Posting Acceptor Repost Does Not Work with an FQDN or IP Address

ID: Q236392

The information in this article applies to:

Microsoft Site Server version 3.0

SYMPTOMS

When you post a file and use the NetBIOS name, the session initiated by Posting Acceptor (Cpshost.dll) remains. However, when a Fully Qualified Domain Name (FQDN) or IP address is used, the server initializes an entirely new session. This request fails with the following error message:

401 Access Denied

CAUSE

The Posting Acceptor does not have sufficient rights to run an ASP file on the server when the NetBIOS name is not used.

This is an Internet Explorer configuration issue on the server. File uploads will always succeed because the upload and writing the file to the directory is done in the security context of the IIS Anonymous User account (IUSR_MACHINENAME). Security is handled by protecting the ASP files. When the upload has been performed and the file has been written to the directory, Cpshost.dll calls WinInet to load Repost.asp. At this point, you are running on the server in the security context of the remote user. When calling a server using a NetBIOS name, the security context that WinInet uses is that of an Intranet site.

When a server is called using an FQDN or IP address, the security context that WinInet uses is that of an Internet site. The default setting in WinInet for an Internet site is for no automatic logon. This is why Repost.asp fails.

WORKAROUND

The security settings for WinInet can be changed in the Internet Explorer Internet Options dialog box. To resolve this issue, on the server, edit the Internet Explorer Security settings for the Internet zone. To do this, click Custom, click the Settings button, and change the User Authentication to Automatic Logon with Current Username and Password. This will allow CPSHOST or WinInet to run in the correct security context to load Repost.asp.

If users need to log on to the site before uploading, then this resolution will work if Membership accounts are being used. Windows NT accounts will only work if the remote user is a member of the Local Administrators Group on the Windows NT server. Allowing anonymous users will work as well.

STATUS

Microsoft has confirmed this to be a problem in Site Server 3.0 Service Pack 2.

Additional query words:


Keywords          : 
Version           : winnt:3.0
Platform          : winnt 
Issue type        : kbprb

Last Reviewed: July 30, 1999