Sharepoint impersonates the IUSR account and is denied access to resources

Article ID: 2686411 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:

You have configured a Forms-based authentication Web Application on a Sharepoint 2010 Server.

Symptom 1:

On trying to generate an Audit report, you receive the following error:

System.Runtime.InteropServices.COMException: Error HRESULT E_FAIL has been returned from a call to a COM component.

Symptom 2:

You investigate the process execution using Process Explorer ( http://technet.microsoft.com/en-us/sysinternals/bb896653
(http://technet.microsoft.com/en-us/sysinternals/bb896653)
 ) and notice that the process  includes a lot of 

Token NT AUTHORITY\IUSR:3e3

Symptom 3:

You may receive the following error in SQL:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'


Back to the top | Give Feedback

CAUSE

This is expected behavior at the time of creation of this article.

The knowledge base article 979917
(http://support.microsoft.com/kb/979917)
states: 

This hotfix makes a new application setting available in ASP.NET 2.0. The new application setting is 'aspnet:AllowAnonymousImpersonation'. You can enable this setting by adding the following section to the Web.config file: 
    <appSettings>
        <add key="aspnet:AllowAnonymousImpersonation" value="true" />
    </appSettings>
To enable this setting, you must have IIS 7 or IIS 7.5 running in Integrated mode. When this setting is enabled, the application runs under the security context of the IUSR identity.
Additionally, creating a Forms-based Authentication Web Application will enable the setting and set it to true.
Back to the top | Give Feedback

RESOLUTION

To workaround the issues, you need to determine if the setting is mandatory for your environment, and if not, you can set it to 'false'.
Back to the top | Give Feedback

MORE INFORMATION

Be advised that editing the Authentication provider for the web application will re-set the setting to the default value (true).
Back to the top | Give Feedback
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.
Back to the top | Give Feedback

Properties

Article ID: 2686411 - Last Review: March 16, 2012 - Revision: 4.0
APPLIES TO
  • Microsoft Office SharePoint Server
  • Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Server 2010
Keywords: 
KB2686411
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top