IIS Lock Down Tool may break RDA or Replication that uses Anonymous authentication (310654)


The information in this article applies to:

  • Microsoft SQL Server 2000 Windows CE Edition 2.0
  • Microsoft SQL Server 2000 Windows CE Edition
  • Microsoft SQL Server 2000 Windows CE Edition 1.1
  • Microsoft SQL Server 2005 Mobile Edition
This article was previously published under Q310654

SYMPTOMS

If you install the Microsoft Internet Information Server (IIS) Lock Down Tool with all the default options, it may break a working Microsoft SQL Server 2000 Windows CE (SQL Server CE) or SQL Server 2005 Mobile Edition Remote Data Access (RDA) or Replication application that uses Anonymous authentication.

CAUSE

The default Setup of the IIS Lock Down Tool sets the following option:

"Set file permissions to prevent anonymous IIS users from writing to content directories."

SQL Server CE or SQL Server 2005 Mobile Edition Replication and RDA rely on three modes of IIS authentication:
  • Anonymous authentication
  • HTTP Basic authentication
  • Integrated Windows authentication

RESOLUTION

To resolve this problem:
  • If you use SQL Server CE connectivity applications or SQL Server 2005 Mobile Edition applications that use Anonymous authentication, clear this default option:

    "Set file permissions to prevent anonymous IIS users from writing to content directories."

    Otherwise the application may not run.

    -or-

  • You can reconfigure SQL Server CE connectivity applications or SQL Server 2005 Mobile Edition applications to use Basic or Integrated Windows authentication, not Anonymous, to run the tool.

MORE INFORMATION

SQL Server CE RDA and replication components communicate by using Web protocols. The SQL Server CE Client Agent on the Windows CE device uses HTTP to communicate with the SQL Server CE Server Agent ISAPI DLL on the Web server.

Steps to Reproduce the Problem

To reproduce the problem, use these steps:
  1. Set up the SQL Server CE Northwind_RDA sample as described in SQL Server CE 2000 Books Online.
  2. Run the setup for the IIS Lock Down tool.
  3. Click to select SERVER TEMPLATE (click Other Server).
  4. Click to select WEB SERVICE (HTTP).
  5. Select Scripts maps (disable all support).
  6. Click to select Additional Security (default).
  7. Clear this option:

    "Set file permissions to prevent anonymous IIS users from writing to content directories."

  8. Click to select Install URL scan filter.
  9. Run the SQL Server CE Northwind_RDA application and note that it still works ok.
  10. Run the IIS Lock Down setup again to undo the previous installation. Run the setup to keep the default option:

    "Set file permissions to prevent anonymous IIS users from writing to content directories."

    The SQL Server CE Northwind_RDA application fails with a 80070005 error message.

REFERENCES

IIS Lock Down Tool Books Online
Modification Type:MinorLast Reviewed:11/1/2005
Keywords:kbprb KB310654
©2004 Microsoft Corporation. All rights reserved.