Re: Windows 2003 Server and IIS 6.0: Domain users can't access my web site :(

From: Bernard Cheah [MVP] (qbernard_at_hotmail.com.discuss)
Date: 05/31/05


Date: Tue, 31 May 2005 11:44:10 +0800

Where the rest of the log file ? this is normal behavior as IE is connecting
as anonymous user first then act upon the auth header replied by IIS. 401.2
and 401.1 is just part of th process.

Though 500 error is something that not normal.

-- 
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"Mark Smith" <news_read@mail.bg> wrote in message 
news:ud8VDD2YFHA.1092@tk2msftngp13.phx.gbl...
> Sorry for a late....
>
> this is log ex050528.log file:
>
> #Software: Microsoft Internet Information Services 6.0
> #Version: 1.0
> #Date: 2005-05-28 08:15:50
> #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
> cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
> 2005-05-28 08:36:24 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 500 
> 0
> 2147746304
> 2005-05-28 08:36:45 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 
> 2
> 2148074254
> 2005-05-28 08:36:45 192.168.1.13 GET /Clients/ - 80 - 192.168.1.14
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 
> 1
> 0
>
> In this moment I connect unsuccessful to IIS-WWW like a Domain User.
>
> p.s. If I find any decision, I will public it in this topic.
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:OrfKjjmYFHA.612@TK2MSFTNGP12.phx.gbl...
>> Mm.. post the log entries of those login requests. also you can try
> authdiag
>> (microsoft.com) to troubleshoot.
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.microsoft.com/iis/
>> http://www.iiswebcastseries.com/
>> http://www.msmvps.com/bernard/
>>
>>
>> "Mark Smith" <news_read@mail.bg> wrote in message
>> news:eGyOlbeYFHA.3132@TK2MSFTNGP09.phx.gbl...
>> > "Mark Smith" <news_read@mail.bg> wrote in message
>> > news:OmAyiUeYFHA.2796@TK2MSFTNGP09.phx.gbl...
>> >> Hello all.
>> >> I have Windows 2003 Server who work like Domain Controler.
>> >> On a DC I use IIS 6.0 because I have internel web site. This Web
>> >> site must access from domain users via internal network and therefore
>> >> I set on IIS option "Integrated Windows authentication" for better
>> > Security.
>> >> Actually problem is that when on Workstations is Logon like a
>> >> Domain User, IIS Return error: HTTP Error 401.1 - Unauthorized.
>> >> If I Logon like a Domain Admin I have permission and web site work
>> >> perfect.
>> >> Thanks for help in advance.
>> >>
>> >>
>> >
>> > NTFS permissions for Domain Users is:
>> >
>> > Read & Execute,
>> > List Folders Contents,
>> > Read
>> >
>> > But I give Full Permissions of Domain users on NTFS and then Web site
>> > again is not permited for domain users.
>> >
>> >
>
> 


Relevant Pages

  • Re: Integrated Windows Authentication not working
    ... I only have specific local users on the ACL ... It reports Internet ... >> only web site and no one is behind a proxy server. ... > groups or local groups that contain domain users or groups on the access ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows 2003 Server and IIS 6.0: Domain users cant access my web site :(
    ... > On a DC I use IIS 6.0 because I have internel web site. ... NTFS permissions for Domain Users is: ... But I give Full Permissions of Domain users on NTFS and then Web site ...
    (microsoft.public.inetserver.iis.security)
  • Re: Windows 2003 Server and IIS 6.0: Domain users cant access my web site :(
    ... >> On a DC I use IIS 6.0 because I have internel web site. ... >> site must access from domain users via internal network and therefore ... > But I give Full Permissions of Domain users on NTFS and then Web site ...
    (microsoft.public.inetserver.iis.security)
  • Re: Integrated Windows Authentication not working
    ... > only web site and no one is behind a proxy server. ... > log in, the cert comes up, click on yes, and then it goes straight to the ... groups or local groups that contain domain users or groups on the access ... Authentication " security option on the "Advanced" tab ...
    (microsoft.public.inetserver.iis.security)
  • RE: Restricting snap-ins
    ... Because the group policy filter in security is ... you can move these computer account into one OU and deploy the GPO to this ... But I would like this setting to only apply to Domain Users and not ... Is this normal behavior or should the deny work for Computer ...
    (microsoft.public.win2000.group_policy)