Question : Windows 2003 Server - IIS 6 connection to shared server - Logon/Logoff errors Event 529 & 680

We have set up two IIS servers sharing files from a AD domain based Windows 2003 server. The Anonymous users connect ok and the web site is working. Load is balanced across the two web servers via a cisco content switch.

On the domain based shared server I created the users and passwords the same as the IIS anomyous users and they can see the files on the shared server.

However on the shared server we are getting thousands of 529 and 680 errors in the Security event log like these


Event Type:     Failure Audit
Event Source:   Security
Event Category: Logon/Logoff
Event ID:       529
Date:           9/3/1999
Time:           8:57:21 PM
User:           NT AUTHORITY\SYSTEM
Computer:       the shared server name
Description:
Logon Failure:
   Reason:            Unknown user name or bad password
   User Name:      DXXWEB01$
   Domain:            DMZ1
   Logon Type:     3
   Logon Process:    NtLmSsp
   Authentication Package: NTLM
   Workstation Name: DXXWEB01
   ...

Now there is no user anywhere I can find named DXXWEB01$.

The IIS anonymous users are IUSR_DXXWEB01

No $ sign.

We also get a 680 error like this

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:       12/10/2009
Time:       10:09:15 AM
User:       NT AUTHORITY\SYSTEM
Computer:      the shared server name

Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:      DXXWEB01$
Source Workstation:      DXXWEB01
Error Code:      0xC0000064

Answer : Windows 2003 Server - IIS 6 connection to shared server - Logon/Logoff errors Event 529 & 680

Ok.  There are 2 options we can try get the authentication working.

1.  Add 'Everyone' permissions to the share, on the share server.  (will be a security risk)

2.  Change the account that the Application Pool runs under to a local user, and setup the same local user account on the share server.


For 2:

- Create a local user on your IIS server.  
- Add this local user to the local IIS_WPG group.
- Give the account 'logon as a service' right.  You can do this by start --> run --> secpol.msc --> local policies --> User rights assignment --> login as a user --> add the new local user account.
- For the application pool that your website runs under, right click --> properties --> identity tab --> select 'configurable' --> select the local user account you created, and type in the same password you set this account to use.
- Run an IISRESET.  Browse something locally on your IIS server to ensure the app pool is working.

On the share server, create a new local user, using the exact same name and password as the user you created on the IIS server.

Add this local user to the share folder, giving it read or modify permissions.

Hopefully this should work!!!