Must Enter Password Manually After You Set Password Synchronization

Article translations Article translations
Article ID: 259353 - View products that this article applies to.
This article was previously published under Q259353
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1
Expand all | Collapse all

SYMPTOMS

In Internet Information Server (IIS) version 4.0, when you clear the Enable Automatic Password Synchronization check box (or the Allow IIS to control password check box in IIS version 5.0), use the Browse button to browse to the IUSR_<computer> account, and then click to reselect the check box, the password field is blank and you must enter the password manually. However, when you just clear, select, and clear this setting, and you do not browse to the IUSR_<computer> account, the password field retains the entry, and you are not required to enter the password manually.
In addition, if the password is not entered, the Event Viewer logs may contain the following error message:
The server was unable to logon the Windows NT account 'IUSR_<machinename>' due to the following error: Logon failure: unknown user name or bad password.

CAUSE

By default, when in IIS you clear the Enable Automatic Password Synchronization or Allow IIS to control password check boxes, you are required to enter the password manually and anonymous authentication will fail until you do.

MORE INFORMATION

The following information details what occurs when you choose whether you want IIS to control the anonymous user password:
  1. On a new installation of IIS, the following metabase entries are created:
    • AnonymousPasswordSync = 1
    • AnonymousUserName = "IUSR_<COMPUTER>"
    • AnonymousUserPass = "<Random Password>"

  2. When you clear the Enable Automatic Password Synchronization or the Allow IIS to control password check box, the AnonymousPasswordSync value is set to 0. However, because the IIS metabase already contains the AnonymousUserPass setting, you are not required to enter the password.
  3. When you next select the Enable Automatic Password Synchronization or the Allow IIS to control password check box, IIS sets the AnonymousPasswordSync setting to 1 and then deletes the AnonymousUserPass setting from the metabase.
  4. When you clear the Enable Automatic Password Synchronization or the Allow IIS to control password check box again, the AnonymousPasswordSync value is set back to 0. However, because the metabase no longer contains the AnonymousUserPass setting, you must enter the password manually.

REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
253204 PRB: Error Message: The Server Was Unable to Logon the Windows NT Account IUSR_machinename
184730 Password Sync and IIS 4.0 Return FrontPage Error Message

Properties

Article ID: 259353 - Last Review: July 7, 2008 - Revision: 3.1
APPLIES TO
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
Keywords: 
kbpending kbprb KB259353

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com