IIS reports 401.3 error for static files, but appears to have correct ACL

I am working on a website running Sitecore 6.3.1 on a Windows Server 2008 R2 instance.

Everything was working beautifully until I copied some static files (CSS, JS, images) from a ZIP archive provided by one of our frontend developers into C:\Inetpub\wwwroot\(website name)\Website\static.

Now, any time I try to access any of those static files (e.g., http://localhost/static/css/main.css), I get a 401.3 error (according to C:\inetpub\logs\LogFiles\W3SVC2\u_ex110216.log).

The Sitecore application itself is working just fine, and the static files were perfectly accessible until I replaced them with the updated files.

According to every resource I could find on the subject, a 401.3 error indicates that the ACL for the requested resource is not permitting access to the IIS user account.

  • I looked at the ACL for a file that is currently working (e.g., C:\Inetpub\wwwroot\(website name)\Website\default.css), and it appears to be identical to that of the static files that are inaccessible.

  • I checked the application pool settings for the Sitecore site, and the anonymous user is “IUSR”. Following the instructions in this thread, I gave the IUSR account read and execute permissions for the C:\Inetpub\wwwroot\(website name)\Website\static directory and recursively applied it to all subfolders and files in that directory. No dice.

  • Based on the suggestions offered in this thread, I tried removing the static directory entirely and recreating it and its subdirectories by hand so that they inherit permissions from the parent Website directory. However, the problem persisted.

What else can I try to resolve these 401.3 errors?

Related:

SSH configuration, publickeys, Permission denied (publickey,password). error

My task: login from Mac OS Snow Leopard client to Ubuntu 10.10 server without password.

Commands:

client$ mkdir ~/.ssh
client$ chmod 700 ~/.ssh 
client$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa 
Enter passphrase (empty for no passphrase): [empty]
client$ chmod go-w ~/ 
client$ chmod 700 ~/.ssh 
client$ chmod go-rwx ~/.ssh/* 
client$ scp ~/.ssh/id_rsa.pub lorddaedra@server.domain.ltd:~ 
server$ mkdir ~/.ssh 
server$ chmod 700 ~/.ssh 
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys 
server$ chmod 600 ~/.ssh/authorized_keys 
server$ rm ~/id_rsa.pub 
client$ ssh -o PreferredAuthentications=publickey server.domain.ltd 

and…

Permission denied (publickey,password).

Debug output(with -v):

XX-XX-XXX-XXX:~ lorddaedra$ ssh -o PreferredAuthentications=publickey server.domain.ltd -v
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to server.domain.ltd [XXX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /Users/lorddaedra/.ssh/identity type -1
debug1: identity file /Users/lorddaedra/.ssh/id_rsa type 1
debug1: identity file /Users/lorddaedra/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server.domain.ltd' is known and matches the RSA host key.
debug1: Found key in /Users/lorddaedra/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/lorddaedra/.ssh/identity
debug1: Offering public key: /Users/lorddaedra/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/lorddaedra/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,password).

So my question is where is my error and how to fix it? Thank you!

P.S.

server$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
UseDNS no
AllowUsers lorddaedra

P.P.S.

server$ cat /var/log/auth.log

Feb  3 19:15:38 electra sudo: lorddaedra : TTY=pts/0 ; PWD=/home/lorddaedra ; USER=root ; COMMAND=/bin/cat /var/log/auth.log
Feb  3 19:16:01 electra CRON[19081]: pam_unix(cron:session): session opened for user lorddaedra by (uid=0)
Feb  3 19:16:01 electra CRON[19080]: pam_unix(cron:session): session opened for user lorddaedra by (uid=0)
Feb  3 19:16:02 electra CRON[19080]: pam_unix(cron:session): session closed for user lorddaedra
Feb  3 19:16:02 electra sshd[19088]: Authentication refused: bad ownership or modes for directory /home/lorddaedra
Feb  3 19:16:02 electra sshd[19088]: Authentication refused: bad ownership or modes for directory /home/lorddaedra
Feb  3 19:16:06 electra CRON[19081]: pam_unix(cron:session): session closed for user lorddaedra
Feb  3 19:16:07 electra sudo: lorddaedra : TTY=pts/0 ; PWD=/home/lorddaedra ; USER=root ; COMMAND=/bin/cat /var/log/auth.log


