Microsoft KB Archive/912156

= IIS 5.0 or IIS 6.0-based Web servers that have Microsoft Operations Manager (MOM) 2005 and the IIS Management Pack installed may randomly add IP address and domain name restrictions to all Web sites on the local computer =

Article ID: 912156

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Operations Manager (MOM) 2005
 * Microsoft Internet Information Services 6.0
 * Microsoft Internet Information Services 5.0

-





SYMPTOMS
Microsoft Internet Information Services (IIS) 5.0 or IIS 6.0-based Web servers that have Microsoft Operations Manager (MOM) 2005 and the IIS Management Pack installed randomly add IP address and domain name restrictions to all Web sites on the local computer.



CAUSE
This problem occurs because the IIS Management Pack Security: Error 401: &quot;Access Denied&quot; Error - Alert rule is enabled on the MOM 2005 server.



RESOLUTION
To resolve this problem, download the latest version of the IIS Management Pack. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/scp/catalog.aspx



WORKAROUND
To work around this problem, disable the Security: Error 401: &quot;Access Denied&quot; Error - Alert rule. To do this, follow these steps:
 * 1) In the MOM Administrator console, expand Microsoft Operations Manager  , expand Management Packs, expand Rule Groups, expand Microsoft Windows Internet Information Services, expand Internet Information Services  , expand Core Services, expand World Wide Web Publishing Service, and then click Event Rules.
 * 2) In the details pane, right-click Security: Error 401: &quot;Access Denied&quot; Error - Alert, and then click Properties.
 * 3) Click the General tab, click to select the This rule is disabled check box, and then click Apply.
 * 4) Right-click Security: Error 401: &quot;Access Denied&quot; - Event Consolidation, and then click Properties.
 * 5) On the General tab, select This rule is disabled, and then click Apply.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
The following behavior occurs, in the order in which it is presented:
 * The Security: Error 403: &quot;Forbidden&quot; Error - Alert rule or the Security: Error 401: &quot;Access Denied&quot; Error - Alert rule triggers the Automatic IP Deny Script.
 * The Automatic IP Deny Script updates the IP Deny List

The Security: Error 401: &quot;Access Denied&quot; Error - Alert rule has been removed from the publically available versions of the IIS Management Pack, and the Security: Error 403: &quot;Forbidden&quot; Error - Alert rule was removed in Microsoft Operations Manager 2005 Service Pack 1 (SP1).

For more information about the IIS Management Pack, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=F2049784-923D-4A33-B377-C39CE94A193B&displaylang=en

