Many friends have encountered many problems when using IIS6 to build websites. Some of these problems have been encountered in IIS5 in the past, and some are new. After many experiments, combined with previous troubleshooting experience, we made With this summary, I hope it can help everyone.
Problem 1: Parent path is not enabled
Symptom example:
Server.MapPath() error'ASP 0175: 80004005'
Not allowed Path character
/0709/dqyllhsub/news/OpenDatabase.asp, line 4
is not allowed in the Path parameter of MapPath character'..'.
Cause analysis:
Many Web pages use statements such as ../ format (that is, returning to the previous page, that is, the parent path). However, for security reasons in IIS6.0, this option is turned off by default.
Solution:
In IIS Properties->Home Directory->Configuration->Options. Check the box next to "Enable parent paths". Confirm refresh.
Problem 2: Improper configuration of ASP's Web extension (also applicable to ASP.NET, CGI)
Symptom examples:
HTTP error 404 - File or directory not found.
Cause analysis:
In IIS6.0, there is a new web program extension option, in which you can allow or disable ASP, ASP.NET, CGI, IDC and other programs. By default, ASP and other programs are prohibited.
Solution:
Select Active Server Pages in the Web service extension in IIS and click "Allow".
Issue 3: Improper authentication configuration
Symptom examples:
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Cause analysis:
IIS supports the following Web authentication methods:
(1) Anonymous authentication
IIS creates an IUSR_computer name account (where the computer name is the name of the server running IIS), which is used to authenticate anonymous users when requesting Web content. They authenticate. This account grants the user local login permissions. You can reset anonymous user access to use any valid Windows account.
(2) Basic authentication
Use basic authentication to restrict access to files on the NTFS format Web server. With basic authentication, users must enter credentials, and access is based on user ID. User IDs and passwords are sent across the network in clear text.
(3) Windows Integrated Authentication
Windows Integrated Authentication is more secure than Basic Authentication and works well in intranet environments where users have Windows domain accounts. In integrated Windows authentication, the browser attempts to use the credentials used by the current user during the domain login process, and if the attempt fails, the user is prompted for a username and password. If you use Integrated Windows Authentication, the user's password will not be transmitted to the server. If the user is logged on to the local computer as a domain user, he does not have to authenticate again when accessing network computers in this domain.
(4) Digest authentication
Digest authentication overcomes many of the shortcomings of basic authentication. When using digest authentication, the password is not sent in clear text. Alternatively, you can use Digest Authentication through a proxy server. Digest authentication uses a challenge/response mechanism (the same mechanism used by Integrated Windows Authentication) where the password is sent in encrypted form.
.NET Passport Authentication
Microsoft .NET Passport is a user authentication service that allows single sign-on security to make users more secure when accessing .NET Passport-enabled Web sites and services. .NET Passport-enabled sites rely on a .NET Passport central server to authenticate users. However, the central server does not authorize or deny specific users access to individual .NET Passport-enabled sites.
Solution:
Configure different identity authentication as needed (usually anonymous identity authentication, which is the authentication method used by most sites). Authentication options are configured under IIS Properties->Security->Authentication and Access Control.
Issue 4: Improperly configured IP restrictions
Symptom examples:
HTTP Error 403.6 - Forbidden: The client's IP address is denied.
Reason analysis:
IIS provides an IP restriction mechanism. You can configure it to restrict certain IPs from accessing the site, or restrict only certain IPs from accessing the site. If the client is within the IP range blocked by you, or is not Within the range you allow, an error message will appear.
Solution:
Go to IIS Properties->Security->IP Address and Domain Name Restrictions. If you want to restrict access to certain IP addresses, you need to select Authorized Access, click Add to select the IP addresses that are not allowed. On the contrary, you can only allow access from certain IP addresses.
Issue 5: IUSR account is disabled
Symptom examples:
HTTP Error 401.1 - Unauthorized: Access denied due to invalid credentials.
Cause analysis:
Since the account used by the user for anonymous access is IUSR_machine name, if this account is disabled, the user will be unable to access.
Solution:
Control Panel->Administrative Tools->Computer Management->Local Users and Groups, enable the IUSR_machine name account.
Problem 6: Improperly set NTFS permissions
Symptom examples:
HTTP Error 401.3 - Unauthorized: Access is denied due to ACL settings on the requested resource.
Cause analysis:
The user of the Web client belongs to the user group. Therefore, if the NTFS permissions of the file are insufficient (for example, there is no read permission), the page will be inaccessible.
Solution:
Go to the security tab of the folder and configure the user's permissions, at least give read permission. The NTFS permission settings will not be described here.
Question 7: IWAM account out of sync
symptom example:
HTTP 500 - Internal server error
cause analysis:
The IWAM account is a built-in account automatically created by the system when IIS is installed. After the IWAM account is established, it is jointly used by Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties respectively, and the operating system is responsible for the synchronization of the IWAM passwords saved by these three parties. The system's password synchronization work for IWAM accounts sometimes fails, resulting in inconsistent passwords for IWAM accounts.
Solution:
If AD exists, select Start->Programs->Administrative Tools->Active Directory Users and Computers. Set a password for the IWAM account. Run c:InetpubAdminScripts>adsutil SET w3svc/WAMUserPass + password to synchronize the IIS metabase database password. Run cscript c:inetpubadminscriptssynciwam.vbs -v to synchronize the password of the IWAM account in the COM+ application.
Question 8: MIME setting problem As a result, certain types of files cannot be downloaded (taking ISO as an example).
Symptom examples:
HTTP error 404 - File or directory not found.
Cause analysis:
IIS6.0 canceled support for certain MIME types, such as ISO, causing client download errors.
Solution:
Properties->HTTP header->MIME type->New in IIS. In the subsequent dialog box, fill in the extension as .ISO and the MIME type as application.
In addition, firewall blocking, ODBC configuration errors, Web server performance limitations, thread limitations and other factors are also possible reasons for the inaccessibility of the IIS server, which will not be discussed one by one here.