Re: Secured page (Challenge/Response) not accessible by some

From: Thomas Deml [MS] (thomad@online.microsoft.com)
Date: 10/19/02

• Next message: Thomas Deml [MS]: "Re: Configuring IIS to use IP then Authentication for access"
• Previous message: Paul Brinkley-Rogers: "Re: Integrated or Digest Windows Authentication through form"
• In reply to: Brian Haddock: "Secured page (Challenge/Response) not accessible by some"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Thomas Deml [MS]" <thomad@online.microsoft.com>
Date: Fri, 18 Oct 2002 23:46:34 -0700

Brian,

Windows authentication doesn't work over proxies. Windows auth needs and end
to end connection. As soon as there is a proxy involved it breaks.

Can you have a look at the following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264921

Hope this helps,

--
Thomas Deml
Lead Program Manager
Internet Information Services
Microsoft Corp.
"Brian Haddock" <bhaddock@tnpe.com> wrote in message
news:9e3dcc26.0210171244.9154aaa@posting.google.com...
> We have a secured page on our external web server (IIS 5) that is
> accessible by most of our employees (IE 6) but some are repeatedly
> prompted for the username/password and are unable to access it.  The
> persons that are having problems are not behind a proxy and are in
> fact, at the same location (same network) as other employees that
> experience no problems at all.  I see nothing in the security event
> log for the persons trying to login that would indicate they are
> missing their password.  All persons are members of the same security
> group (that is allowed access to this section of the site).
>
> The IIS log shows the following:
>
> 01:32:40 192.168.99.99  () W3SVC3 WEB-SERV 192.168.89.89 80 GET
> /securepage - 401 5 4843 862 0
>
> Note the empty parenthesis () where the username would be.  The 401
> return code looks right the *first time* they hit it but these people
> receive the 401 over and over again.  Typically we see the 401
> followed by a 302 (temporary redirect) and then the 200 (OK).
>
> Challenge/Response is the only authentication method allowed -
> anonymous and Basic are turned off.
>
> Any ideas?  Anything they could be setting on the client side that
> would cause this?

---

• Next message: Thomas Deml [MS]: "Re: Configuring IIS to use IP then Authentication for access"
• Previous message: Paul Brinkley-Rogers: "Re: Integrated or Digest Windows Authentication through form"
• In reply to: Brian Haddock: "Secured page (Challenge/Response) not accessible by some"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages KB892130 and Proxy ... I am in an office situation where we are running a proxy on an old NT4 box. ... The proxy is using windows authentication, so generaly does not ask for ... People tend to scream and shout if prompted for passwords, ... and hav run proxycfg -u from the dos prompt with no effect. ... (microsoft.public.windowsupdate) Re: IE7 - Issue ... exceptions and IE7 is constantly asking me for proxy auth. ... server is squid proxy server using version 2.5.STABLE9. ... > I installed IE7, looked good until i tried to access my companies intranetes. ... > They use windows authentication to tailor the pages for the user. ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)