Saturday, October 4, 2008

Tips: Anonymous access gets error 401.1 every time the Domain Controller pushes the domain policy to the web server.

This problem had been troubleing me for a month already. After searching through the web i've finally gotten some hints on the possibilities of what had gone wrong and was able to fix it.

The reason why i received the error 401.1 overnight after i had done an IISRESET to the web server was because of my domain controller was refreshing the web server group policy at a certain time. The refresh happened to remove the IUSR_SERVER anonymous account from the group policy, threfore any anonynmou account trying to browse the web site would get the 401.1 error. If i run the IISRESET again, the group policy will be reset to the web server's original configuration, thus allowing anonymous users to browse the web site.

The solution to the problem is to edit the Domain Controller Domain Policy. Edit the "Access this computer from the network" policy under the "Local Policies-->User Rights Assignment" section and add in the IUSR_SERVER account into the policy. The next time the DC refreshes the web server policy, the IUSR_SERVER is included in the web server policy also. THe picture below shows the actual setup panel.