IIS6 set up website common problems and symptoms example

Question 1: The parent path is not enabled. Example: Server.MapPath() Error\\'ASP 0175 : 80004005\\' The Path character is not allowed 0709/dqyllhsub/news/OpenDatabase. Asp, line 4 The character \\'..\\' is not allowed in the Path parameter of MapPath. Analysis of the cause: Many Web pages use statements such as ../format (that is, return to the previous page, which is the parent path), and IIS 6.0 is closed by default for security reasons. Workaround: In the Properties -> Home Directory -> Configuration -> option in IIS. Put ” enable the parent path “ in front of the tick. Confirm the refresh. Question 2: ASP's Web extension is not properly configured (also for ASP.NET, CGI) Symptoms: HTTP Error 404 - File or directory not found. Reason analysis: In IIS6.0, the option of web program extension has been added. You can enable or disable programs such as ASP, ASP.NET, CGI, IDC, etc. By default, ASP and other programs are forbidden. Solution: Select Active Server Pages in the Web Services Extension in IIS and click <;Allow”. Problem 3: Improper authentication configuration Example of symptoms: HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. Cause Analysis: IIS supports the following web authentication methods: (1) Anonymous authentication IIS creates an IUSR_ computer name account (where the computer name is the name of the server running IIS), which is used when an anonymous user requests web content. They authenticated. This account grants users local login privileges. You can reset anonymous user access to use any valid Windows account. (2) Basic authentication Use basic authentication to restrict access to files on NTFS-formatted web servers. With basic authentication, the user must enter credentials and the access is based on the user ID. User IDs and passwords are sent in clear text between networks. (3) Windows Integrated Authentication Windows Integrated Authentication is more secure than Basic Authentication and works well in an intranet environment where users have Windows domain accounts. In integrated Windows authentication, the browser attempts to use the credentials that the current user used during the domain login process, and if the attempt fails, the user is prompted for a username and password. If you use integrated Windows authentication, the user's password will not be transferred to the server. If the user logs in to the local computer as a domain user, he does not have to authenticate again when accessing the network computers in this domain. (4) Digest authentication Digest authentication overcomes many of the shortcomings of basic authentication. When using digest authentication, the password is not sent in clear text. Alternatively, you can use digest authentication with a proxy server. Digest authentication uses a challenge/response mechanism (a mechanism used by integrated Windows authentication) where passwords are sent in encrypted form. .NET Passport Authentication Microsoft .NET Passport is a user authentication service that allows for single sign-in security, making it more secure for users to access .NET Passport-enabled Web sites and services. Sites with .NET Passport enabled rely on the .NET Passport central server to authenticate users. However, the hub server does not authorize or deny specific users access to individual .NET Passport-enabled sites. Workaround: Configure different authentications as needed (typically anonymous authentication, which is the authentication method used by most sites). Authentication options are configured under IIS Properties -> Security -> Authentication and Access Control. Problem 4: Improper configuration of IP restrictions Example of symptoms: HTTP error 403.6 - Forbidden access: The client's IP address is rejected. Cause Analysis: IIS provides an IP restriction mechanism. You can configure to restrict certain IPs from accessing the site, or restrict only certain IPs to access the site, and if the client is in the IP range that you are blocking, or not An error message will appear within the range you allow. Solution: Go to IIS Properties -> Security -> IP Address and Domain Name Restrictions. If you want to restrict access to certain IP addresses, you need to select authorized access, click Add to select the IP address that is not allowed. Otherwise, only certain IP addresses can be accessed. Question 5: IUSR account is disabled Symptoms: HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Analysis of the cause: Since the account used for anonymous access by the user is the IUSR_ machine name, if this account is disabled, the user will be inaccessible. Workaround: Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, enable the IUSR_ machine name account. Problem 6: Improper settings for NTFS permissions Example of symptom: HTTP error 401.3 - Unauthorized: Access is denied due to ACL settings for the requested resource. Cause Analysis: The user of the web client belongs to the user group. Therefore, if the file has insufficient NTFS permissions (for example, no read permission), the page will be inaccessible. Solution: Enter the security tab of the folder, configure the permissions of the user, at least give read permissions. The NTFS permission settings are no longer described here. Question 7: IWAM account is out of sync Symptom example: HTTP 500 - Internal Server Error Cause Analysis: The IWAM account is a built-in account automatically created by the system when IIS is installed. After the IWAM account is established, it is used by the Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties, and the operating system is responsible for the synchronization of the IWAM passwords saved by the three parties. The system's password synchronization work for IWAM accounts sometimes fails, resulting in inconsistent passwords for IWAM accounts. Workaround: If AD exists, select Start -> Programs -> Administrative Tools -> Active Directory Users and Computers. Set a password for the IWAM account. Run c:\\Inetpub\\AdminScripts>adsutil SET w3svc/WAMUserPass + password to synchronize IIS metabase database passwords to run cscript c:\\inetpub\\adminscripts\\synciwam.vbs -v Synchronize IWAM account passwords in COM+ applications Question 8: MIME settings issues Cause some types of files cannot be downloaded (in the case of ISO) Symptoms: HTTP Error 404 - File or directory not found. Cause Analysis: IIS 6.0 canceled support for certain MIME types, such as ISO, causing client download errors. Workaround: In IIS Properties -> HTTP Header -> MIME Type -> New. In the subsequent dialog, the extension is filled in with .ISO and the MIME type is application.