Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access denied to Internet visitors of IIS on Win2K Domain Controller

Status
Not open for further replies.
grantwilliams

grantwilliams

Programmer
Sep 8, 2003
66
AU
Hi all,

New to this, decided to try a Win 2K advanced server domain controller (trial version) on a network with 2 Win2K Pro PC's and a Win XP Pro laptop. In addition to the server being the only domain controller, I have set up IIS on it and it has a static IP. The IP is 202.9.39.71.

Computers within the domain are able to access the site without any problems, however computers outside of the domain are presented with a 403 error ("You are not authorized to view this page" - for those who don't know what a 403 is! [tongue]).

Anybody know what causes this? I've looked at the IIS security settings and don't see anything there... is it an Active Directory thing?

Thanks!

Grant
 
Sort by date Sort by votes
There should be a couple user accounts called IUSR_machinename and IWAM_machinename or something like that. Make sure they have at least Read and List NTFS permissions to the root of the website.
 
Upvote 0 Downvote
Thanks for the reply somebigguy. I have the anonymous access turned on for the default web site. How do I check the List NTFS permissions? I've had IIS set up on Win2K Pro and WinXP Pro before without any problems. Is there anything I need to change in the Active Directory?

Thanks,

Grant
 
Upvote 0 Downvote
Shouldn't have to turn anything on in Active Directory. Just browse to the root of your website, usually c:\inetpub\ or something like that. You can find out exactly where by checking the Home Directory tab in your website properties.

Once you've found the folder, Right-click it, choose Properties, then choose Security. At this point you can see if the user accounts I mentioned previously have any permission to the files. If not, add them...
 
Upvote 0 Downvote
Ok, I've done that. I have included IUSR_XXXX and IWAM_XXXX with Read, Read and Execute and the List NTFS permissions. But, alas, still receiving the 403 error from anywhere outside of the domain.
 
Upvote 0 Downvote
I've turned "Show friendly HTTP messages" off and this is what I get from outside of the domain.

Error - 403

--------------------------------------------------------------------------------

Failed to connect to server:
202.9.39.71 (80)

Reason: SockStream::Connect(): Unable to connect


What does this mean?
 
Upvote 0 Downvote
Sounds like a firewall issue. Looks like Port 80 isn't being allowed to pass in to the site from the outside world.

Nathan aka: zaz (zaznet)
zaz@zaz.net
 
Upvote 0 Downvote
I didn't even think of the firewall.... I don't have one installed on the PC, but I have a Netcomm NB1300 ADSL Modem/Router which has a firewall built in. It has port forwarding... It didn't occur to me that it would be blocking port 80!

Thanks! Will try this when I get home and get back to you.
 
Upvote 0 Downvote
By default it is likely blocking all ports. You will need to set up forwarding of 80 (and 443 if you want to use SSL) to the system running IIS.

Nathan aka: zaz (zaznet)
zaz@zaz.net
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
779
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
640
fightaccording
fightaccording
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
362
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top