Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

IISADMPWD in IIS 6.0 - What changed?

  
   Web Hosting and Web Master Forums (Home) -> IIS RSS
Next:  asp pages not refreshing in browser  
Author Message
user1574

External


Since: Mar 31, 2004
Posts: 3



(Msg. 1) Posted: Wed Mar 31, 2004 2:46 pm
Post subject: IISADMPWD in IIS 6.0 - What changed?
Archived from groups: microsoft>public>inetserver>iis (more info?)
We recently upgraded our servers from Win2K w/IIS 5 to Win2K3 w/IIS 6.
Now we have the following problem:

When a user with an expired password attempts to log on, they are
correctly redirected to aexp.asp. Once they enter their old password
and new password (twice) and click submit, the page stays the same,
but the address bar changes from:

https://www.company.com to
https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/

instead of displaying the message saying their password has been
successfully changed.

We've also noticed that although we have "Allow anonomous access" to
the virtual directory, customized images located in that VD are not
displayed. By this we're assuming that you have to be authenticated
to the site (which you can't be with an expired password) before you
can actually hit those pages.

The NTFS permissions for the VD are the same on both the old IIS 5
server and the new IIS 6 server.

What has changed between IIS5 and IIS6 to make this stop working?

If I can't get this working the way it should, would it be logical to
change the following properties in the metabase to point to a
different SSL site in the domain that doesn't require authentication
and have them change their password through there?

AuthChangeURL
AuthExpiredURL
AuthNotifyPwdExpURL

Thanks for any assistance

 >> Stay informed about: IISADMPWD in IIS 6.0 - What changed? 
Back to top
Login to vote
user645

External


Since: Aug 23, 2003
Posts: 180



(Msg. 2) Posted: Thu Apr 01, 2004 9:47 am
Post subject: Re: IISADMPWD in IIS 6.0 - What changed? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Contractor Bob" <bobatjt3.com> wrote in message
news:7p4m60957dk4rf5ualgteui7fi0nqov8dg@4ax.com...
 > We recently upgraded our servers from Win2K w/IIS 5 to Win2K3 w/IIS 6.
 > Now we have the following problem:
 >
 > When a user with an expired password attempts to log on, they are
 > correctly redirected to aexp.asp. Once they enter their old password
 > and new password (twice) and click submit, the page stays the same,
 > but the address bar changes from:
 >
 > <a style='text-decoration: underline;' href="https://www.company.com" target="_blank">https://www.company.com</a> to
<font color=purple> > <a style='text-decoration: underline;' href="https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/</font" target="_blank">https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/</font</a>>
 >
 > instead of displaying the message saying their password has been
 > successfully changed.


Sure, IIS 6 is that secure, that it does not allow you, to change passwords
**without** having SSL (on port 443).
Fix:
generate a certificate (install certificate services and self register a
certificate)... make sure, the certificate, is applied to the site that runs
the password change page.<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: IISADMPWD in IIS 6.0 - What changed? 
Back to top
Login to vote
user1574

External


Since: Mar 31, 2004
Posts: 3



(Msg. 3) Posted: Thu Apr 01, 2004 9:47 am
Post subject: Re: IISADMPWD in IIS 6.0 - What changed? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Thanks, but we already have valid certificates from Verisign for all
our web sites including the one that is giving us the problem. The
sites are configured to require SSL.

The problem appears that the code does not work out of the box without
other changes to IIS that are different from what needed to be done in
IIS5.

It appears that aexp.asp does not correctly execute the
<form method="POST"
acttion="https://<%=Server.HTMLEncode(Request.ServerVariables("Server_Name"))%>/iisadmpwd/achg.asp?<%=Server.HTMLEncode(Request.QueryString)%>">

line correctly since all it does is continue to add
"/iisadmpwd/achg.asp?https://www.company.com:443/" to the end of the
address every time you click the OK button.



