Re: 401 error for user that used to logon fine

From: Mat McMahon (mat_mcmahon@hotmail.com)
Date: 10/17/02 

From: "Mat McMahon" <mat_mcmahon@hotmail.com>
Date: Thu, 17 Oct 2002 10:07:45 +0100

Thanks very much. Was over the Internet and you were right. NTLM was
failing (although it seems to work with many other machines...) so I set to
basic and SSL and now works fine.

Regards,

Mat
""Chris"" <chrisadonline@microsoft.com> wrote in message
news:zXSef6HdCHA.1640@cpmsftngxa09...
> Mat,
>
> Why are you getting prompted by NTLM? This shouldn't be occurring if you
> are working on an intranet environment. I highly recommend reviewing this
> document to clear up confusion on how IIS and IE work together to
> authenticate users --
>
> Q264921 INFO: How IIS Authenticates Browser Clients
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q264921
>
> With that said, I would have to believe the following is your setup --
>
> IIS 4 or 5
> Directory with Integrated Authentication ONLY -or- NTFS permissions
> denied to anonymous on physical folder
> IE 5.0 client
>
> With IE 5.0, we attempted in most cases to use Negotiate first, then NTLM.
> Because Negotiate is for most cases not used, then we are failing on
NTLM.
> However, here is a quick page that you can use that will tell you the
> Authentication scheme being used...
>
> Also, what Zone does IE seem to be using on this machine? If Internet,
> then that is why we are prompting and I would need to let ya know that
NTLM
> over the internet isn't supported and isn't very secure (recommend Basic
> with SSL)...
>
> Let me know ..
>
> ~Chris
> Microsoft IIS Technical Lead
>
> "Please do not send email directly to this alias. This is our online
> account name for newsgroup participation only."
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> You assume all risk for your use. © 2001 Microsoft Corporation. All rights
> reserved

Relevant Pages

  • Re: WM5 can not sync to exchange
    ... I checked all the authentication settings and they are as you requested. ... After running the internet connection wizard I had to uncheck the Require ... On the SBS 2003 Server open the Server Management console. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • Re: Authentication filter
    ... > configure IIS to take advantage of the authentication firewall? ... it seems that you need to make it impossible for internal users to see ... > server (that is opened to VPN or internet). ...
    (microsoft.public.inetserver.iis)
  • IIS (ASP) -> SQLServer Authentication Issue
    ... IIS 6 machine serving ASP pages, integrated authentication, machine ... I want the ASP pages to access the SQLServer machine using the ... When researching this issue again on the Internet I did not find many people ...
    (microsoft.public.sqlserver.security)
  • Re: Integrated Auth / Default Domain Issues
    ... The webserver presents an ordered list of authentication protocols that it supports, and the browser picks the first one in the list that it supports. ... For Kerberos to work, the browser much be able to get a Kerberos service ticket from a KDC. ... Typically a KDC is not exposed to internet clients, which is why Kerberos doesn't work. ... NTLM doesn't work through most forward proxies. ...
    (microsoft.public.inetserver.iis.security)
  • Re: setting up a webshare
    ... >>I have a folder i'd like to make available across the internet. ... >> it connects fine and displays the user authentication dialog box. ... > (A web share is really an IIS virtual directory.) ...
    (microsoft.public.inetserver.iis)