client$ ls -al /Users/lorddaedra/.ssh
total 40
drwx------    6 lorddaedra  staff   204  3 фев 01:54 .
drwxr-xr-x+ 183 lorddaedra  staff  6222 31 янв 11:37 ..
-rw-------@   1 lorddaedra  staff  6148 21 ноя  2008 .DS_Store
-rw-------    1 lorddaedra  staff  1675  3 фев 01:53 id_rsa
-rw-------    1 lorddaedra  staff   427  3 фев 01:53 id_rsa.pub
-rw-r--r--    1 lorddaedra  staff   414  3 фев 01:54 known_hosts


server$ ls -al /home/lorddaedra/.ssh
итого 12
drwx------  2 lorddaedra lorddaedra 4096 2011-02-03 01:55 .
drwxrwxr-x 13 lorddaedra lorddaedra 4096 2011-02-03 01:55 ..
-rw-------  1 lorddaedra lorddaedra  427 2011-02-03 01:55 authorized_keys

Related:

Mcafee Auto-update from UNC path problem

I have a network with 50 computers with no internet access. So instead of updating in each of them using dat file individually I tried to create a shared folder in server, and created a UNC in site repository. I downloaded the file DAT Package For Use with Mcafee AutoUpdate Architect & ePO 3.0 from http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx.
When I try to update it is giving an error Error occurred while downloading file SiteStat.xml. So how fix it?

Related:

JNDI Datasource Problem on Tomcat 6, Hibernate

I am using Tomcat 6 as application server, Struts-Hibernate and MyEclipse 6.0.

My application uses JDBC driver but I should modify it to use JNDI Datasource. I followed steps as described in tomcat 6.0 howto tutorial.

I defined my resource in tomcat>conf:

    <Resource name="jdbc/ats" global="jdbc/ats" auth="Container"
          type="javax.sql.DataSource" driverClassName="oracle.jdbc.OracleDriver"
          url="jdbc:oracle:thin:@//localhost:1521/MISDEV"
          username="TEST" password="TEST" maxActive="20" maxIdle="10"
          maxWait="-1" validationQuery="SELECT 1 from dual" 
  removeAbandoned="true" 
          removeAbandonedTimeout="30" 
  logAbandoned="false"/>

I gave reference in my application web.xml:

 <resource-ref>
   <description>Oracle Datasource example</description>
   <res-ref-name>jdbc/ats</res-ref-name>
   <res-type>javax.sql.DataSource</res-type>
   <res-auth>Container</res-auth>
 </resource-ref>

And I defined datasource-dialect in my hibernate-cfg.xml

 <property name="connection.datasource">java:comp/env/jdbc/ats</property>
 <property name="dialect">org.hibernate.dialect.Oracle9Dialect</property>

But when I create hibernate session, it can not open the connection:

09:18:11,322 ERROR JDBCExceptionReporter:72 – Connections could not be acquired from the underlying database!
org.hibernate.exception.GenericJDBCException: Cannot open connection

I also tried to set the properties at runtime:

        Configuration configuration = new Configuration();        
    configuration.setProperty("hibernate.dialect", "org.hibernate.dialect.Oracle9Dialect");        
    //configuration.setProperty("hibernate.connection.datasource",  "java:comp/env/jdbc/ats");
    configuration.setProperty("hibernate.current_session_context_class", "thread");    
    configuration.setProperty("hibernate.connection.provider_class", "org.hibernate.connection.C3P0ConnectionProvider");
    configuration.setProperty("hibernate.show_sql", "true");         


    sessionFactory = configuration.configure().buildSessionFactory();

It does not open connection again.

