The Directories property sheet for an Internet Information Server service displays the message "Access is Denied" in the Error column of a virtual directory listing. This message appears after you create a virtual directory in Internet Service Manager by specifying a network share in universal naming convention (UNC) format.
This problem occurs if the user account information is missing or incorrect when the virtual directory is created.
To correct this problem, you must enter the correct user account information by using Internet Service Manager.
1. In Internet Service Manager, double-click the computer name of the service that uses the virtual directory.
2. Click the Directories property sheet and then select the virtual directory reporting the error.
3. Click Edit Properties. Enter the account information in the following format and then click OK:
User name: domainname\username
Password: password
Microsoft Internet Information Server File Transfer Protocol (FTP) clients experience delayed responses to commands when a large number of users are logged on through FTP. This problem occurs sporadically. File transfer speeds are not affected.
The default number of threads per processor (MaxPoolThreads value in Registry) installed on your system is 10. This might be insufficient for a heavily used FTP server because some of the FTP commands use synchronous I/O, causing threads to block while they complete.
1. Click the Start button, then point to Run. In the Open box, type regedt32.exe and then click OK.
2. Click the HKEY_LOCAL_MACHINE window and locate the following key:
\System
\CurrentControlSet
\Services
\InetInfo
\Parameters.
3. From the Edit menu, click Add Value.
4. In the Add Value dialog box, enter the value MaxPoolThreads with the data type REG_DWORD.
5. In the DWORD Editor dialog box, enter a value in the range 0 to 0xFFFFFFFF.
For example, a twin processor with 500 to 1,000 concurrent users might require 50 or more threads per processor to provide quick response for all FTP client users.
6. Click OK and quit the Registry Editor.
7. Shut down and restart Windows NT.
Warning
If you use Registry Editor incorrectly it can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.
You allow anonymous users access to specific public Web pages and allow domain users access to additional Web pages. Your server is a primary domain controller that uses the Windows NT File System (NTFS) security permissions. However, after configuration, anonymous users have the same access as domain users.
The problem is that any user account that you create on a primary domain controller automatically becomes a member of the Domain Users group.
In Internet Information Server, you can allow both anonymous and domain users access to the selected Web pages. To do this, select Allow Anonymous and Windows NT Challenge/Response boxes on the WWW property sheet, then use NTFS security permissions to specify access. However, the Internet Information Server anonymous access account, IUSR_computername, becomes a member of Domain Users when Internet Information Server is installed on a primary domain controller. As a result, anonymous users have the same access as the domain users.
To correct this problem, remove IUSR_computername from the global group Domain Users. You must then add the Log On Locally user right to the IUSR_computername account. As an alternative, you can replace the IUSR_computername account on the domain controller with an account that has appropriate permissions.
When the WWW service cannot automatically start during Windows NT startup, the Event Viewer records the message, "HTTP could not initialize socket library." The options to change properties of Internet Information Server services are unavailable in Internet Service Manager. When you attempt to start the WWW service and FTP service manually, a message states "Data area passed to system call is too small."
To solve this problem, you change the order of protocols listed in the Registry key and move Tcpip to the first entry in the list of values.
HKEY_LOCAL_MACHINE\System
\CurrentControlSet
\Services
\Winsock
\Parameters
\Transports
FTP, Gopher, and WWW directory browsing clients (such as Internet Explorer) are not able to see virtual directories.
Internet Information Server does not display virtual directories in directory listings returned to clients.
If you know the name (alias) of the virtual directory, you can work around this limitation by explicitly specifying the name of the virtual directory in the client. In a WWW browser, you include the virtual directory name in the URL, for example:
ftp://myftpserver/virtual_directory/
In a dedicated FTP client, you explicitly change directories by using the virtual directory name, for example:
cd /virtual_directory
You must type the forward slash (/). Otherwise, cd tries to change the directory from within the client's current directory.
The following HTTP server message can be returned for an anonymous user logon request:
Frequently, this message means that your anonymous user does not have local logon rights.
1. In the Microsoft Internet Service Manager, open the WWW Service properties sheet. Verify that the anonymous logon user name and password specified here are identical to the user name and password in User Manager.
2. Run User Manager to verify that the Log On Locally user right includes your designated anonymous user name.
– or –
Change the anonymous user account to an account that has the Log On Locally user right specified in User Manager.