401.1 – Unauthorized, using Anonymous access (IUSR account)

Just recently I was working on an issue were the customer was getting 401.1 – Unauthorized: Access is denied due to invalid credentials.

The authentication method used on the website was Anonymous access. I checked the Default Web Site and that is working fine. The authentication method on the Default Web Site is Anonymous access and Integrated Windows Authentication selected.

image

So with only Anonymous access the website seems to be failing with 401.1 – Unauthorized.

Let’s see what’s wrong with IUSR account.

Let’s search Metabase.xml for all occurrence of Anonymous account.

image

command: cscript.exe adsutil.vbs find anonymoususername

This shows we have anonymoususername configured at the global level.

If you had Anonymous user configured on different websites or at different levels in a website. You will see something like this

image

Let’s see what is the Anonymous user account we have on W3SVC

image

command: cscript.exe adsutil.vbs get W3SVC/anonymoususername

You can repeat the above command to check Anonymous account on different websites and levels. For example

image

Let us now check the occurrence of Anonymous Password. Here you see Anonymous password configured on different websites and at different levels.

image

command: cscript.exe adsutil.vbs find W3SVC/anonymoususerpass

For me, I am concerned about the IUSR account occurrence in the Metabase as the other’s are working fine.

I am going to remove all anonymoususerpass occurrence of IUSR except the W3SVC

image

command: cscript.exe adsutil.vbs delete W3SVC/1/ROOT/anonymoususerpass

Verify that you have IUSR only on W3SVC and if there are other websites make sure they have the correct password set.

Now, you can synchronize the anonymoususerpass by following Step 2: Re-synchronize the passwords from the KB article.

HTH