IIS 5.0 or IIS 6.0-based Web servers that have Microsoft Operations Manager (MOM) 2005 and the IIS Management Pack installed may randomly add IP address and domain name restrictions to all Web sites on the local computer (912156)


The information in this article applies to:

  • Microsoft Operations Manager 2005
  • Microsoft Internet Information Services version 6.0
  • Microsoft Internet Information Services 5.0

SYMPTOMS

Microsoft Internet Information Services (IIS) 5.0 or IIS 6.0-based Web servers that have Microsoft Operations Manager (MOM) 2005 and the IIS Management Pack installed randomly add IP address and domain name restrictions to all Web sites on the local computer.

CAUSE

This problem occurs because the IIS Management Pack Security: Error 401: "Access Denied" Error - Alert rule is enabled on the MOM 2005 server.

RESOLUTION

To resolve this problem, download the latest version of the IIS Management Pack. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/management/mma/catalog.aspx

WORKAROUND

To work around this problem, disable the Security: Error 401: "Access Denied" Error - Alert rule. To do this, follow these steps:
  1. In the MOM Administrator console, expand Microsoft Operations Manager (Site), expand Management Packs, expand Rule Groups, expand Microsoft Windows Internet Information Services, expand Internet Information Services version, expand Core Services, expand World Wide Web Publishing Service, and then click Event Rules.
  2. In the details pane, right-click Security: Error 401: "Access Denied" Error - Alert, and then click Properties.
  3. Click the General tab, click to select the This rule is disabled check box, and then click Apply.
  4. Right-click Security: Error 401: "Access Denied" - Event Consolidation, and then click Properties.
  5. On the General tab, select This rule is disabled, and then click Apply.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

The following behavior occurs, in the order in which it is presented:
  • The Security: Error 403: "Forbidden" Error - Alert rule or the Security: Error 401: "Access Denied" Error - Alert rule triggers the Automatic IP Deny Script.
  • The Automatic IP Deny Script updates the IP Deny List
The Security: Error 401: "Access Denied" Error - Alert rule has been removed from the publically available versions of the IIS Management Pack, and the Security: Error 403: "Forbidden" Error - Alert rule was removed in Microsoft Operations Manager 2005 Service Pack 1 (SP1).

For more information about the IIS Management Pack, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=F2049784-923D-4A33-B377-C39CE94A193B&displaylang=en

REFERENCES

For more information about MOM 2005, visit the following Microsoft Web site:

http://www.microsoft.com/mom/default.mspx

Modification Type:MajorLast Reviewed:2/2/2006
Keywords:kbBug kbprb kbtshoot KB912156 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.