authentication), where the password is sent in encryption. .NET Passport authentication Microsoft .NET Passport is a user authentication service that allows a single check in security that allows users to be more secure when accessing the .NET Passport's Web site and services. Enabled .Net Passport's site will rely on the .NET Passport central server to authenticate the user. However, the center server will not authorize or reject a specific user to access the site of the .NET Passport. Workaround: Configure different identity authentication as needed (generally anonymity authentication, this is the authentication method used by most sites). Authentication options in the properties of IIS -> Security -> Authentication and Access Control.
Question 4: IP limit configuration is not properly configured
Symptom Example: HTTP Error 403.6 - Disable Access: The client's IP address is rejected.
Cause Analysis: IIS provides IP-limited mechanisms, you can limit some IPs that cannot access sites, or limit only some IPs can access the site, and if the client is blocked within the IP range, or not Error prompts will occur within the range you allow.
Workaround: Enter IIS's properties -> Security -> IP address and domain name limit. If you want to limit access to some IP addresses, you need to select an authorization access, and add the IP address that is not allowed. Conversely, you can only allow access to some IP addresses.
IUSR account is disabled
Question 5: IUSR account is disabled
Example: HTTP Error 401.1 - Unauthorized: Accessing is rejected due to invalidation of credentials.
Cause Analysis: Since the account used by the user anonymous access is the IUSR_ machine name, if this account is disabled, the user will cause the user to access.
Workaround: Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, enabled IUSR_ machine name accounts.
Question 6: NTFS permission setting is improper
Example of symptoms: HTTP error 401.3 - Unauthorized: Accessing due to the setting of the ACL to the requested resource is rejected.
Cause Analysis: The user of the web client is part of the User group, so if the NTFS permission of the file is insufficient (for example, no read rights), the page cannot be accessed. Workaround: Enter the security tab of the folder, configure user permissions, at least to read permissions. About NTFS permissions settings are no longer fed here.
IWAM account does not sync
Question 7: IWAM account is not synchronized
Symptom Example: HTTP 500 - Internal Server Error
Cause Analysis: The IWAM account is a built-in account that automatically established when installing IIS. After IWAM account is established, it is used by the Active Directory, IIS Metabase database, and COM applications. The account password is saved separately, and the operating system is responsible for the synchronization of the IWAM password saved by these three parties. The system's password to IWAM account is sometimes failed, resulting in the password used by the IWAM account.
Workaround: If there is AD, select Start -> Program -> Administrative Tools -> Active Directory users and computers. Set a password for the IWAM account. Run C: / INETPUB / Adminscripts> AdsUTIL SET W3SVC / WAMUSERPASS password synchronization IIS Metabase database password Run CScript c: /inetpub/adminscripts/synciwam.vbs -v synchronization IWAM account password in COM application password
Question 8: MIME Settings Problem caused some types of files unable to download (with ISO as an example)
Symptom Example: HTTP Error 404 - File or Directory Not found.
Cause Analysis: IIS6.0 cancels support for certain MIME types, such as ISO, causing client download errors.
Workaround: In IIS Properties -> HTTP Head -> Mime Type -> New. In the subsequent dialog box, the extension fills in .ISO, the MIME type is Application.
In addition, firewall blocking, ODBC configuration errors, web server performance limits, thread restrictions, etc. are also possible to cause the IIS server that cannot be accessed, this is no longer feased. I hope this post can solve most of the questions :)
[Excerpt from ZDNET]
