TechNet Top Questions - November 10, 2000

Article
12/22/2008

Little Red Error Icon – What is it?

From the IIS Newsgroup:

Q: Hello all,

What does the red error icon next to a virtual directory in the MMC mean? I can still use the virtual directory...

Thanks in advance...
Sam

A: It basically means that the anonymous user account will probably not have access to this directory.

Normally it is because the IUSR_Computername account is a local account, not a domain account. It also depends on the username/password you used for the connectAS dialog to the remote virtual directory.

Chris Crowe [MVP]
IISFAQ Web Site
https://www.IISFAQ.COM

Another possibility (documented in Knowledge Base Article 195639 Nonexistent Virtual Directory Returns a 403 Error) is:

If you created a virtual directory using the Microsoft Management Console (MMC) and set the access properties to None, if you then delete the directory from the file system itself (through Windows Explorer for example), you will receive the 403 error (access denied) when you access that URL.

The reason this occurs is because the access permissions of that virtual directory still exist in the IIS metabase. The metabase and the file system do not synchronize with each other.

To resolve this problem, open the IIS MMC and check to see if the virtual directory still exists. If it does, delete it to resolve the problem.

Note: If you have restarted the computer or performed a net stop w3svc, then the directory will show a red stop sign for an icon, indicating that there is a problem.

Comment: It seems like a stretch that this scenario could be the root of the problem, but maybe you created the virtual directory, deleted it, and recreated it, you might get into the situation described above. Check to see if there are any 403 (or any others related to ISI) errors being logged in Event Viewer.

ZoneAlarm! ZoneAlarm!

Not exactly a Microsoft product, but a cool application.(free, no less, from https://www.zonelabs.com and a good question.

Q: Hi, folks.

Internet:

I'm using ZoneAlarm, and occasionally it claims that someone has tried to contact my computer and gives me an IP-number and a port number. Now: How much information can be read out of the IP-number (maybe with help from open databases on the internet)?

The country where the IP-number belongs?

The name of the 'intruders' internet-provider?

Are there any good programs to track down the 'intruder'???

--Martin

A: How about www.samspade.org?

You could also take a look at neotrace.

- Joe Anonymous

Make a note of the IP address and go along to https://www.SamSpade.Org and punch in the address there, it will provide you with a lot of information about where the IP is registered etc.

Good Luck
Mike Waters MCP+I MCSE.

Quick Tip: Hiding SQL Server System Objects

Q: Hello all,

I want to configure my Enterprise Manager Client (SQL Server 7.0) to hide all system objects (tables/views/sps; type=system).

Although I searched Help and MSDN, I didn't get any solution for that (little) problem...

Dani Mohr

And the right-to-the-point-answer:

A: Edit server registration properties & uncheck "Show system databases and system objects".

Umachandar Jayachandran

Windows Networking: Routing Between Two Subnets

Q: I would like to reduce network broadcast (one is for office works, another is for steaming service). I have divided the network into 2 subnets (A and B - A for office, B for steaming). However, the router is at subnet A only, and the subnet B is also need the Internet Access and get resources from subnet A (sometime). In order to achieve this goal, I set up a Windows NT 4 *workstation* (w/ 2 NICs and IP Forwarding) as a router.

Conditions:

Subnet A - 192.168.0.0 /24, Subnet B - 10.0.0.0 /8
NIC 1 - 192.168.0.1 /24 DG:192.168.0.254, NIC 2 - 10.0.0.1/8 DG:
IP forwaring Enabled.
168.0.254 is router (Internet) IP.
Subnet B PC's DG is 10.0.0.1 (the IP of PC router NIC 2)

I can ping the the router PC from each subnet. I CANNOT get Internet connection on subnet B.

Anything that I have missed? or any suggestions for me?

Thanks a lot.
Cato

A: Bill Brant jumps right in and offers the following (Sounds like an MCP test question):

Your Windows NT router doesn't work properly because the default route of subnet A is to the Internet, not to the Windows NT router. You need to add a static route to the external router (the one with IP of 192.168.0.254) to route traffic for 10.0.0.0 through the Windows NT router.

route add 10.0.0.0 mask 255.0.0.0 192.168.0.1

Then the external router will have a route to 10.0.0.0 to forward traffic from the Internet and will bounce packets for 10.0.0.0 which reach it by the default route from machines in subnet A.

SQL Server: OLAP Cubes

Q: I have an OLAP cube and the source SQL Server database on the same server. I am going to move the source SQL Server database to another server. The OLAP database will remain on the original server.

Is there a way to move the source database and change the data source for the cube (or cube partition) or will I have to recreate the cube from scratch in order to use a new data source?

Thanks.
Alex Tait

A: And here is IT Pro George Spofford's succinct reply:

Just edit the database's data source to point to the SQL Server's new machine. If you're using OLE DB for SQL Server as the data source, just change the machine name. If you're using ODBC, in the ODBC administrator, change the server that the DSN points to.

Straight and right to the point. Thanks, George!

Windows 2000: Restricting Concurrent Logons

Q: Can we restrict a user to be logged into a Windows 2000 server with only 1 concurrent connection. Example TSMITH is logged into the domain. TSMITH goes to another workstation and wants to login again. How do we restrict that function and only allow 1 concurrent login per user id. We want to do this without having the login take place from a specific workstation or having to edit the remote workstations registry etc. The solution, if any, needs to take place on the server only.

Thanks, Ken

A: Hey Ken,

Cconnect.exe does this. You can obtain this utility from the Windows 2000 Resource Kit. This is explained in Knowledge Base article #237282: "Limiting a User's Concurrent Connections in Windows 2000 and Windows NT 4.0".

Moving Up from Windows NT 4.0 to Windows 2000 and RAS

Q: Hello,

Just switched the server from Windows NT 4.0 (SBS 4.5) to a Windows 2000 server. No problems dialing in and connecting to the Windows NT box.

Windows 2000 is up and running. Local PC's connect via LAN with no problem. But my remote user cannot connect thru dial-in. Dial-in client is running Windows 98. Modem is an ISDN modem by ADTRAN. Same modem is on Windows 2000. I have the user defined and they have dial in authority. RAS is set up and the modem is assigned to RAS. Also the RAS rules are set to allow dial in.

When the client dials in, the Windows 2000 modem answers, RAS shows the connection is active for just a moment and then it goes inactive. On the client side this happens during "verifying user name and password". Then the connection fails.

How do I fix this?

Thanks,
Francis

A: Have you changed to Native Mode? Active Directory Domains and Trusts and check your domain type. Only when network is pure Windows 2000 is when you migrate over from mixed mode.

Good Luck,
Jason

And here's a good source of info for migrating from Windows NT 4.0 to Windows 2000 and Active Directory: Domain Migration Cookbook.

A cookbook typically is a collection of recipes, or instructions, that explain how to do something and what you need to do it. This "cookbook" is a set of "recipes" for migration success. It is designed to help you migrate from Windows NT 4.0 to Windows®2000 Active Directory. It will help you understand the main domain migration concepts and guide you through the main planning tasks