Password Sync and IIS 4.0 Return FrontPage Error Message

ID: Q184730

The information in this article applies to:

Microsoft FrontPage 98 for Windows
Microsoft Internet Information Server version 4.0

SYMPTOMS

With password synchronization in Internet Information Server (IIS) 4.0, Web sites indicate that only registered users have browse access. When you try to apply for everyone to have browse access, the following error message appears:

"Server error: To allow all users to have browse access to your web, the
account used for anonymous logons for your Microsoft Internet
Information Server must have the same password as the Windows NT
account. Please correct the password given in your Microsoft Internet
Information Service Manager WWW Properties and try again."

CAUSE

When Internet Information Server is installed, it creates the following two entries at the LM/W3SVC node of the MetaBase:

AnonymousUserName : (STRING) "IUSR_<machine>"
AnonymousUserPass : (STRING) "<password>"
(These have MetaBase property IDs of 6020 and 6021 respectively.)

The password is randomly generated and entered both in the MetaBase and in User Manager. If the IUSR password is changed, even with password synchronization enabled, the password is not reset at this node. That is because, with password synchronization enabled, the property is ignored by IIS. When FrontPage goes to check the password, it does not match, and FrontPage returns an error even though the Web server is fully functional. When an administrator changes the MetaBase through the Microsoft Management Console to reset the IUSR as the anonymous account, or the administrator toggles password synchronization on and off, the property is cleared and, once again, FrontPage [ASCII 147]thinks[ASCII 148] there is an error in the password.

AnonymousUserPass may not be even be set at some child nodes in the MetaBase (for example, virtual servers at LM/W3SVC/x). FrontPage may also mistake this as a password mismatch, as in the reset scenario above, but it also allows no property to be set. The property can manually added, but this is not recommended.

WORKAROUND

Rather than editing the MetaBase, IIS administrators should use the following steps to work around the problem.

NOTE: This is a permanent change to an IIS configuration until such time that FrontPage stops checking for the password or checks to see whether the AnonymousPasswordSync MetaBase property is set to true. If password synchronization is enabled again after following these steps, the Internet Service Manager will delete the property and the same problem will occur again.

Open User Manager and reenter a password for the IUSR account.

Open the Internet Service Manager in the Microsoft Management Console (MMC).

Right-click on your Computer Name and click Properties.

Choose to edit the Master Properties for the WWW Service.

Click the Directory Security tab.

Click the Edit button for Anonymous Access and Authentication Control.

Click Edit for Allow Anonymous Access.

Clear the Enable Automatic Password Synchronization check box.

Enter the IUSR password manually from step 1 above.

Click OK, and reenter the password when prompted.

Click OK to exit the Authentication dialog box.

Click Apply to set the changes.

If prompted to override child nodes, choose them all except the Administrative Web site.

Click OK twice more to return to the MMC.

In Control Panel, click Services, and stop the IIS Administrator Service.

Click OK to stop all Web services as well.

After all service have stopped, in Control Panel, click Services, and restart the WWW, FTP, and all other Web services that are installed.

STATUS

Microsoft has confirmed this to be a problem in FrontPage 98 for Windows. This issue was resolved in version 3.0.2.1706 of the extensions.

Additional query words: prodiis4

Keywords : fpiis fp98
Version : WINDOWS: WINNT:4.0
Platform : WINDOWS winnt
Issue type : kbbug