IIS6.0 server station can not access the solution summary

A lot of friends have encountered a lot of problems when using the IIS6 website. Some of these problems have been encountered in the past IIS5, some are new, and they have been busy for one afternoon and have done many experiments. Combined with the previous troubleshooting experience, I made this summary, I hope to help you:)

Question 1: Parent path not enabled
Symptom example:
Server.MapPath() error 'ASP 0175 : 80004005'
Path characters not allowed
/0709/dqyllhsub/news/OpenDatabase.asp, line 4
The character '..' is not allowed in the Path parameter of MapPath.

Reason analysis:
Many web pages use statements such as ../format (ie return to the previous page, which is the parent path), while IIS6.0 is for security reasons. This option is turned off by default.

Workaround:
In IIS Properties -> Home Directory -> Configuration -> Options. Put a check mark in front of "Enable Parent Path". Confirm the refresh.

Question 2: ASP's Web extension is not properly configured (also for ASP.NET, CGI)

Examples of symptoms:
HTTP error 404 - File or directory not found.

Reason analysis:
Added the option of web program extension in IIS6.0, you can allow or prohibit programs such as ASP, ASP.NET, CGI, IDC, etc. by default. Programs such as ASP are forbidden.

Solution:
Select Active Server Pages in the Web Service Extension in IIS and click "Allow".

Problem 3: Inappropriate authentication configuration

Examples of symptoms:
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.

Cause Analysis: IIS supports the following web authentication methods:
Anonymous Authentication
IIS creates the IUSR_ computer name account (where the computer name is the name of the server running IIS), To authenticate anonymous users when they request web content. This account grants users local login privileges. You can reset anonymous user access to use any valid Windows account.
Basic Authentication
Use Basic Authentication to restrict access to files on NTFS-formatted web servers. With basic authentication, the user must enter credentials and the access is based on the user ID. User IDs and passwords are sent in clear text between networks.
Windows Integrated Authentication
Windows Integrated Authentication is more secure than Basic Authentication and works well in intranet environments where users have Windows domain accounts. In integrated Windows authentication, the browser attempts to use the credentials that the current user used during the domain logon process, and if the attempt fails, the user is prompted for a username and password. If you use integrated Windows authentication, the user's password will not be transferred to the server. If the user logs in to the local computer as a domain user, he does not have to authenticate again when accessing the network computers in this domain.
Digest Authentication
Digest authentication overcomes many of the shortcomings of basic authentication. When using digest authentication, the password is not sent in clear text. Alternatively, you can use digest authentication with a proxy server. Digest authentication uses a challenge/response mechanism (a mechanism used by integrated Windows authentication) where passwords are sent in encrypted form.
.NET Passport Authentication
Microsoft .NET Passport is a user authentication service that allows for single sign-on security, making it more secure for users to access .NET Passport-enabled Web sites and services. Sites with .NET Passport enabled rely on the .NET Passport central server to authenticate users. However, the hub server does not authorize or deny specific users access to individual .NET Passport-enabled sites.

Solution:
Configure different authentications as needed (generally anonymous authentication, which is the authentication method used by most sites). Authentication options are configured under IIS Properties -> Security -> Authentication and Access Control.

Problem 4: Improper IP restriction configuration

Example of symptom:
HTTP error 403.6 - Forbidden access: The IP address of the client is rejected.

Reason Analysis:
IIS provides an IP restriction mechanism, you can configure to restrict certain IPs from accessing the site, or restrict only certain IPs to access the site, and if the client is being If you block the IP range, or are outside the range you allow, an error message will appear.

Solution:
Enter IIS Properties -> Security -> IP Address and Domain Name Restrictions. If you want to restrict access to certain IP addresses, you need to select authorized access, click Add to select the IP address that is not allowed. Otherwise, only certain IP addresses can be accessed.

Question 5: IUSR account is disabled

Example of symptom:
HTTP error 401.1 - Unauthorized: Access is denied due to invalid credentials.

Analysis of the cause:
Since the account used for anonymous access by the user is the IUSR_ machine name, if this account is disabled, the user will be inaccessible.

Solution:
Control Panel -> Administrative Tools -> Computer Management -> Local Users and Groups, enable the IUSR_ machine name account.

Problem 6: NTFS permissions are not set properly

Symptoms:
HTTP Error 401.3 - Unauthorized: Access is denied due to ACL settings for the requested resource.

Cause Analysis:
The user of the Web client belongs to the user group. Therefore, if the file has insufficient NTFS permissions (for example, no read permission), the page will be inaccessible.

Solution:
Enter the security tab of the folder, configure user permissions, at least read permissions. The NTFS permission settings are no longer described here.

Question 7: IWAM account is not synchronized

Symptom example:
HTTP 500 - Internal server error

Cause analysis:
IWAM account is installed A built-in account automatically created by the system when IIS. After the IWAM account is established, it is used by the Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties, and the operating system is responsible for the synchronization of the IWAM passwords saved by the three parties. The system's password synchronization work for IWAM accounts sometimes fails, resulting in inconsistent passwords for IWAM accounts.

Workaround:
If there is AD, select Start -> Programs -> Administrative Tools -> Active Directory Users and Computers. Set a password for the IWAM account.
Run c:\\Inetpub\\AdminScripts>adsutil SET w3svc/WAMUserPass + password to synchronize IIS metabase database password
Run cscript c:\\inetpub\\adminscripts\\synciwam.vbs -v Synchronize IWAM account password in COM+ application

Problem 8: MIME setup issues cause some types of files to fail to download (ISO as an example)

Examples of symptoms:
HTTP Error 404 - File or directory not found.

Cause Analysis:
IIS 6.0 canceled support for certain MIME types, such as ISO, causing client download errors.

Solution:
In IIS Properties -> HTTP Header -> MIME Type -> New. In the subsequent dialog, the extension is filled in with .ISO and the MIME type is application.

In addition, firewall blocking, ODBC configuration errors, Web server performance limitations, thread restrictions and other factors are also possible reasons for the IIS server can not be accessed, here is no longer one by one. I hope this post can solve most of your questions :)