Anonymous FTP Fails with password synchronization enabled

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:For more information about IIS 7.0, visit the following Microsoft Web site:

Symptoms

When you log into FTP anonymously, the following error message may occur:


c:\ftp ftp.someserver.com
Connected to ftp.someserver.com.
220 someserver Microsoft FTP Service (Version 4.0).
User (ftp.someserver.com:(none)): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
530 User someuser@microsoft.com cannot log in.
Login failed.
ftp>

Cause

If the World Wide Web Server component is removed during the installation of the Windows NT Option Pack, anonymous FTP login fails because automatic password synchronization relies on a DLL that is uninstalled with the World Wide Web Server component.

Resolution

To resolve this behavior, you must disable automatic password synchronization for the IUSR_ComputerName account. (This is the anonymous account.) To do this, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools (Common), and then click User Manager for Domains.
  2. To reset the anonymous account password, click Properties on the User menu, type the new password in the Password box, and then follow the on-screen prompts.
  3. After you have reset the anonymous account password, click Start, click Run, type Inetmgr.exe, and then click OK.
  4. In Internet Services Manager, right-click the URL for the FTP site that you want, and then click Properties.
  5. Click the Directory Security tab, and then under Anonymous Access and Authentication Control click Edit.
  6. Select the Allow Anonymous Access check box, and then click Edit.
  7. In the Anonymous User Account dialog box, click to clear the Enable Automatic Password Synchronization check box .
  8. In the Password box, type the password that you typed in step 2, and then click OK.

More Information

Password synchronization is a sub-authentication process used by Internet Information Server. This functionality is provided by the Iissuba.dll file. This DLL is uninstalled when the World Wide Web Server component is removed, which in turn causes anonymous FTP login to fail if the Enable Automatic Password Synchronization option is checked in the Security settings for the FTP service.

For more information on Password Synchronization and the sub-authentication process, click the following article numbers to view the articles in the Microsoft Knowledge Base:

216828 Password Synchronization/Allow IIS to Control Password may cause problems

218756 Logon privileges required for anonymous access

Eigenschaften

Artikelnummer: 269241 – Letzte Überarbeitung: 30.07.2008 – Revision: 1

Feedback