RE: IUSR issue after patch

["Chris Mitchell" <cmitchell () smtusa com>]

We had a similar problem when upgrading from 2K to 2K3, if I remember
correctly in 2K Windows/IIS controls the IUSR account password, in 2K3 that
option is not available.  We manually set our password, and then matched it
in the default site configuration which applied to all other sites.  May
want to give that a shot.


Hope that helps
Chris

-----Original Message-----
From: hartmann [mailto:hartmann () thestar com my] 
Sent: Thursday, March 17, 2005 10:02 PM
To: 'H Carvey'; security-basics () securityfocus com
Subject: RE: IUSR issue after patch

Thanks Carvey.
That was the first place I took chances.
No good news...

Adam 

-----Original Message-----
From: H Carvey [mailto:keydet89 () yahoo com] 
Sent: Friday, March 18, 2005 1:10 AM
To: security-basics () securityfocus com
Subject: Re: IUSR issue after patch

In-Reply-To: <200503171236484.SM01660@itthomas>

Adam,

> - The server was unable to logon the Windows NT account 'IUSR_machinename'
> due to the following error: Logon failure: user not allowed to log on 
> to this computer. The data is the error code. -
>
> Any ideas guys?

Uh...google?

http://support.microsoft.com/kb/259353

Is this an EventLog entry?  If so, which event ID?  Search MSDN or
EventID.net on that one...

> All sites hosted by this web server are now inaccessble after a full system
patch.

Any thoughts on *which* patch this was?  Version of IIS?  Version of
Windows?

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________




/******************************************************************\
This message and any attachment(s) are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone or e-mail the sender and delete this message and any
attachment from your system. If you are not the intended recipient you must
not copy this message or attachment or disclose the content to any other
person.

Any opinion, view and/or other information in this message and/or any
attachment(s) hereto which do not relate to the official business of Star
Publications (Malaysia) Bhd shall not be deemed given nor endorsed by Star
Publications (Malaysia) Bhd. Our company is not responsible for any activity
that might be considered to be an illegal and/or improper use of email.

E-mail transmissions cannot be guaranteed to be secured or error-free as
information could be intercepted, corrupted, lost, destroyed, delayed,
incomplete or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message or for
any virus damage which may arise as a result of this e-mail transmission.
/******************************************************************\