But, when I use JDBC driver it works:

Configuration configuration = new Configuration();        
    configuration.setProperty("hibernate.dialect", "org.hibernate.dialect.Oracle9Dialect");        
    //configuration.setProperty("hibernate.connection.datasource",  "java:comp/env/jdbc/ats");
    configuration.setProperty("hibernate.connection.url", "jdbc:oracle:thin:@//localhost:1521/MISDEV");        
    configuration.setProperty("hibernate.connection.username", "test");        
    configuration.setProperty("hibernate.connection.password", "test");        
    configuration.setProperty("hibernate.connection.driver_class", "oracle.jdbc.OracleDriver");        
    configuration.setProperty("hibernate.transaction.factory_class", "org.hibernate.transaction.JDBCTransactionFactory");        
    configuration.setProperty("hibernate.current_session_context_class", "thread");    
    configuration.setProperty("hibernate.connection.provider_class", "org.hibernate.connection.C3P0ConnectionProvider");    
    configuration.setProperty("hibernate.show_sql", "true");         


    sessionFactory = configuration.configure().buildSessionFactory(); 

I have been searching for 3 days and no success. What may be de problem?

Related:

Deleted items on Deleted Items folder are not shown

When I run this cmdlet, I get the following result:

Get-MailboxFolderStatistics user | ft FolderPath, FolderSize -autosize

FolderPath                    FolderSize
----------                    ----------
/Top of Information Store     156 B (156 bytes)  
/Calendar                     244.2 KB (250,025 bytes)  
/Contacts                     1.223 MB (1,282,252 bytes)  
/Contacts/SenderPhotoContacts 30.41 KB (31,139 bytes)  
/Conversation Action Settings 0 B (0 bytes)  
/Conversation History         206.2 KB (211,147 bytes)  
/Deleted Items                1.449 MB (1,519,602 bytes)  
/Drafts                       472 B (472 bytes)  
/Inbox                        618 MB (648,025,798 bytes)  
/Journal                      144 B (144 bytes)  
/Junk E-Mail                  131.9 KB (135,089 bytes)  
/News Feed                    0 B (0 bytes)  
/Notes                        1.847 KB (1,891 bytes)  
/Outbox                       0 B (0 bytes)  
/Quick Step Settings          0 B (0 bytes)  
/RSS Feeds                    0 B (0 bytes)  
/Sent Items                   6.754 KB (6,916 bytes)  
/Suggested Contacts           9.316 KB (9,540 bytes)  
/Sync Issues                  0 B (0 bytes)  
/Sync Issues/Conflicts        0 B (0 bytes)  
/Sync Issues/Local Failures   0 B (0 bytes)  
/Sync Issues/Server Failures  0 B (0 bytes)  
/Tasks                        7.994 KB (8,186 bytes)  
/Recoverable Items            12.16 MB (12,748,519 bytes)  
/Deletions                    0 B (0 bytes)  
/Purges                       0 B (0 bytes)  
/Versions                     0 B (0 bytes)  

But when I open the mailbox using both Outlook and OWA, the deleted items folder is empty.
I’m guessing it’s corrupted or something like that. Is it possible to recover it somehow?

Thanks.

Related:

Java web services: The state of web service security

WS-Security and related standards provide a wide range of options for web service security. Of this wide range, web services stacks test only a limited number of security configurations, and even fewer configurations for interoperability, on their own. Find out what the industry has done to promote interoperability among web services stacks, and read a summary comparison of how the three main open source Java stacks handle security.

Related:

Configure single sign-on between Tivoli Access Manager v6.1/WebSEAL and Tivoli Integrated Portal v1.1.x

This article provides detailed instructions for integrating Tivoli Access Manager
version 6.1 and Tivoli Integrated Portal version 1.1.x. Explore how to
configure single sign-on between Tivoli Access Manager/WebSEAL and Tivoli Integrated Portal using Tivoli Access Manager Extended Trust Association Interceptor (ETai). Step-by-step instructions and plenty of code
examples walk you through the tasks.

Related:

  • No Related Posts