I am running IIS 6 on 2003 servers. If I configuration Integrated
Windows Authentication, is it possible to pass one  of the user headers
to a J2EE application server on another 2003 box?
TIA,

It is said that the name in "issue to" section in the certificate should be
the same as the external server name of your web server.
I have installed an enterprise CA and tried to creat a new certificate from
the directory security in IIS. I noticed that the certificate will work ...

I copied over a new Default.htm file to a web server one day, and all
of a sudden whenever anyone went to our web site they were being
prompted to enter userId and password! Directory access was set to
anonymous.

Can someone tell me how to monitor IIS to see if users are using http or
https to access my site. Internet users should be using HTTPS, and users on
the Intranet should use HTTP. How can I monitor this activity.
Thanks

I am running IIS 5.0 on Windows 2000 PRO. Our web developers needed to create
or edit websites, for security reasons I cannot simply give them admin rights
or the password to the admin account.
For security reasons, we create the developers machines with non-admin

We just upgraded to Server 2003 and we run a program that now requires https.
The certificate was installed to change the site along with the certificate
to access the server.  When trying to connect to the https site, I get a page
cannot be displayed, cannot connect to server ...

For the love of god, please help me.   I can't afford to pull out any
more hair.
I have a small domain setup at my organization, all servers are windows
2003.  We are trying to configure certificate based logins using the

I have 2 W2K3 servers set up in a test domain. Server1 has both AD and
IIS while Server2 only has IIS. I am using the Default Web Site on both
IIS servers and have IWA checked for Directory Security. Anonymous
Access is not allowed except on the aspnet_client directory.

 my client's IIS certificate has expired. They got another one from a cert
auth, without generating a new request in IIS. So, they got a cert without
the private key. They have the expired cert with the private key. They want
to glue them together. How can they accomplish this?

When you use a Domain ID for your anonymous UserID, can IIS still manage the
password?

Does anyone have a list of services that are unrelated to IIS that should be
shut down? What I mean here is that these should be services that are not
needed or required that can be shut down as a means of reducing potential
vulnerability for the server as a whole.

On IIS v6.0, when logged in as local administrator or Domain Administrator, I
am able to browse the website.  However, once log out, I am not able to
browse the website (page can't be displayed).  Can anybody help??
Here is the iislog.

I have the wild card certificate but can't seem to install it anywhere.
From the SSL Diag I get:
ServerComment = test.mantis-tgi.com
ServerAutoStart = True

I had a security audit, and following was found:
"http trace method enabled"
Could somebody explain to me how to remediate this and what consequences if
any i might have. Thank you.

Hello All
I set a window authentication + permission for an active dir user in my
extranet.
os w2003r2 iis6