Just recently, while troubleshooting an 401 Unauthorized error on an FBA site in SharePoint, I discovered that someone accidentally changed the password of the IUSR account (IIS Anonymous User) on one the IIS Web Sites.

The error in the browser was “HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials.” I’ve blogged about this sort of error before, and there can be many culprits. But having gone over the scenarios I know of that might cause this with no luck, I decided to look at the Event Viewer Security logs.

I quickly discovered a series of Failure Audits with event IDs 680, 529, 539. Event ID 529 was the one that caught my attention:

Logon Failure:
     Reason:        Unknown user name or bad password
     User Name:    IUSR_…

The problem was very apparent; there was an issue with the credentials being supplied by the IUSR account. I tested with another number of sites non of which generated the error, so it was definitely isolated to this particular web application (IIS Web Site). I verified the User Account and it was fine, so it had to be the password. I searched the web for a way to retrieve the IUSR account password and everything seemed to indicate that I should use the adsutil.vbs script (which works well, just remember to change “IsSecureProperty = True” with “IsSecureProperty = False“.) But I also saw a comment referencing the “Metabase Explorer”; very cool.. something that would let me browse through the IIS Metabase.

I downloaded and installed the IIS Resource Kit and used it to retrieve the password of the IUSR account (IIS Anonymous User.)

After installing the IIS Resource Kit, follow these steps to retrieve the IUSR password using the Metabase Explorer:

  1. Open the IIS Metabase Explorer by going to Start > All Programs > IIS Resources > Metabase Explorer > Metabase Explorer
  2. Go to the “View” menu and click on “Secured Data”  (this will make sure the password is not displayed as asterisks) and Inherited Data (this will display any data that the web site is inheriting from the default)

     image

  3. Expand the W3SVC Branch
  4. Expand the Branch of an IIS site that is running anonymous access

    image
    Note: To determine the ID of the IIS Site; select the “Web Sites” node in IIS and look for the Identifier column in the right pane.
     image

  5. Select the “Root” node and look for the AnonymousUserPass property in the right pane.
     image

Advertisements