Troubleshooting and resolve HTTP 401.1 errors in IIS 6 by resetting IUSR password

After an unsuccessful IIS Admin configuration, all of my ASP.NET web sites went down with the following error message:

HTTP 401.1: Denied by invalid user credentials

I checked the server, all web services are running, but just could not browse the web sites. And since all of these web sites are in Anonymous authentication, I believe the cause for it was the below:

This error may also occur when anonymous access is configured. This may occur if the user name or password for the anonymous account that is stored in the IIS metabase differs from the actual information stored in the local user database (or the Active Directory directory service, if a domain account is used).

So the solution is to “Resetting the password for the account and in IIS”.

Since I don’t want to create a new password for the IUSR_SERVERNAME, I decided to find out the current password for IUSR in IIS metadata then update the password for this local account on the server.

How to get the IUSR and IWAM user account passwords on an IIS 6.0 server

Open up command prompt and navigate to C:\Inetpub\AdminScripts.  Then type:

cscript.exe adsutil.vbs get w3svc/anonymoususerpass

If everything goes well, you will see the following with the password in ***** format:

C:\Inetpub\AdminScripts>cscript.exe adsutil.vbs get w3svc/anonymoususerpas
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

anonymoususerpass               : (STRING) "**********"

To display the IUSR and IWAM account passwords in cleartext, you need to open C:\Inetpub\AdminScripts and edit Adsutil.vbs in Notepad. Find this line:

    If (Attribute = True) Then
        IsSecureProperty = True
    Else
        IsSecureProperty = False
    End If

and change it to:

    If (Attribute = True) Then
        IsSecureProperty = False
    Else
        IsSecureProperty = False
    End If

Now run the script commands above again and you will see the passwords in clear text. Of course, please make sure to put Adsutil.vbs back to the way it was.

And the following command is to view the IWAM user password

cscript.exe adsutil.vbs get w3svc/wamuserpass

After you get these password, you can update the local account passwords by navigating to “My Computer”, right clicking “Manage” option to Computer Management console. And select “Local Users and Groups” node, then highlight the user “IUSR_SERVERNAME” and select reset password option. Do the same to the IWAM user, and restart the IIS Admin service then you are done.

Note: I said the commands are for IIS 6.0, and there is difference in IIS 7.0. Have fun.

Share
Tags:

One thought on “Troubleshooting and resolve HTTP 401.1 errors in IIS 6 by resetting IUSR password

Leave a Reply

Your email address will not be published. Required fields are marked *


two + 7 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>