Re: Integrated Windows Authentication not working

From: Hughes (
Date: 05/18/02

From: "Hughes" <>
Date: Fri, 17 May 2002 19:18:53 -0700

It works!
It appears that it was the certificate.
Once I realized the site worked the way it was suppose to without the cert
then of course I started concentrating on the cert process I was using.
After a couple modifications I got it up and running.
Thanks a lot for hanging in there with me Stephen.


"MHughes" <> wrote in message
> >So, you are saying that your web server is directly on the Internet with
> >NO proxy in front of it and you are absolutely sure that there is no
> >proxy server between the various user's ISPs and your web server? How
> >do you know that?
> >
> >If you web server is directly on the Internet, can you post the URL so
> >that we can try to access it to see if we get prompted?
> My web server is behind a firewall with and we are using NAT. I have ports
> 80 and 443 open.
> While ISP's like ATT and Qwest could have a proxy somewhere on there
> connection, I assume they do not. None-the-less, I have also tried it from
> our IDC and I know there is no proxy there since I installed it.
> If I gave you the site you could only get as far as seeing the cert pop up
> since you don't have an account. I wouldn't feel comfortable giving it out
> to the newsgroup, but may send it to you directly.
> >Just to be clear, you are talking about the NTFS permissions on all of
> >your .asp files, right, including all directories?
> The actual NTFS permission on the dirs and files is everyone. The asp page
> won't generate though with out a valid user account. The page checks the
> logged in user and matches it against a DB. If there's no match then it
> generates an error.
> >Is the local IUSR_hostname, guest or everyone account one of those
> >accounts?
> No, I've set it up so the only people that can get to this page are users
> who have logged into the local domain of the web server with an active
> account.
> >If you put a plain html or text file in the same directory as your .asp
> >files and ensure that it has the same permissions and if try to access
> >that file what happens?
> I put a plain html file on the site and turned off the SSL. The site now
> works, just on port 80 vs 443. Does this mean there is something wrong
> the certificate setup? Why would it prompt me when I have no certificate
> not prompt me when I do have a cert?
> >And you're sure that the authentication settings for the virtual
> >directory that maps to the physical directory where the .asp files are
> >does not have anonymous enables, but does have Basic Authentication and
> >Integrated Windows Authentication enabled?
> Positive. As I mentioned above, with server certs off, the site works
> >In IE follow this route Tools > Internet Options > Security > Internet >
> >Custom Level > Settings: > User Authentication > Logon".
> Auto login only Intranet.
> >Just to be clear I meant disabling of IWA on the web server. I didn't
> >mean disabling of IWA in IE.
> Right, this has always been off.
> >Is it possible that you logged in to some other part of the website
> >before going to your .asp files?
> Nope.
> I'm starting to guess now that there is something wrong with my
> of the certificate services on this box vs the web site since it works
> without the cert. I've uninstalled cert services and then reinstalled them
> and rebooted the computer. Now when I try to go to //servername/certsrv
> page doesn't come up. Ack, it's one thing after the other, but perhaps
> narrows it down.
> --
> Reply to the newsgroup..