Microsoft KB Archive/275457

= IIS 5.0 may loop infinitely when a user is forced to change their password =

Article ID: 275457

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q275457



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When a user makes a request to a Web server, Internet Information Services (IIS) 5.0 may go into an infinite loop. This problem can occur if the IISADMPWD virtual directory is configured to require authentication that is not anonymous and the user's password has either expired or has been configured so that the user must change their password at the next logon. The PasswordChangeFlag values in the metabase must also be set to enable password change notifications. Eventually, the following error message is displayed in the browser:

The page cannot be displayed

The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

Additionally, at the bottom of the browser, the following error message is displayed:

Cannot find server or DNS Error



CAUSE
When you have IIS configured to support password change notifications, IIS notifies a user whose password is about to expire, has expired, or has been configured to force the user to change their password at the next logon. IIS does this by redirecting the user to either a page that informs them that the password is about to expire, or to a page that states that their password has expired. In Internet Information Server (IIS) 4.0, this redirect occurs internally. IIS 5.0 uses a 302 redirect, which forces a brand new request from the client, and subsequently, if authentication is required on the IISADMPWD virtual directory, a new logon attempt occurs. For a password that has expired, or must be changed at the next logon, the logon fails and IIS redirects again, which causes an infinite loop.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

Note We strongly recommend that you apply Windows 2000 Service Pack 4 Update Rollup 1 if you will continue to use Windows 2000.

The English version of this fix should have the following file attributes or later:   Date       Time    Version        Size      File name -  5/31/2001  03:32p  5.0.2195.3096  353,040   W3svc.dll



STATUS
Microsoft has confirmed that this is a problem in Internet Information Services 5.0. This problem was first corrected in Windows 2000 Service Pack 3.

Additional query words: kbIISCom

Keywords: kbbug kbfix kbqfe kbwin2000sp3fix kbhotfixserver KB275457

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.