When users try to access content on a server that is running Internet Information Services (IIS) through HTTP or File Transfer Protocol (FTP), IIS returns a numeric code that indicates the status of the request. This status code is recorded in the IIS log, and it may also be displayed in the Web browser or FTP client. The status code can indicate whether a particular request is successful or unsuccessful and can also reveal the exact reason why a request is unsuccessful.
Sample Event:
IIS 5: Digest authentication: invalid authentication for user "%1", realm "%2".
To use Digest authentication, all the following conditions must be met:
All clients must use Microsoft Internet Explorer 5 or later.
An authenticating domain controller and the server that is running IIS must exist in a trusted environment.
Both the domain controller and the server that is running IIS must be using a member of the Microsoft Windows 2000 or later family.
The user must use a domain-level account that is turned on to store the password in reversible encryption.
If the domain controller is running Windows 2000, subauthentication must be enabled for Digest authentication to work because Digest authentication in Windows 2000 is implemented with subauthentication. Subauthentication, or IISSuba.dll, is automatically copied in the C:\Windows\System32 folder when you set up Windows 2000
For additional information specific to this message please visit the Microsoft Online Support site located at: Internet Information Server 5.0 Support Pages
Target | Microsoft.Windows.InternetInformationServices.2000.WebServer | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 3 | ||
Event Source | IISMAP | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | System | ||
Comment | Mom2005ID='{1E2FFBF4-5117-11D3-87EC-0090270D4908}' |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Security__Digest_authentication__invalid_authentication_1_9_Rule" Comment="Mom2005ID='{1E2FFBF4-5117-11D3-87EC-0090270D4908}'" Enabled="onStandardMonitoring" Target="Microsoft.Windows.InternetInformationServices.2000.WebServer" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>IISMAP</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Security__Digest_authentication__invalid_authentication_1_9_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>