Notice: Unexplainable Win2k/FrontPage Authentication Bug (IIS) w/ fix

I thought I'd let everyone know of a very annoying problem I ran into the other day and was just able to solve. One of our hosting servers had been working great when suddenly no one could connect via FrontPage, including admins.

Nothing had changed on the server, and the last thing installed was the .Net Mobile Internet Tool Kit, which was installed 2 days prior. No reboot and no iisreset had occured in weeks.

After HOURS of digging through newsgroups, forums and several different LAN admins I was about ready to wipe the server and start over. But at the last minute I decided to check if it was IIS not passing the authentication correctly (which I thought), or if it was a true OS issue.

I turned on auditing on a new web site I created and began to watch the entries come in as I tried to connect using FrontPage server extensions. Turns out the logs said I was authenticating OK, but then I was getting kicked off because I didn't have network access rights.

Low and behold all of the entries in the local security policy for 'Access this computer from the network' were gone accept IUSR, IWAM and ASPNET, all of which deal with anonymous access. Hence why you could still browser the sites, but not connect via a specific user. It also turns out I couldn't map a drive, but I didn't catch that until later.

I added back the groups everyone, users, power users, backup operators and administrators to match our other servers and poof. Now it works.

You can see this setting in administrative tools --> Local Security Policy --> User Rights Assignment --> Access this computer from the network

It really was a freak thing none of us can explain, but I thought you should all be aware of it in case it happens to you.

 

 

 

 

Top