Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to browse web sites after server migration

Status
Not open for further replies.
confus9d

confus9d

Technical User
Jul 11, 2007
34
0
0
US
Hello,

We've recently migrated one of our web servers (also a Domain Controller) to a new domain. The procedures performed were following.
1. Demote from previous domain
2. Unjoin from previous domain
3. Promote as a domain controller in new domain

Now we can't seem to use any of the web sites except for the default one. All the websites have status "running" but I get following when i try to open a webpage:

You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the Web server.

Websites were configures to have annonoymous access and I still see IURS_ServerName as the user. I've tried adding basic authentication to get some idea. It looks like the Admin account can browse the webpage which confirms undelying code is not blocking any access. I assume it's IIS permission issue. Any thoughts?
 
Sort by date Sort by votes
Had this problem when I upgraded to 2k3. I uninstalled and re-installed IIS then went back and configured my settings again. Everything started working after that.

All lessons learned from the School of Hard Knocks........at least tuition is cheap.
 
Upvote 0 Downvote
The problem was created because Domain Controllers do not have their own "local" accounts. IIS usually uses IUSR_SERVERNAME for internal authentication. When you demoted the server and removed it from the other domain, those credentials essentially became invalid. You can easily create new IUSR and IWAM accounts and associate it with IIS on this machine. Just remember that because you are using IIS on a domain controller, your IUSR and IWAM accounts will be a domain account. To reset the account which IIS uses do the following:

1. Locate the adsutil.vbs script. This script is included in the \inetpub\adminscripts directory by default upon installation of IIS. If you removed the script for security reasons, you will need to locate a copy of it and place it in a temporary location on your server.

2. From a command prompt run the following from the directory containing the adsutil.vbs script.
cscript.exe adsutil.vbs set w3svc/anonymoususerpass "password"
cscript.exe adsutil.vbs set w3svc/anonymoususername "username"
cscript.exe adsutil.vbs set w3svc/wamuserpass "password"
cscript.exe adsutil.vbs set w3svc/WAMusername "username"

3. iisreset

That should do the trick for you.
-Joe
 
Upvote 0 Downvote
One more thing, check the ACL's on the directories containing the websites you having a problem with. If they do not have the current IIS_WPG group and the IUSR account with the appropriate permissions, you need to add them.

-Joe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
225
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
181
MaioMaio
MaioMaio
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
137
DeepuM
DeepuM
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
245
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
191
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top