Article ID: 275457
Article Last Modified on 11/21/2006
APPLIES TO
- Microsoft Internet Information Services 5.0
This article was previously published under Q275457
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
SYMPTOMS
When a user makes a request to a Web server, Internet Information Services (IIS) 5.0 may go into an infinite loop. This problem can occur if the IISADMPWD virtual directory is configured to require authentication that is not anonymous and the user's password has either expired or has been configured so that the user must change their password at the next logon. The PasswordChangeFlag values in the metabase must also be set to enable password change notifications. Eventually, the following error message is displayed in the browser:
Additionally, at the bottom of the browser, the following error message is displayed:
CAUSE
When you have IIS configured to support password change notifications, IIS notifies a user whose password is about to expire, has expired, or has been configured to force the user to change their password at the next logon. IIS does this by redirecting the user to either a page that informs them that the password is about to expire, or to a page that states that their password has expired. In Internet Information Server (IIS) 4.0, this redirect occurs internally. IIS 5.0 uses a 302 redirect, which forces a brand new request from the client, and subsequently, if authentication is required on the IISADMPWD virtual directory, a new logon attempt occurs. For a password that has expired, or must be changed at the next logon, the logon fails and IIS redirects again, which causes an infinite loop.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
Note We strongly recommend that you apply Windows 2000 Service Pack 4 Update Rollup 1 if you will continue to use Windows 2000.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name ----------------------------------------------------- 5/31/2001 03:32p 5.0.2195.3096 353,040 W3svc.dll
STATUS
Microsoft has confirmed that this is a problem in Internet Information Services 5.0. This problem was first corrected in Windows 2000 Service Pack 3.
Additional query words: kbIISCom
Keywords: kbbug kbfix kbqfe kbwin2000sp3fix kbhotfixserver KB275457