Microsoft KB Archive/236392

= Posting Acceptor Repost Does Not Work with an FQDN or IP Address =

Article ID: 236392

Article Last Modified on 10/16/2002

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q236392



SYMPTOMS
When you post a file and use the NetBIOS name, the session initiated by Posting Acceptor (Cpshost.dll) remains. However, when a Fully Qualified Domain Name (FQDN) or IP address is used, the server initializes an entirely new session. This request fails with the following error message:

401 Access Denied



CAUSE
The Posting Acceptor does not have sufficient rights to run an ASP file on the server when the NetBIOS name is not used.

This is an Internet Explorer configuration issue on the server. File uploads will always succeed because the upload and writing the file to the directory is done in the security context of the IIS Anonymous User account (IUSR_MACHINENAME). Security is handled by protecting the ASP files. When the upload has been performed and the file has been written to the directory, Cpshost.dll calls WinInet to load Repost.asp. At this point, you are running on the server in the security context of the remote user. When calling a server using a NetBIOS name, the security context that WinInet uses is that of an Intranet site.

When a server is called using an FQDN or IP address, the security context that WinInet uses is that of an Internet site. The default setting in WinInet for an Internet site is for no automatic logon. This is why Repost.asp fails.



WORKAROUND
The security settings for WinInet can be changed in the Internet Explorer Internet Options dialog box. To resolve this issue, on the server, edit the Internet Explorer Security settings for the Internet zone. To do this, click Custom, click the Settings button, and change the User Authentication to Automatic Logon with Current Username and Password. This will allow CPSHOST or WinInet to run in the correct security context to load Repost.asp.

If users need to log on to the site before uploading, then this resolution will work if Membership accounts are being used. Windows NT accounts will only work if the remote user is a member of the Local Administrators Group on the Windows NT server. Allowing anonymous users will work as well.



STATUS
Microsoft has confirmed that this is a problem in Site Server 3.0 Service Pack 2.

Keywords: kbqfe kbprb kbpending KB236392

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.