Microsoft KB Archive/269241

= Anonymous FTP Fails with password synchronization enabled =

Article ID: 269241

Article Last Modified on 6/27/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q269241



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you log into FTP anonymously, the following error message may occur:

c:\ftp ftp.someserver.com Connected to ftp.someserver.com. 220 someserver Microsoft FTP Service (Version 4.0). User (ftp.someserver.com:(none)): anonymous 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 530 User someuser@microsoft.com cannot log in. Login failed. ftp>



CAUSE
If the World Wide Web Server component is removed during the installation of the Windows NT Option Pack, anonymous FTP login fails because automatic password synchronization relies on a DLL that is uninstalled with the World Wide Web Server component.



RESOLUTION
To resolve this behavior, you must disable automatic password synchronization for the IUSR_  account. (This is the anonymous account.) To do this, follow these steps:
 * 1) Click Start, point to Programs, point to Administrative Tools (Common), and then click User Manager for Domains.
 * 2) To reset the anonymous account password, click Properties on the User menu, type the new password in the Password box, and then follow the on-screen prompts.
 * 3) After you have reset the anonymous account password, click Start, click Run, type Inetmgr.exe, and then click OK.
 * 4) In Internet Services Manager, right-click the URL for the FTP site that you want, and then click Properties.
 * 5) Click the Directory Security tab, and then under Anonymous Access and Authentication Control click Edit.
 * 6) Select the Allow Anonymous Access check box, and then click Edit.
 * 7) In the Anonymous User Account dialog box, click to clear the Enable Automatic Password Synchronization check box.
 * 8) In the Password box, type the password that you typed in step 2, and then click OK.



MORE INFORMATION
Password synchronization is a sub-authentication process used by Internet Information Server. This functionality is provided by the Iissuba.dll file. This DLL is uninstalled when the World Wide Web Server component is removed, which in turn causes anonymous FTP login to fail if the Enable Automatic Password Synchronization option is checked in the Security settings for the FTP service.

For more information on Password Synchronization and the sub-authentication process, click the following article numbers to view the articles in the Microsoft Knowledge Base:

216828 Password Synchronization/Allow IIS to Control Password may cause problems

218756 Logon privileges required for anonymous access

Additional query words: iis4 ftp login

Keywords: kbpending kbprb KB269241

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.