Microsoft KB Archive/297975

= You May Be Able to Send Messages to Any User Device by Means of the Simple Object Access Protocol Interface =

Article ID: 297975

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Mobile Information Server 2001 Enterprise Edition

-



This article was previously published under Q297975



SYMPTOMS
When you submit a message by means of the Simple Object Access Protocol (SOAP) interface to Mobile Information Server, you may be able to send a message to anyone who has a device that is configured in the Active Directory, regardless of whatever user identification (ID) you have used to send the message.



CAUSE
This problem can occur because you cannot disable Anonymous access to the MMISNotify virtual root in the Internet Services Manager. If you did disable this Anonymous access, the push notification may be unsuccessful and generate a 401 error as the message processor uses the Anonymous access to post Hypertext Transfer Protocol (HTTP) messages to itself in this directory.



WORKAROUND
To work around this problem, place a restriction on the users that have access to the MMISNotify virtual root on the Mobile Information Server by limiting the Internet Protocol (IP) addresses that can access that particular virtual root.

To restrict access by IP address:
 * 1) In Mobile Information Server, click Start, point to Programs, click Administrative Tools, and then click Internet Services Manager.
 * 2) Expand the server, and then expand Default Web Site.
 * 3) Right-click the MMISNotify virtual root, and then click Properties.
 * 4) Click the Directory Security tab, and then click Edit under IP address and domain name restrictions. You can restrict the computers that are able to send push notifications by IP address.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
For more information, refer to the following white paper on the Microsoft Web site:

Mobile Information Server Security White Paper

Additional query words: mis ad

Keywords: kbbug KB297975

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.