IIS 6 Custom Errors

Okay, I'm losing it. Have three websites on a box running Server2003, IIS6. One public website has custom error messages working great. Decided to do similar for an Intranet site. Made the page, changed the custom error link in IIS6. Still shows the old, generic page. Looked back in IIS to be sure, and yep, shows custom page path. Looked at specific file (for a denied page), and it also shows custom page path. But, the page doesn't appear. In case it was a permissions deal, I moved the file to within the web but to an area where the user has permissions. Still get old generic error message. restarted services - same thing. restarted server - same thing....

Any ideas?

have you put the url path of ur custom error pages from the root of ur web server, so instance if u have a folder in the root call server_errors then the path for say ur 404error.asp would be /server_errors/404error.asp and message type will be URL

this will work for .htm,.html, .asp ... BUT remember if ur using .aspx files and an error occurs it won't work u need to change the web.config file.

have alook at the following link:

http://www.xefteri.com/articles/show.cfm?id=11

MarkOC,
Thanks for the reply. Great article! I think it's right on the money - I had been playing around and noticed that when I have a 401.3 to a non-.net subfolder, the correct error message shows, but it's only when the subfolder is an asp.net app that I get the problem. So, seems to be the application is not letting the error through - which is what the article states. (I'm slowly converting a site from asp to asp.net. The root and majority of the site is still asp, but I'm using subfolders to convert as I can to asp.net)

Still having problems...
I placed a basic aspx (before I get to the error capture in the article) page the in the root web's appropriate folder.

Added the custom error within webconfig - first used the full url and it didn't like it. (Understandable-should be virtual) Second, used /foldername/filename.aspx and it didn't like it. Third, used ../foldername/filename.aspx and it didn't like it. Fourth, moved the file to the apps folder, still didn't like it.

I've also edited the custom error setting in IIS6 at the application level to redirect to the aspx file. (With a 401.3 you can't use url - must use default or file.)

I'm still getting the error "Server Error in '/blog' Application.
Access is denied. blah blah Error message 401.3 blah blah"

Any ideas?

PS Really like the site you pointed me to. Some articles there I'm going to read next.

janet

Access denied errors is almost always related to an incorrect permission setting on some file/folder somewhere. The web server user account needs proper permissions to read, write, etc.

To All:

I have the same problem. I am trying to limit windows authentication with active directory and provide a custom 401.2 error page when a user is denied to the application.
The custom error page displays properly when garbage is entered in for the username or password. However, when entering in a proper "DOMAIN\username" and password that exists in AD but is set to be denied via web.config authentication, I get:

"Server Error in '/<application name>' Application.
Access is denied.
Description: An error occured...
Error message 401.2.: Unathorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials..."

I have checked permissions on the applications directory both within IIS6 and the NTFS permissions, etc.

Any other suggestion would be appreciative.

Thanks,
R.Hansen

with IIS6 on win 2003 servers you have to set the permissions correctly or u'll have all sorts of issues.

I've jsut done a migration from IIS 5 to IIS 6 this week with AD auth.

the folder ur error pages are located, did you create the folder in the site pages folder or did you add a Vir Dir?

also have u disabled anonymous access?
have u enabled basic auth?
have u enabled inter win auth?

I added the custom error page to the apps site folder and configured the custom errors tab for 401;2 to point to the custom error page. Integrated Windows Authentication is the only authentication method I am using. All others are unchecked. This is also in an intranet environment. (IIS6 on Window Server 2003)

When the error page in my previous post shows up (instead of my custom error page), the entry in the web log is:
2006-09-15 19:51:54 W3SVC1 SQLSERVER1 172.16.0.25 GET /IncidentReview/Default.aspx - 80 - 172.16.10.58 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+WOW64;+ SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04320;+Inf oPath.1) sqlserver1 401 2 2148074254

And the entry in the system App log is:
Event
Date: 9/15/2006 Source: ASP.NET 2.0.50727.0
Time: 1:51:54 PM Category: Web Event
Type: Information Event ID: 1314
User: N/A
Computer: SQLSERVER1


Event code: 4007
Event message: URL authorization failed for the request.
Event time: 9/15/2006 1:51:54 PM
Event time (UTC): 9/15/2006 7:51:54 PM
Event ID: 2349de2f5a2d4092b28204562ae1455e
Event sequence: 7
Event occurrence: 6
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/Root/IncidentReview-2-128028230424496154
Trust level: Full
Application Virtual Path: /IncidentReview
Application Path: D:\Inetpub\wwwroot\IncidentReview\
Machine name: SQLSERVER1

Process information:
Process ID: 1284
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE

Request information:
Request URL: http://sqlserver1/IncidentReview/Default.aspx
Request path: /IncidentReview/Default.aspx
User host address: 172.16.10.58
User: PATHWAYS\cosmotest
Is authenticated: True
Authentication Type: Negotiate
Thread account name: PATHWAYS\cosmotest

So, my only dilemma is that the wrong, non-customized error page shows up (a 401.2 error page with different text by the way than the 401-2.htm page found in %windir%\Help\iisHelp\common) when using a proper AD account and password that exists in AD, but when I enter a non-existent AD username or password, the custom error page I configured, displays just fine like I would expect. (The whole purpose is to restrict the web app to only those few that authenticate to a certain AD group and display a friendly error message to those who don't have access).

If I am overlooking anything or if you need more information please ask as I have been pounding my head against the wall for a good week now on this!

Thanks,
R.Hansen

if ur using Integrated Windows Authentication have you give domain users read access in the folders secutriy?

Yes, I have Domain users as having read permissions on all affected folders. I have experimented with other permissions but have not found the solution yet.

Thanks,
R.Hansen

I found a solution on the thread: "Handling Custom Error 401.2" by a post by iSpeakGeek at
http://forums.aspfree.com/microsoft-iis-12/handling-custom-error-401-2t-21027.html

Thanks to iSpeakGeek for a solution to this non-intuitive scenario.



R.Hansen