Announcement

Collapse
No announcement yet.

IIS Anonymous access. Unknown user name or bad password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IIS Anonymous access. Unknown user name or bad password

    I donno whether this will fit into this topic or not. But i faced this issue yesterday and my boss needs an explanation. I am already trying . But may use the expertise of you guys in this forum.

    LOG:

    Event Type: Warning
    Event Source: W3SVC
    Event Category: None
    Event ID: 100
    Date: 8/10/2009
    Time: 9:13:19 AM
    User: N/A
    Computer: ABC
    Description:
    The server was unable to logon the Windows NT account 'Domain\USER' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.
    For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 2e 05 00 00 ....

    ISSUE:

    IIS Anonymous access for a Virtual directory in the server ABC has configured under the "Domain\USER" to run.

    I was going thru the IIS settings to fix another security scan result. Maybe i clicked "OK" button at some point in the IIS Config box after checking the Integrated Windows Authentication Check box.

    This Virtual directory settings has not been changed ever since i remember. But suddenly it said the Password provided is wrong and started to Lock the Domain\USER account. When i changed the ID in the IIS Virtual Directory to another Domain ID, it started working fine.

    Log:

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 529
    Date: 8/10/2009
    Time: 9:13:19 AM
    User: NT AUTHORITY\SYSTEM
    Computer: ABC
    Description:
    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: USER
    Domain: Domain
    Logon Type: 2
    Logon Process: IIS
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name: ABC
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Question:

    How can the password be wrong if it has been there for a long time?


    Norbert

  • #2
    Re: Risks with changing iusr service account

    The user's password could have expired or been changed.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Risks with changing iusr service account

      Originally posted by gforceindustries View Post
      The user's password could have expired or been changed.
      No, its a service account and it has been set to "Password Never Expire". And iam the only one who knows the password of this Account.

      Thanks for your prompt reply gforce!!!

      After going thru an in depth research, I have one doubt.
      Can a Domain ID be used with the Logon Type 2(Interactive logon), does it really matter?
      Just now stumbled upon this revelation, shall i proceed in this insight or shud i look into different path?

      Norbert
      Last edited by norbert.ranjith; 11th August 2009, 20:43.

      Comment


      • #4
        Re: IIS Anonymous access. Unknown user name or bad password

        Split this from where it was originally posted as it had deviated from the original OP's question.

        Password may have lost it's sync between the AD account and what is in IIS. There is a VB Script in Inetpub\AdminScripts that can resync it if this is indeed the problem.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: IIS Anonymous access. Unknown user name or bad password

          Originally posted by biggles77 View Post
          Password may have lost it's sync between the AD account and what is in IIS.
          Hi biggles, thanks. Is it really possible that IIS may loose the Sync even though we didn't touch the password in the IIS and also the password in AD is never been changed?

          Norbert

          Comment


          • #6
            Re: IIS Anonymous access. Unknown user name or bad password

            I'm assuming that it is possible and that it does happen, otherwise why would MS have made an admin script to resync them?

            Comment


            • #7
              Re: IIS Anonymous access. Unknown user name or bad password

              And the how to is here
              http://blog.montopolis.com/2007/06/0...-user-account/
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: IIS Anonymous access. Unknown user name or bad password

                Hi All,

                Thanks for your response for this issue. I have replied to my boss stating that this is a possible and very rare occurrence and that i have no explanation how it happened.

                Once again thanks for all your help.


                Norbert

                Comment

                Working...
                X