Cannot access Web sites or cannot start IIS services that run under non-local system account and use Windows authentication with IIS

Symptoms

When you attempt to access a Web site that is configured for Integrated Windows authentication only, you may not be able to access the Web site even if you use valid credentials. If you attempt to access the site repeatedly, you may receive the following error message in the browser:
HTTP 401.1 - Unauthorized: Logon Failed
This may occur when all of the following conditions are met:


  • In Internet Information Services 5.0 (IIS 5.0), Anonymous access is not selected.
  • In IIS 5.0, Basic authentication (password is sent in clear text) is selected.
  • In Microsoft Internet Explorer, Show friendly HTTP error messages is not selected.

Additionally, when you try to start an Internet Information Services service, the service may not start.

Cause

The logon identity of the Internet Information Services (IIS) Admin service is different from the logon identity of the Local System account.

Resolution

To resolve this problem, verify that the Local System account is configured for the IIS Admin service. To do this, follow these steps:

  1. Click the Start button, click Settings, and then click Control Panel.
  2. Click Administrative Tools, and then click Services.
  3. Double-click IIS Admin Service.
  4. On the Log On tab, verify that the option for Local System Account is selected.
  5. On the Dependencies tab, verify that the following system components depend on the IIS Admin Service:
    • FTP Publishing Service
    • Indexing Service
    • Simple Mail Transport Service (SMPT)
    • World Wide Web Publishing Service

  6. In Services, check the services listed above to verify that each has the Log On option set to the Local System account.
NOTE: If the IIS Admin Service is not configured to run under the Local System account, but the dependent services are configured to run under the Local System account, you receive the following error message when you attempt to start the dependent services:
Error 1079: The account specified for this service is different from the account specified for other services running in the same process.
The Event Viewer displays the following error message:
Event Id:7000 Source: Service Control Manager
Description: The World Wide Web Publishing Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

Status

This behavior is by design.
Propriedades

ID do Artigo: 304201 - Última Revisão: 30 de jul de 2008 - Revisão: 1

Comentários