Manage Learn to apply best practices and optimize your operations.

How to use AuthDiag 1.0 to troubleshoot IIS problems

Learn how to use the IIS Diagnostic Toolkit's AuthDiag 1.0 utility to diagnose, check and monitor permission or security problems for Web and FTP requests.

Having issues with clients logging into your Internet Information Services (IIS) Web site? If so, don't be surprised. Authentication and authorization failures are quite common in IIS. That's why Microsoft created the AuthDiag tool to troubleshoot and determine the cause of these issues.

AuthDiag analyzes IIS metabase configuration and system-wide policies, warns users of possible points of failure, and guides them through problem resolution.

AuthDiag 1.0 also includes a monitoring tool called AuthMon that captures snapshots of problems while as they occur in real time. You can run AuthMon using the GUI interface or set it up to run silently and just write the information to a log file.

Here are a few example issues that this tool can help you correct:

  • 401.1 authentication failures

  • 401.3 failed ACL on file or directory

  • Failed authentication because of incorrect privileges in token

  • Failure to access a page based on metabase configuration

  • Kerberos failure when worker processes use custom identities

  • FTP user isolation -- file system configured incorrectly

  • Removal of system permissions for process identities causes "Access Denied" error

To use the AuthDiag utility, go to Programs -> IIS Diagnostics -> AuthDiag, select the Task you want to run and the site, and then click Start Diagnostics. You will be presented with a screen that shows you the results of the scan. Just highlight the line entry you wish to research (especially those with red X's). The program will offer you a link to Microsoft, where you can hopefully find a resolution for that particular issue.

Inside the IIS Diagnostics Toolkit

 How to install the Microsoft IIS Diagnostics Toolkit
 How to use SSL Diagnostics 1.0
 How to use Authentication and Access Control Diagnostics (AuthDiag) 1.0
 How to use Exchange Server SMTP Diagnostics 1.0
 How to use Log Parser 2.2
 How to use WFetch 1.4
 How to use Trace Diagnostics
 How to use Debug Diagnostics 1.0

About the author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment. He is also an independent consultant who specializes in the design, implementation and management of Windows networks.

Dig Deeper on Windows Server troubleshooting