I have a machine that was a domain controller and everything else, includin an IIS site. I built new 2 new domain controllers and transferred the FSMO roles and waited a day and then demoted the original domain controller. Now the IIS site says :
HTTP Error 401.2 – Unauthorized
You are not authorized to view this page due to invalid authentication headers.
I have a call in with the web app vendor, but maybe someone can guess what I need to fix now. I haven't looked at IIS since this was installed and am pretty lost.
I thought about restoring the machine from a backup, but I think that would be an Active Directory disaster, right?
The server is Windows 2008 (not R2). The new DCs are 2008 R2
Best Answer
A guess...
Domain controllers have no local users and groups - they're all held in Active Directory.
When you installed IIS on the DC, it would have created an IUSR account for anonymous access to the sites. This would have been stored in AD and likely was deleted when you demoted it.
Now that the DC has been demoted, the IUSR account is no longer valid. You'll need to re-create the anonymous internet user account. It might actually be easier to back the sites up and remove/reinstall IIS.
Edit: You may need to enable Anonymous Authentication on the new 2008 DCs in the IIS features.