Many friends encountered many problems when using IIS6 websites, and some of these problems have been encountered in IIS5 in the past, and some of them are new. I worked hard for the afternoon and did it.
After many experiments, combined with previous experience in troubleshooting, this summary was made. I hope I can help you :)
Issue 1: Parent path is not enabled
Examples of symptoms:
() Error 'ASP 0175: 80004005'
Unauthorized Path characters
/0709/dqyllhsub/news/, line 4
The character '..' is not allowed in the Path parameter of MapPath.
Cause analysis:
Many web pages use statements such as ../ format (that is, back to the previous page, that is, the parent path), and for security reasons, this option is turned off by default.
。
Solution:
In IIS Properties->Home Directory->Configuration->Options. Tick the "Enable Parent Path" in front of it. Confirm refresh.
Issue 2: ASP's web extension configuration is improper (also applicable to CGI)
Examples of symptoms:
HTTP Error 404 - File or directory not found.
Cause analysis:
A new web program extension option has been added in IIS6.0, where you can allow or prohibit ASP, CGI, IDC and other programs. By default, ASP and other programs are
Forbidden.
Solution:
Select Active Server Pages in the Web Services extension in IIS and click "Allow".
Issue 3: Improper identity authentication configuration
Examples of symptoms:
HTTP Error 401.2 - Unauthorized: Access was denied due to server configuration.
Cause analysis: IIS supports the following Web authentication methods:
Anonymous authentication
IIS Creates IUSR_Computer Name Account (where Computer Name is the name of the server running IIS) to use to anonymous users when requesting Web content
Perform identity authentication. This account grants the user local login permission. You can reset anonymous user access to using any valid Windows account.
Basic authentication
Use basic authentication to limit access to files on NTFS format web servers. With basic authentication, users must enter credentials and access is based on users
ID. Both the user ID and password are sent across the network in plain text.
Windows Integrated Authentication
Windows Integrated Authentication is safer than basic authentication and works well in an intranet environment where users have Windows domain accounts. Integrated
In Windows authentication, the browser tries to use the credentials used by the current user during the domain login process. If the attempt fails, the user will be prompted to enter the user name and password. like
If you use integrated Windows authentication, the user's password will not be transferred to the server. If the user logs on to the local computer as a domain user, he is accessing the domain
There is no need to authenticate again when in the network computer.
Digest authentication
Digest authentication overcomes many of the shortcomings of basic authentication. When using digest authentication, the password is not sent in plain text. In addition, you can use the proxy server
Use digest authentication. Digest authentication uses a challenge/response mechanism (the mechanism used by integrated Windows authentication) where the password is sent in encrypted form
。
.NET Passport Authentication
Microsoft .NET Passport is a user authentication service that allows single check-in security to enable users to access a .NET Passport-enabled Web site
and more secure when serving. Sites with .NET Passport enabled authenticate users based on *.NET Passport central server. However, the center server
Specific users are not authorized or denied access to each site with .NET Passport enabled.
Solution:
Configure different authentications according to your needs (usually anonymous authentication, which is the authentication method used by most sites). Authentication options in IIS properties -> security -> authentication
Configuration under license and access control.
Problem 4: Improper IP restriction configuration
Examples of symptoms:
HTTP Error 403.6 - Disabled Access: The client's IP address was denied.
Cause analysis:
IIS provides an IP restriction mechanism, you can configure it to restrict a certain P to access the site, or only certain IPs can access the site, and if the client is being used by you
An error message will appear if the IP blocked is within the range of the blocked or is not within the range you allow.
Solution:
Enter IIS's properties -> security -> IP address and domain name restrictions. If you want to restrict access to certain IP addresses, you need to select Authorized Access, click Add to select the unauthorized IP address. opposite
Then only certain IP addresses can be accessed.
Question 5: IUSR account is disabled
Examples of symptoms:
HTTP Error 401.1 - Unauthorized: Access was denied due to invalid credentials.
Cause analysis:
Since the account used by the user to access anonymously is the IUSR_machine name, if this account is disabled, the user will be unable to access it.
