Microsoft KB Archive/275139

= If you change the IUSR account on an Application Center server, authentication failures may result =

Article ID: 275139

Article Last Modified on 2/14/2005

-

APPLIES TO


 * Microsoft Application Center 2000 Standard Edition, when used with:
 * Microsoft Windows 2000 Standard Edition
 * Microsoft Internet Information Services 5.0, when used with:
 * Microsoft Windows 2000 Standard Edition

-



This article was previously published under Q275139



SUMMARY
Microsoft does not recommend that you change the anonymous access account for Internet Information Server (IIS) on an Application Center 2000 cluster after any members have been added.

Changing the anonymous access account for IIS on the Application Center cluster controller may cause access failures.



MORE INFORMATION
By default, the anonymous access account for IIS is named IUSR_MACHINENAME. This is a local account and does not exist in the Active Directory. When a member is added to the cluster, the IIS anonymous user account is changed to match the anonymous user account on the cluster controller; IUSR_CONTROLLERNAME is added to the joining member's local account database. However, the local accounts database is not synchronized after the member joins the cluster.

When you change the anonymous account credentials on the cluster master after any other members have joined the cluster, that change is synchronized to the member server's IIS configuration. If the new anonymous account is a local account on the cluster master, it will not be replicated to the security databases of the existing members, which is likely to cause anonymous access failures.

The anonymous credentials must be consistent across the cluster members so that permissions can be consistent across the cluster.

If the anonymous credentials must be changed, then you can specify a domain account to prevent this problem from occurring, although this may be a security concern. If you change the credentials to a nondomain account, the local account must be manually added on each cluster member.

This behavior is by design.

Keywords: kbinfo KB275139

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.