We are running IIS 6 on Windows 2003. Our public website is configured to to allow anonymous access using the default IUSR_
Everything works just like it is supposed to until the server is rebooted. After a reboot, our public website challenges users to provide credentials. To fix this, we go into IIS Directory Security and re-enter the anonymous access account password to the same password that is in Active Directory. Then, everything works again.
What is going wrong that causes IIS to lose the anonymous password when the server reboots? Is there any way to fix this problem so that IIS will remember the password?
By default, IIS remembers configuration changes, such as altering the anonymous user password, unless you terminate IIS before it persists that change to disk. IIS6 runtime configuration is hosted by the IISADMIN service inside the inetinfo.exe process.
So, the real question is whether something:
- Killed IISADMIN service on the reboot, before it persisted the change to disk
- Or changed the anonymous user password to an invalid value on the server restart.
To verify what is going awry:
- Enter the password such that anonymous access works on IIS
- Open the IIS Manager UI, Right click on the Computer Name, select "All Tasks", and choose "Save Configuration to Disk". This forces IIS to persist the password to disk.
- Go ahead and reboot the server as you normally do
If anonymous access works after the reboot, then your problem was that the reboot was killing IIS prior to it persisting the encryptped password to disk. You intentionally persisted the change to disk from within the UI, thus breaking the cycle.
If anonymous access still fails, then your problem is that something outside of IIS runs during the reboot/restart process with administrative privileges and changes AT LEAST the anonymous user password in IIS to an incorrect value. You will have to figure out the identity of that arbitrary something and correct it - it is running with Administrative privileges and may be doing other inappropriate things.