Solution:
Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, enable the IUSR_Machine Name Account.
Issue 6: Improper NTFS permission setting
Examples of symptoms:
HTTP Error 401.3 - Unauthorized: Access was denied due to ACL setting for the requested resource.
Cause analysis:
The user of the web client is affiliated with the user group, so if the NTFS permissions of the file are insufficient (for example, there is no read permission), the page will be inaccessible.
Solution:
Enter the security tab of this folder, configure user permissions, and at least give read permissions. I will not explain the NTFS permission settings here.
Question 7: IWAM account is not synchronized
Examples of symptoms:
HTTP 500 - Internal Server Error
Cause analysis:
The IWAM account is a built-in account automatically established by the system when IIS is installed. After the IWAM account is established, it is Active Directory, IIS metabase database and COM+ applications.
The account password is shared by the three parties, and the operating system is responsible for synchronizing the IWAM passwords saved by the three parties. The system synchronizes passwords for IWAM accounts sometimes
It will fail, resulting in inconsistent passwords used for IWAM accounts.
Solution:
If AD exists, select Start -> Programs -> Administrative Tools -> Active Directory Users and Computers. Set a password for the IWAM account.
Run c:\\Inetpub\\AdminScripts>adsutil SET w3svc/WAMUserPass + Password Synchronize IIS metabase database password
Run cscript c:\\inetpub\\adminscripts\\ -v Synchronize the password of IWAM account in COM+ application
Issue 8: MIME setting problem causes some types of files to be unable to download (taking ISO as an example)
Examples of symptoms:
HTTP Error 404 - File or directory not found.
Cause analysis:
IIS6.0 cancels support for certain MIME types, such as ISO, causing client download errors.
Solution:
In IIS Properties -> HTTP Header -> MIME Type -> New. In the subsequent dialog box, fill in .ISO with the extension, and the MIME type is application.
In addition, firewall blocking, ODBC configuration errors, web server performance limitations, thread limitations and other factors are also possible reasons for the inaccessibility of IIS servers. I will not be able to access them here.
Feedback.
After many experiments, combined with previous experience in troubleshooting, this summary was made. I hope I can help you :)
Issue 1: Parent path is not enabled
Examples of symptoms:
() Error 'ASP 0175: 80004005'
Unauthorized Path characters
/0709/dqyllhsub/news/, line 4
The character '..' is not allowed in the Path parameter of MapPath.
Cause analysis:
Many web pages use statements such as ../ format (that is, back to the previous page, that is, the parent path), and for security reasons, this option is turned off by default.
。
Solution:
In IIS Properties->Home Directory->Configuration->Options. Tick the "Enable Parent Path" in front of it. Confirm refresh.
Issue 2: ASP's web extension configuration is improper (also applicable to CGI)
Examples of symptoms:
HTTP Error 404 - File or directory not found.
Cause analysis:
A new web program extension option has been added in IIS6.0, where you can allow or prohibit ASP, CGI, IDC and other programs. By default, ASP and other programs are
Forbidden.
Solution:
Select Active Server Pages in the Web Services extension in IIS and click "Allow".
Issue 3: Improper identity authentication configuration
Examples of symptoms:
HTTP Error 401.2 - Unauthorized: Access was denied due to server configuration.
Cause analysis: IIS supports the following Web authentication methods:
Anonymous authentication
IIS Creates IUSR_Computer Name Account (where Computer Name is the name of the server running IIS) to use to anonymous users when requesting Web content
Perform identity authentication. This account grants the user local login permission. You can reset anonymous user access to using any valid Windows account.
Basic authentication
Use basic authentication to limit access to files on NTFS format web servers. With basic authentication, users must enter credentials and access is based on users
ID. Both the user ID and password are sent across the network in plain text.
