Security
|
|
Troubleshooting the Web Server
After all these steps have been performed, try to access the resource from a browser. If you refresh the security log in the Event Viewer, a series of audited events will be listed. Examine the security log entries and answer these questions:
- Are there any access-denied errors in the audit log?
- What account is being logged on? Is it what you expected?
- Does this account have access to the file in question? You can check this by looking at the file access entries in the audit log.
- Does this account have the correct privilege to log on (Log on locally or network logon)?
- Does this account have a deny-logon privilege (for example deny logon locally or deny network logon)?
- Are there any 401s or 403s in the W3C log? If so, why are they there?
The following are some tips regarding permissions and IIS 5.0:
- Accessing a network computer from an IIS 5.0 computer might fail, because Windows 2000 Server might not be configured to pass the user’s security information to the other computer. To verify the configuration, perform the auditing steps (listed earlier) on the network computer in question, as well as on the IIS 5.0 computer.
- Microsoft® Internet Explorer 4.0 or later can be configured to support only certain authentication protocols. You can set these protocols by going to the Edit (Internet Explorer 4.0) or Tools (Internet Explorer 5) menu and selecting Internet Properties, Security, Custom, Settings, and User Authentication. If you select Anonymous Logon, the browser will not support any authentication schemes other than Anonymous.
- Check the IP and Domain Restrictions. Right-click the virtual server in question, and select Properties, Directory Security, IP Address and Domain Name Restrictions, and Edit.
- If you are using <!-- #include --!> statements, errors might be caused, since access is denied on the included file, but not on the main file. For example, if Default.asp includes Tools.asp, but Tools.asp has a restrictive DACL, an error may be reported on Default.asp, even though the logged-on account has access to it. To check for this, you might wish to temporarily comment out #include statements until you have successfully resolved the situation.
© 1997-1999 Microsoft Corporation. All rights reserved.