Many friends have encountered many problems when using IIS6 to build websites. Some of these problems have been encountered in IIS5 in the past, and some are new. I have been busy all afternoon and done many experiments. Combined with the previous I have made this summary based on my troubleshooting experience. I hope it can help everyone:)
Issue 1: Parent paths are not enabled
Symptom examples:
Server.MapPath() error ASP 0175: 80004005
Path characters not allowed
/0709/dqyllhsub/news/OpenDatabase.asp, line 4
Characters... are not allowed in the Path parameter of MapPath.
Reason analysis:
Many Web pages use statements such as ../ format (that is, returning to the previous page, that is, the parent path). However, for security reasons in IIS6.0, this option is turned off by default.
Solution:
In IIS Properties->Home Directory->Configuration->Options. Check the box next to "Enable parent paths". Confirm refresh.
Problem 2: Improper configuration of ASP's Web extension (also applies to ASP.NET, CGI)
Symptom examples:
HTTP Error 404 - File or directory not found.
Reason analysis:
In IIS6.0, there is a new option of web program extension, in which you can allow or disable ASP, ASP.NET, CGI, IDC and other programs. By default, ASP and other programs are prohibited.
Solution:
Select Active Server Pages in the Web service extension in IIS and click "Allow".
Problem 3: Improper authentication configuration
Symptom examples:
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Cause analysis: IIS supports the following web authentication methods:
Anonymous authentication
IIS creates the IUSR_computername account (where computername is the name of the server that IIS is running on) to authenticate anonymous users when they request Web content. This account grants the user local login permissions. You can reset anonymous user access to use any valid Windows account.
Basic authentication
Use Basic authentication to restrict access to files on an NTFS-formatted Web server. With basic authentication, users must enter credentials, and access is based on user ID. User IDs and passwords are sent across the network in clear text.
Windows Integrated Authentication
Windows Integrated Authentication is more secure than Basic Authentication and works well in intranet environments where users have Windows domain accounts. In integrated Windows authentication, the browser attempts to use the credentials used by the current user during the domain login process, and if the attempt fails, the user is prompted for a username and password. If you use Integrated Windows Authentication, the user's password is not transmitted to the server. If the user is logged on to the local computer as a domain user, he does not have to authenticate again when accessing network computers in this domain.
Digest authentication
Digest authentication overcomes many of the disadvantages of Basic authentication. When using digest authentication, the password is not sent in clear text. Alternatively, you can use Digest Authentication through a proxy server. Digest authentication uses a challenge/response mechanism (the same mechanism used by Integrated Windows Authentication) where the password is sent in encrypted form.
.NET Passport Authentication
Microsoft .NET Passport is a user authentication service that allows single sign-on security to make users more secure when accessing .NET Passport-enabled Web sites and services. .NET Passport-enabled sites rely on a .NET Passport central server to authenticate users. However, the central server does not authorize or deny specific users access to individual .NET Passport-enabled sites.
Solution:
Configure different authentication methods as needed (usually anonymous authentication, which is the authentication method used by most sites). Authentication options are configured under IIS Properties->Security->Authentication and Access Control
[Cut-Page]
Problem 4: IP restrictions are not configured properly
Symptom examples:
HTTP Error 403.6 - Forbidden: The client's IP address was denied.
Reason analysis:
IIS provides an IP restriction mechanism. You can configure it to restrict certain IPs from accessing the site, or restrict only certain IPs from accessing the site. If the client is in the IP range blocked by you, or is not allowed by you Within the range, an error message will appear.
Solution:
Go to IIS Properties->Security->IP Address and Domain Name Restrictions. If you want to restrict access to certain IP addresses, you need to select Authorized Access, click Add to select the IP addresses that are not allowed. On the contrary, you can only allow access from certain IP addresses.
Question 5: IUSR account is disabled
Symptom examples:
HTTP Error 401.1 - Unauthorized: Access denied due to invalid credentials.
Reason analysis:
Since the account used by users for anonymous access is IUSR_machine name, if this account is disabled, the user will be unable to access.
Solution:
Control Panel->Administrative Tools->Computer Management->Local Users and Groups, enable the IUSR_machine name account.
Problem 6: Improperly set NTFS permissions
Symptom examples:
HTTP Error 401.3 - Unauthorized: Access is denied due to the ACL set on the requested resource.
Reason analysis:
The user of the web client belongs to the user group. Therefore, if the NTFS permissions of the file are insufficient (for example, there is no read permission), the page will be inaccessible.
