Microsoft KB Archive/185377

= Users cannot access FTP or Web site =

Article ID: 185377

Article Last Modified on 3/31/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q185377



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
Users cannot open an FTP or Web site.

Note A sampling of specific error messages you may receive is listed in the "More Information" section.



CAUSE
User rights in Microsoft Windows NT User Manager or the in Internet Service Manager (ISM) are not correctly set up.



WORKAROUND
The information in this "Workaround" section about troubleshooting User Rights and Basic Authentication was taken from the Microsoft Windows NT Option Pack online Product Documentation.

Note To view this whole topic, open the following in the product documentation's table of contents:
 * Microsoft Internet Information Server
 * IIS Installation
 * Troubleshooting

User rights
If a user is having trouble viewing your published files (that is, he or she is receiving HTTP "403; Forbidden" or similar HTTP errors when attempting to request a Web page), then there is most likely a problem related to the user rights that are configured on your Web site. In order to give users access to your published files, check the following items.
 * 1) Find the specific file, directory, or virtual directory which the user cannot access in Internet Service Manager.
 * 2) View the properties for that file, directory, or virtual directory.
 * 3) Select the File property sheet (if viewing properties of a file) or Directory property sheet (if viewing the properties of a directory or virtual directory). Ensure that the directory or file has Read access permissions (the Read check box should be selected).
 * 4) Select the File Security or Directory Security property sheet.
 * 5) Ensure that the user has either anonymous access, basic authentication permissions, or Windows NT Challenge/Response permissions that will allow him or her to view the content by clicking the Edit button in the Anonymous Access and Authentication Control field.
 * 6) Click the Edit button in the TCP/IP and Domain Name Restrictions field to ensure that the client's computer, group of computers, or domain name has not been restricted from accessing your resource.

Basic Authentication
If users with Basic Authentication rights are having trouble accessing your site, please check the following.

Ensure that the login user has Log on locally rights in Windows NT User Manager for Domains:
 * 1) Click Start, point to Programs, point to Administrative Tools (Common), and then click User Manager for Domains.
 * 2) In User Manager, select User Rights in the Policies menu.
 * 3) Choose the right Log On Locally and make sure IUSR_ (or your anonymous account) shows up in the list.

Make sure that you specify a Default Logon Domain for the user. In the Authentication Methods dialog box, click Edit in the Basic Authentication field and enter the Domain Name.

If you are concerned about the safety of transmitting passwords in clear text (an industry standard that applies to Basic Authentication), use Secure Sockets Layer (SSL) to secure clear text passwords. You can configure SSL Client authentication by launching the Secure Communications dialog box from the Directory Security or File Security property sheet. Use Key Manager to create Key requests and the Secure Communications dialog box to enable an SSL Authentication scheme.



Default anonymous user account
During installation of IIS, the anonymous user account is set to IUSR_ by default.

Sampling of specific error messages
The following is a list of some of the errors generated by Microsoft Internet Explorer, Netscape Navigator, or the Windows NT FTP utility when a site cannot be opened:

HTTP "403; Forbidden

HTTP Error 401

401.1 Unauthorized: Logon Failed

This error indicates that the credentials passed to the server do not match the credentials required to log on to the server.

Please contact the Web server's administrator to verify that you have permission to access the requested resource.

Internet Explorer cannot open the Internet site

ftp://.

The login request was denied

530 User Anonymous cannot log in.

Login failed.

User mozilla@ cannot log in.

More information in product documentation
For more information about anonymous access, open the following in the product documentation's table of contents:
 * Microsoft Internet Information Server
 * Server Administration
 * Security
 * Access Control
 * Configuring the Anonymous Access Account

For more information about basic authentication, open the following:
 * Microsoft Internet Information Server
 * Server Administration
 * Security
 * Authentication
 * Enabling Basic Authentication

(c) Microsoft Corporation 2000, All Rights Reserved. Contributions by Kevin Zollman, Microsoft Corporation.

Additional query words: Access Control List ACL IUSR_ IUSR_ IUSR_ denied ie privileges logon locally akz

Keywords: kbprb kbpending KB185377

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.