IIS 10.0 anonymous authentication produces 401.3

Question

I am hosting a site on IIS 10.0 on my local network with anonymous authentication as the only enabled option. Previously, only the computer hosting the site could login and every other computer on the network was blocked entirely.

Then, I disabled the firewall on the necessary port, but that lead to other devices on the network being prompted for credentials.

Then, I went to inetpub\wwwroot and it wasn't shared, so I shared read permissions with IIS_IUSRS and under the security tab it now has "read & execute," "List folder contents," and "read" checked.

Now other devices are still prompted for credentials AND the very computer that hosts it is denied access. Not even prompted for credentials, just given the IIS error page for 401.3.

Every resource I've found says the security tab is all I need. What am I missing? I can't just continue developing without this, as I'm developing with PHP and so I need an actual server running this.

Answer 1

Anonymous Auth works on IIS is by assigning a user to the incoming request. This is configured under the authentications options. If you check the applicationHost.config, you would see something like this:

<authentication>
    <anonymousAuthentication enabled="true" userName="IUSR" />
</authentication>

This is the UI.

There is another factor that comes into play, which is the Application Pool Identity. To check whether this is a permissions issue. Change the application Pool identity to Local System.

If the above works, then it is definitely a permissions issue.

To investigate this you can run procmon.exe. Add a filter on RESULT for ACCESS DENIED and then proceed further.

There is a blogpost which talks about troubleshooting 401.3 errors using Procmon. Here is the link: https://blogs.msdn.microsoft.com/webtopics/2009/06/25/troubleshooting-http-401-3-errors-with-process-monitor/