Windows Integrated Authentication
Windows Integrated Authentication is safer than basic authentication and works well in an intranet environment where users have Windows domain accounts. Integrated
In Windows authentication, the browser tries to use the credentials used by the current user during the domain login process. If the attempt fails, the user will be prompted to enter the user name and password. like
If you use integrated Windows authentication, the user's password will not be transferred to the server. If the user logs on to the local computer as a domain user, he is accessing the domain
There is no need to authenticate again when in the network computer.
Digest authentication
Digest authentication overcomes many of the shortcomings of basic authentication. When using digest authentication, the password is not sent in plain text. In addition, you can use the proxy server
Use digest authentication. Digest authentication uses a challenge/response mechanism (the mechanism used by integrated Windows authentication) where the password is sent in encrypted form
。
.NET Passport Authentication
Microsoft .NET Passport is a user authentication service that allows single check-in security to enable users to access a .NET Passport-enabled Web site
and more secure when serving. Sites with .NET Passport enabled authenticate users based on *.NET Passport central server. However, the center server
Specific users are not authorized or denied access to each site with .NET Passport enabled.
Solution:
Configure different authentications according to your needs (usually anonymous authentication, which is the authentication method used by most sites). Authentication options in IIS properties -> security -> authentication
Configuration under license and access control.
Problem 4: Improper IP restriction configuration
Examples of symptoms:
HTTP Error 403.6 - Disabled Access: The client's IP address was denied.
Cause analysis:
IIS provides an IP restriction mechanism, you can configure it to restrict a certain P to access the site, or only certain IPs can access the site, and if the client is being used by you
An error message will appear if the IP blocked is within the range of the blocked or is not within the range you allow.
Solution:
Enter IIS's properties -> security -> IP address and domain name restrictions. If you want to restrict access to certain IP addresses, you need to select Authorized Access, click Add to select the unauthorized IP address. opposite
Then only certain IP addresses can be accessed.
Question 5: IUSR account is disabled
Examples of symptoms:
HTTP Error 401.1 - Unauthorized: Access was denied due to invalid credentials.
Cause analysis:
Since the account used by the user to access anonymously is the IUSR_machine name, if this account is disabled, the user will be unable to access it.
Solution:
Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, enable the IUSR_Machine Name Account.
Issue 6: Improper NTFS permission setting
Examples of symptoms:
HTTP Error 401.3 - Unauthorized: Access was denied due to ACL setting for the requested resource.
Cause analysis:
The user of the web client is affiliated with the user group, so if the NTFS permissions of the file are insufficient (for example, there is no read permission), the page will be inaccessible.
Solution:
Enter the security tab of this folder, configure user permissions, and at least give read permissions. I will not explain the NTFS permission settings here.
Question 7: IWAM account is not synchronized
Examples of symptoms:
HTTP 500 - Internal Server Error
Cause analysis:
The IWAM account is a built-in account automatically established by the system when IIS is installed. After the IWAM account is established, it is Active Directory, IIS metabase database and COM+ applications.
The account password is shared by the three parties, and the operating system is responsible for synchronizing the IWAM passwords saved by the three parties. The system synchronizes passwords for IWAM accounts sometimes
It will fail, resulting in inconsistent passwords used for IWAM accounts.
Solution:
If AD exists, select Start -> Programs -> Administrative Tools -> Active Directory Users and Computers. Set a password for the IWAM account.
Run c:\\Inetpub\\AdminScripts>adsutil SET w3svc/WAMUserPass + Password Synchronize IIS metabase database password
Run cscript c:\\inetpub\\adminscripts\\ -v Synchronize the password of IWAM account in COM+ application
Issue 8: MIME setting problem causes some types of files to be unable to download (taking ISO as an example)
Examples of symptoms:
HTTP Error 404 - File or directory not found.
Cause analysis:
IIS6.0 cancels support for certain MIME types, such as ISO, causing client download errors.
Solution:
In IIS Properties -> HTTP Header -> MIME Type -> New. In the subsequent dialog box, fill in .ISO with the extension, and the MIME type is application.
In addition, firewall blocking, ODBC configuration errors, web server performance limitations, thread limitations and other factors are also possible reasons for the inaccessibility of IIS servers. I will not be able to access them here.
Feedback.