search cancel

Troubleshooting Web Agent / IIS 6.0 User Permission Issues - Windows 2003 Logging Configuration.

book

Article ID: 53551

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

When attempting to determine whether there exists a user file or service permission problem running the Web Agent ISAPI filter/extension within IIS 6.0, by default Windows 2003 is not configured with adequate audit failure logging. Examples of such problems are inadequate user permissions on a Web Agent log directory or within IIS itself (process-level user permissions within an application pool).

Solution:

To increase security audit logging, do the following:

Under 'Start'->'Settings'->'Control Panel'->'Administrative Tools', select 'Local Security Settings'.
Within the configuration window (left pane), navigate to 'Security Settings' -> 'Local Policies' -> 'Audit Policy'. In the right pane, you will find the following audit log defaults:

Windows 2003 System Defaults
----------------------------
Audit account logon events  [Success]
Audit account management  [No auditing]
Audit logon events   [Success]
Audit object access   [No auditing]
Audit policy change   [No auditing]
Audit privilege use   [No auditing]
Audit process tracking   [No auditing]
Audit system events   [No auditing]

For full logging, change these to:

Audit account logon events  [Failure]
Audit account management  [Failure]
Audit logon events   [Failure]
Audit object access   [Failure]
Audit policy change   [Failure]
Audit privilege use   [Failure]
Audit process tracking   [Failure]
Audit system events   [Failure]

After changing these settings, do the following to completely restart IIS and the Web Agent:

  • Shutdown IIS with the commandline option "iisreset /stop".

  • Wait for LLAWP.exe to terminate (ensure it does not appear in Task Manager).

  • Start IIS with the commandline option "iisreset /start".

  • Request a protected (non-functional) resource to test and log the failure.

  • Review the Windows 'Security', 'Application', and 'System' event logs for all failures from the timestamps of IIS startup and the test request.

Please see the following screenshot for the exact location to change these Windows permission settings:

<Please see attached file for image>

Figure 1

Environment

Release:
Component: SMIIS

Attachments

1558711588505000053551_sktwi1f5rjvs16sa8.gif get_app
Powered by Wolken Software