IIS Lock Down Tool may break RDA or Replication that uses Anonymous authentication

This article was previously published under Q310654
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
If you install the Microsoft Internet Information Server (IIS) Lock Down Tool with all the default options, it may break a working Microsoft SQL Server 2000 Windows CE (SQL Server CE) or Microsoft SQL Server 2005 Compact Edition Remote Data Access (RDA) or Replication application that uses Anonymous authentication.
CAUSE
The default Setup of the IIS Lock Down Tool sets the following option:
"Set file permissions to prevent anonymous IIS users from writing to content directories."
SQL Server CE or SQL Server Compact Edition Replication and RDA rely on three modes of IIS authentication:
  • Anonymous authentication
  • HTTP Basic authentication
  • Integrated Windows authentication
RESOLUTION
To resolve this problem:
  • If you use SQL Server CE connectivity applications or SQL Server Compact Edition applications that use Anonymous authentication, clear this default option:
    "Set file permissions to prevent anonymous IIS users from writing to content directories."
    Otherwise the application may not run.

    -or-

  • You can reconfigure SQL Server CE connectivity applications or SQL Server Compact Edition applications to use Basic or Integrated Windows authentication, not Anonymous, to run the tool.
MORE INFORMATION
SQL Server CE RDA and replication components communicate by using Web protocols. The SQL Server CE Client Agent on the Windows CE device uses HTTP to communicate with the SQL Server CE Server Agent ISAPI DLL on the Web server.

Steps to reproduce the problem

To reproduce the problem, use these steps:
  1. Set up the SQL Server CE Northwind_RDA sample as described in SQL Server CE 2000 Books Online.
  2. Run the setup for the IIS Lock Down tool.
  3. Click to select SERVER TEMPLATE (click Other Server).
  4. Click to select WEB SERVICE (HTTP).
  5. Select Scripts maps (disable all support).
  6. Click to select Additional Security (default).
  7. Clear this option:
    "Set file permissions to prevent anonymous IIS users from writing to content directories."
  8. Click to select Install URL scan filter.
  9. Run the SQL Server CE Northwind_RDA application and note that it still works ok.
  10. Run the IIS Lock Down setup again to undo the previous installation. Run the setup to keep the default option:
    "Set file permissions to prevent anonymous IIS users from writing to content directories."
    The SQL Server CE Northwind_RDA application fails with a 80070005 error message.
REFERENCES
IIS Lock Down Tool Books Online
Properties

Article ID: 310654 - Last Review: 02/28/2014 04:30:39 - Revision: 4.6

  • Microsoft SQL Server 2000 Windows CE Edition 2.0
  • Microsoft SQL Server 2000 Windows CE Edition
  • Microsoft SQL Server 2000 Windows CE Edition 1.1
  • Microsoft SQL Server 2005 Compact Edition
  • kbnosurvey kbarchive kbprb KB310654
Feedback