Article ID: 318932 - View products that this article applies to.
This article was previously published under Q318932
This article has been archived. It is offered "as is" and will no longer be updated.
When users try to use anonymous access on your Web site, these users may receive the following error message on cluster members only:
"HTTP 401.1 - Unauthorized: Logon Failed"
Application Center 2000 creates a new IUSR account on each server that is added to the cluster. The name of this account is IUSR_ClusterController (where ClusterController is the computer name of the cluster controller). By default, the IUSR_ClusterController account is the anonymous user account on the cluster controller. Application Center replicates this metabase setting to all servers in the cluster; therefore, each cluster member must have this same named account to handle anonymous connections.
If you grant the IUSR_ClusterController account explicit permissions to your content, and then replicate your Web content with permissions, the cluster members cannot resolve the account security identifier (SID).
When Application Center 2000 replicates with permissions, it replicates the object (including files and folders) that contains the Access Control List (ACL). The ACL contains the SID of the IUSR_ClusterController account on the cluster controller. The IUSR_ClusterController accounts on the member servers have a different SID; therefore, the cluster members cannot resolve the SID to a local account. Because the SID cannot be resolved on the cluster members, the anonymous account does not have access to the content on cluster members.
To resolve this issue, do one of the following:
Application Center is designed to have full functionality with or without a Windows domain. Therefore, the same named account (IUSR_ClusterController) is created on each server to permit anonymous access. Otherwise, the Web site on the cluster members would be set to a nonexistent account.
Steps to Reproduce BehaviorTo reproduce the behavior, follow these steps:
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/279148/EN-US/ )PRB: Addition of New Application Center Member Fails When Anonymous Password Violates Password Policy