Home
4Art
    Favorite Artists
    Personal Art
    Tutorials
 4Education
    Astronomy
    Cryogenic Fluids
    Logic & Circuits
 4Personal
    Dallas Photographs
    Cancun Photographs
    Hawaii Photographs
 4Professional
    Business Skill
    Employment History
    Programming
    Web Administration
 4Recreation
    Television
    Gaming - RPG
 4Administration
    Navigation
    Sites
    Users
    Groups
 
 

Microsoft Internet Information Services

This page is meant to collect problems I've encountered and solutions I've come across.

Problem: Intermittent Authentication / Authentication problems for specific users

Solution: In my experience, Kerberos (the default authentication protocol for Windows 2000 and later) is the cause. Firewalls, Proxies, and possibly other network components can block Kerberos tickets causing authentication problems for certain users, intermittent authentication problems for all users, and authentication problems in certain circumstances (i.e. VPN).

While I'm certain that many Microsoft advocates, security advisors, and other administrators would sneer at this advice, I suggest you just get rid of Kerberos authentication on your web server. I want the most secure solution that works, but if it doesn't work, screw it. I rarely have problems with NTLM. The following command will get rid of it, but you will need to open a command shell, and navigat to the admin scripts folder (c:\inetpub\adminscripts in windows 2003 and IIS 6):

cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"

A recent conversation on this topic:

oxygriffin: Brewer is thinking its kerberos
OxyJoshua: could be... that server might still be using Kerberos.
oxygriffin: would it hurt anything to turn it off ?
OxyJoshua: It shouldn't. We have it turned off on most servers.
OxyJoshua: http://www.drowlord.com/Professional/WebAdmin/iis.asp
oxygriffin: can u think of any problems it would cause if I turned it off ?
OxyJoshua: amateur cryptographers could sniff packets and find out your password?
oxygriffin: lol

Problem: IIS Logfiles in wrong format for WebTrends Reporting Services:

ConvertLogfiles.vbs

'==========================================================================================
'= Program:  WebTrends Logfile Fixer for IIS
'= FileName: ConvertLogFiles.vbs
'= Description: This script searches a directory for ex*.log files and converts them to
'=              ex*c.log files.  This conversion process simply inserts a date field if
'=              none is present.  This script was written to address compatibility issues
'=              with our IIS logfiles and WebTrends.
'=                  This script recurses through all subdirectories, so make sure that you
'=              Have adequate disk space for all related logfiles.
'= Syntax: cscript ConvertLogFiles.vbs
'= Written By: Joshua Jacobsen March 21st, 2006
'==========================================================================================
  		 
 
 
Email comments to: Joshua Jacobsen
Last modified: 3/21/2006 11:45:51 AM 		Make This Page Your HomepageMake This Page a FavoritePrint This Page
URL for this page: http://www.drowlord.com/Professional/WebAdmin/iis.asp
Copyright© 1999 - 2005 Joshua Jacobsen