Error in Event Log After Deleting the Anonymous User Account

• Microsoft Internet Information Server version 3.0

SYMPTOMS

If you delete the IUSER_ account from User Manager for Domains because you are not using Anonymous authentication, but have the IUSER_ account and password in the WWW Service Properties, the event log may contain the following warning, if you use only Basic and Microsoft Windows NT Challenge Response for authentication:

Event id's 100 in the system log, source=w3svc. The server was unable
to logon the Windows NT account 'IUSER_ due to the following error:

Logon failure: Unknown user name or bad password. The data is the error code.

CAUSE

The browser is unaware of the authentication method used by the Web server. The browser tries the first method on the list, which is the IUSER_ account in the Services tab of the WWW Service Properties. When the browser finds that the IUSER_ account has been deleted, it checks for the next method on the list, Allow Anonymous.

If Allow Anonymous is not selected, the browser tries Basic Clear Text. If Basic Clear Text is also not selected, the browser tries Windows NT Challenge Response.

If Windows NT Challenge Response is selected and valid, the browser opens the site or page using this authentication method. Therefore, you do not see an error in the browser, but only a warning in the Event Viewer.

RESOLUTION

To resolve this problem, use one of the following methods:

• Use a valid account and password. To do so, follow these steps:
  
  
  • In WWW Service Properties, click the Service tab.
  
  
  
  • Add a user name that is a valid user account in User Manager for Domains, and give the user Log On Locally permissions.
  
  
  



• Do not delete the IUSER_ account, even if you are not using it.

Additional query words: iis

Keywords          : kbusage 
Version           : WinNT:3.0
Platform          : winnt 
Issue type        : kbprb 

Last Reviewed: April 30, 1999