Geek Answers Handbook

IIS6 Virtual Directory 500 Error on Remote Access

We have our servers in a server farm in a domain. Let me call him LIVE.

Our development computers live in a completely separate corporate domain, in miles and miles. Let me call him CORP.

We have a large central storage unit (unix) that stores the images and other media needed by many web servers in the server farm. IIS application pools run as (let them say) LIVE \ MediaUser and use these credentials to connect to the central repository as a virtual directory, retrieve images and serve them as if they were local to each server.

The problem is in development.

On my development machine. I log in as CORP \ MyName. My IIS 6 application pool runs as a network service. I cannot start it as a user from the LIVE domain, because my machine is not (and cannot be) joined to this domain.

I'm trying to create a virtual directory, point it to the same network directory, click "Connect as", uncheck "Always use authenticated user credentials when checking access to the network directory" so that I can enter login information, enter credentails for LIVE \ MediaUser, click OK, check your password, etc.

This does not work. I get "HTTP Error 500 - Internal Server Error" from IIS.

The IIS log file reports sc-status = 500, sc-substatus = 16, and sc-win32-status = 1326.

The documentation states that this means that the UNC authorization credentials are incorrect, and Win32 status means "Login failed: unknown username or invalid password."

It would be good and good if it were close to the exact. I doubled and fixed the problem. I tried several well-known good logins. IIS Manager allows me to view the file tree in its window, but only the browser kicks me out.

I even tried going to the Directory Security tab, and in the Authentication and Access Control section I tried to use the same LIVE username for anonymous access credentials. Bad luck.

I am not trying to run any ASP, ASP.NET or other dynamic information from a virtual directory. I just want IIS to be able to upload static images, css and js files.

If anyone has bright ideas, I would be very grateful!

+6
iis cross-domain iis-6 virtual-directory
source share
3 answers

Ir my memory is correct, it depends on the user account that is used for authentication using IIS. If the virtual directory is configured for anonymous, then depending on the version of IIS, it will use a local computer account called IUSER_MACHINENAME. Here is a technologist’s article that explains how to change the user account used for anonymous authentication in IIS 6.0.

0
source share

We have the same situation. As mentioned above, IIS tries to use the IUSER_XXXX account for authentication for anonymous access, but this account must exist on both machines. You can get end-to-end authentication working in separate domains.

This works with a remote Windows file server due to the way NetLogon handles domain names - I'm not sure if it will work with a Unix server:

Following your example, you should create a domain user in your local domain (CORP \ MediaUser) with ID ID and password as the account "LIVE \ MediaUser". Then configure the virtual directory using the credentials "LIVE \ MediaUser" as before, but this time configure "CORP \ MediaUser" as an anonymous user for this virtual directory. Then it should work.

This will also work with the local account ("MYMACHINE \ MediaUser") if the login name and password match the name of the remote account.

0
source share

We had the same problem, but failed to fix it, even with the correct security permissions on the security tab. He worked one day and just suddenly stopped.

After many blows to the head, I went to the "Connect as" button next to the virtual directory, and, surprisingly, there were VARIOUS credentials than the security tab. I used the famous good service account and Viola ', it worked instantly.

-one
source share

More articles:


All Articles