On Thu, 1 Apr 2004 06:47:27 +0200, "Egbert Nierop \(MVP for IIS\)"
<egbert_nierop.RemoveThis@nospam.com> wrote:

 >"Contractor Bob" <bobatjt3.com> wrote in message
 >news:7p4m60957dk4rf5ualgteui7fi0nqov8dg@4ax.com...
  >> We recently upgraded our servers from Win2K w/IIS 5 to Win2K3 w/IIS 6.
  >> Now we have the following problem:
  >>
  >> When a user with an expired password attempts to log on, they are
  >> correctly redirected to aexp.asp. Once they enter their old password
  >> and new password (twice) and click submit, the page stays the same,
  >> but the address bar changes from:
  >>
  >> <a style='text-decoration: underline;' href="https://www.company.com" target="_blank">https://www.company.com</a> to
<font color=green>  >> <a style='text-decoration: underline;' href="https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/</font" target="_blank">https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/</font</a>>
  >>
  >> instead of displaying the message saying their password has been
  >> successfully changed.
 >
 >
 >Sure, IIS 6 is that secure, that it does not allow you, to change passwords
 >**without** having SSL (on port 443).
 >Fix:
 >generate a certificate (install certificate services and self register a
 >certificate)... make sure, the certificate, is applied to the site that runs
 >the password change page.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IISADMPWD in IIS 6.0 - What changed? 
Back to top
Login to vote
user1574

External


Since: Mar 31, 2004
Posts: 3



(Msg. 4) Posted: Thu Apr 01, 2004 9:47 am
Post subject: Re: IISADMPWD in IIS 6.0 - What changed? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
We've also found that even after you authenticate to the site, if you
try to change your password, you always get a message back stating
that the password is either too short or does not meet the uniqueness
restrictions, even though the new password meets both the
requirements.



On Thu, 1 Apr 2004 06:47:27 +0200, "Egbert Nierop \(MVP for IIS\)"
<egbert_nierop RemoveThis @nospam.com> wrote:

 >"Contractor Bob" <bobatjt3.com> wrote in message
 >news:7p4m60957dk4rf5ualgteui7fi0nqov8dg@4ax.com...
  >> We recently upgraded our servers from Win2K w/IIS 5 to Win2K3 w/IIS 6.
  >> Now we have the following problem:
  >>
  >> When a user with an expired password attempts to log on, they are
  >> correctly redirected to aexp.asp. Once they enter their old password
  >> and new password (twice) and click submit, the page stays the same,
  >> but the address bar changes from:
  >>
  >> <a style='text-decoration: underline;' href="https://www.company.com" target="_blank">https://www.company.com</a> to
<font color=green>  >> <a style='text-decoration: underline;' href="https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/</font" target="_blank">https://www.company.com/iisadmpwd/achg.asp?https://www.company.com:443/</font</a>>
  >>
  >> instead of displaying the message saying their password has been
  >> successfully changed.
 >
 >
 >Sure, IIS 6 is that secure, that it does not allow you, to change passwords
 >**without** having SSL (on port 443).
 >Fix:
 >generate a certificate (install certificate services and self register a
 >certificate)... make sure, the certificate, is applied to the site that runs
 >the password change page.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IISADMPWD in IIS 6.0 - What changed? 
Back to top
Login to vote
michael_dols

External


Since: Nov 01, 2004
Posts: 1



(Msg. 5) Posted: Mon Nov 01, 2004 2:27 pm
Post subject: Re: IISADMPWD in IIS 6.0 - What changed? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Changed permissions and 401 errors - Hi all, I have a webserver which was working fine for a while now. Then yesterday I started getting 401 errors and upon further investigation noticed that the NTFS permissions for the anonymous IIS user was simply Deny Wirte. I changed the permission o...

Can a webservice namespace be changed in IIS? - I wrote a webservice in which I changed the default namespace with the namespace attribute of the webservice. Works fine on the development PC as well as my over my LAN. But when I upload the DLL to my hosting company I get this error: This web servic...

IIS won't recognize if an ASP page has been changed - With Windows 2003 Server... Imagine the following scenario: there is a simple ASP page, for example just a single Response.Write statement. There is a virtual directory pointing to the directory, where the ASP page is stored. If I change this ASP page....

IISADMPWD - hi ng, i've installed the virtual directorie like the KB-article from MS. but if i try to change the password i get following error: Error: General access denied error any ideas? thanks for help Wolfgang Friesenecker

IIS 6.0 IISADMPWD - I'm trying to configure IISADMPWD within IIS 6.0 with no luck. I have created an virtual directory to C:windows\systems...iisadmpwd. When I browse I get this error: The page cannot be found HTTP Error 404 - File or directory not found. Internet..
   Web Hosting and Web Master Forums (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]