500 server error on after turning anon auth off and NTLM on

Question

I'm pretty sure this is a permissions issue but can't seem to track down where at. We have a local intranet site that is running on IIS 6.1 and running PHP. We turned on NTLM on so we can pull user-info, for this to work fully we turned off anonymous authentication, as soon as we did that we noticed that we get 500 server error's whenever there is an error within the PHP code.

There is no sub status code for the 500 server error, the only thing I've been able to pull from diagnostics is that there is access denied within fastcgi (error code 5). I've also noticed on the diagnostic logs page that Authentication is set to NOT_AVAILABLE, but i'm unsure if that is normal since we don't get these issues once anon auth is on.

If we turn anon auth back on, 500 error pages disappear and we can see our PHP error read-outs on the page fine.

Anyone have some suggestions on what permissions and where we might need to enable here?

Answer 1

PHP by default “impersonates” the user who is loading the browser. When Windows Auth was off it likely ran as a system user.

So I increased user’s permissions on the machine since it seems to be executing as user context now that we have Windows Auth on. It won’t show you the error details unless it trusts you, I guess. Annoying to find, but it sort-of makes sense.