Solution:
Go to the security tab of the folder and configure the user's permissions, at least give read permission. I won’t go into details about NTFS permission settings here.
Question 7: IWAM account is out of sync
Symptom examples:
HTTP 500 - Internal Server Error
Reason analysis:
The IWAM account is a built-in account automatically created by the system when installing IIS. After the IWAM account is established, it is jointly used by Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties respectively, and the operating system is responsible for the synchronization of the IWAM passwords saved by these three parties. The system's password synchronization work for IWAM accounts sometimes fails, resulting in inconsistent passwords for IWAM accounts.
Solution:
If AD exists, select Start->Programs->Administrative Tools->Active Directory Users and Computers. Set a password for the IWAM account.
Run c:InetpubAdminScripts>adsutil SET w3svc/WAMUserPass + password to synchronize IIS metabase database password
Run cscript c:inetpubadminscriptssynciwam.vbs -v to synchronize the password of the IWAM account in the COM+ application
Question 8: MIME setting issues prevent certain types of files from being downloaded (taking ISO as an example)
Symptom examples:
HTTP Error 404 - File or directory not found.
Reason analysis:
IIS6.0 canceled support for some MIME types, such as ISO, causing client download errors.
Solution:
In IIS Properties->HTTP Header->MIME Type->New. In the subsequent dialog box, fill in the extension as .ISO and the MIME type as application.
In addition, firewall blocking, ODBC configuration errors, Web server performance limitations, thread limitations and other factors are also possible reasons for the inaccessibility of the IIS server, which will not be discussed one by one here. Hope this post can solve most of your problems :)
Problem 4: IP restrictions are not configured properly
Symptom examples:
HTTP Error 403.6 - Forbidden: The client's IP address was denied.
Reason analysis:
IIS provides an IP restriction mechanism. You can configure it to restrict certain IPs from accessing the site, or restrict only certain IPs from accessing the site. If the client is in the IP range blocked by you, or is not allowed by you Within the range, an error message will appear.
Solution:
Go to IIS Properties->Security->IP Address and Domain Name Restrictions. If you want to restrict access to certain IP addresses, you need to select Authorized Access, click Add to select the IP addresses that are not allowed. On the contrary, you can only allow access from certain IP addresses.
Question 5: IUSR account is disabled
Symptom examples:
HTTP Error 401.1 - Unauthorized: Access denied due to invalid credentials.
Reason analysis:
Since the account used by users for anonymous access is IUSR_machine name, if this account is disabled, the user will be unable to access.
Solution:
Control Panel->Administrative Tools->Computer Management->Local Users and Groups, enable the IUSR_machine name account.
Problem 6: Improperly set NTFS permissions
Symptom examples:
HTTP Error 401.3 - Unauthorized: Access is denied due to the ACL set on the requested resource.
Reason analysis:
The user of the web client belongs to the user group. Therefore, if the NTFS permissions of the file are insufficient (for example, there is no read permission), the page will be inaccessible.
Solution:
Go to the security tab of the folder and configure the user's permissions, at least give read permission. I won’t go into details about NTFS permission settings here.
Question 7: IWAM account is out of sync
Symptom examples:
HTTP 500 - Internal Server Error
Reason analysis:
The IWAM account is a built-in account automatically created by the system when installing IIS. After the IWAM account is established, it is jointly used by Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties respectively, and the operating system is responsible for the synchronization of the IWAM passwords saved by these three parties. The system's password synchronization work for IWAM accounts sometimes fails, resulting in inconsistent passwords for IWAM accounts.
Solution:
If AD exists, select Start->Programs->Administrative Tools->Active Directory Users and Computers. Set a password for the IWAM account.
Run c:InetpubAdminScripts>adsutil SET w3svc/WAMUserPass + password to synchronize IIS metabase database password
Run cscript c:inetpubadminscriptssynciwam.vbs -v to synchronize the password of the IWAM account in the COM+ application
Question 8: MIME setting issues prevent certain types of files from being downloaded (taking ISO as an example)
Symptom examples:
HTTP Error 404 - File or directory not found.
Reason analysis:
IIS6.0 canceled support for some MIME types, such as ISO, causing client download errors.
Solution:
In IIS Properties->HTTP Header->MIME Type->New. In the subsequent dialog box, fill in the extension as .ISO and the MIME type as application.
In addition, firewall blocking, ODBC configuration errors, Web server performance limitations, thread limitations and other factors are also possible reasons for the inaccessibility of the IIS server, which will not be discussed one by one here. Hope this post can solve most of your problems :)