Microsoft KB Archive/170863

= Error in Event Log after Deleting the Anonymous User Account =

Article ID: 170863

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 3.0

-



This article was previously published under Q170863



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
If you delete the IUSER_ account from User Manager for Domains because you are not using Anonymous authentication, but have the IUSER_ account and password in the WWW Service Properties, the event log may contain the following warning, if you use only Basic and Microsoft Windows NT Challenge Response for authentication:

Event id's 100 in the system log, source=w3svc. The server was unable

to logon the Windows NT account 'IUSER_ due to the following error:

Logon failure: Unknown user name or bad password. The data is the error code.

The above warning is logged each time you request a page or image located in a directory other than the root directory or the directory that was originally authenticated.

Note: The above errors can also occur if Anonymous connections are allowed in IIS, but Proxy Server is installed on the same computer and Anonymous is disabled.



CAUSE
The browser is unaware of the authentication method used by the Web server. The browser tries the first method on the list, which is the IUSER_ account in the Services tab of the WWW Service Properties. When the browser finds that the IUSER_ account has been deleted, it checks for the next method on the list, Allow Anonymous.

If Allow Anonymous is not selected, the browser tries Basic Clear Text. If Basic Clear Text is also not selected, the browser tries Windows NT Challenge Response.

If Windows NT Challenge Response is selected and valid, the browser opens the site or page using this authentication method. Therefore, you do not see an error in the browser, but only a warning in the Event Viewer.



RESOLUTION
To resolve this problem, use a valid account and password. To do so, follow these steps:
 * 1) In the WWW Service properties, click the Service tab.
 * 2) Add a user name that is a valid user account in User Manager for Domains, and give the user Log On Locally permissions.

Note: Do not delete the IUSER_ account, even if you are not using it.

Additional query words: iis

Keywords: kbprb kbusage KB170863

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.