Advanced Digest Authentication Failure

From: Ralish (ralish_at_gmail.com)
Date: 10/29/05

• Next message: Roger Abell [MVP]: "Re: Authentication Problems"
• Previous message: Miha Pihler [MVP]: "Re: Problem with 2 way ssl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 29 Oct 2005 15:11:10 +1000

Hello,

An IIS 6.0 server setup on a Windows Server 2003 Domain Controller is no
longer successfully authenticating clients. The server is set to
authenticate clients using Advanced Digest Authentication, and has been
working flawlessly for the past few months. However, now whenever a client
attempts to authenticate to the web-server, they are prompted to
authenticate three times, before receiving a "You are not authorized to view
this page" message.

An inspection of the Security Event Log on the server returns the following
curious event:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 29/10/2005
Time: 3:07:11 PM
User: NT AUTHORITY\SYSTEM
Computer: <cut>
Description:
Logon Failure:
  Reason: An error occurred during logon
  User Name: <cut>
  Domain: <cut>
  Logon Type: 3
  Logon Process: WDIGEST
  Authentication Package: WDigest
  Workstation Name: -
  Status code: 0xC000006D
  Substatus code: 0xC000000D
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: -
  Transited Services: -
  Source Network Address: 192.168.0.2
  Source Port: 1940

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I am at a total loss as to what this event means, let alone how to resolve
the problem. However, this event almost certainly appears to be the culprit
of the problem. Any help in resolving this problem would be greatly
appreciated, as the IIS server is unable to authenticate clients until this
issue is resolved.

Thanks in advance,

Ralish

---

• Next message: Roger Abell [MVP]: "Re: Authentication Problems"
• Previous message: Miha Pihler [MVP]: "Re: Problem with 2 way ssl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Native Mode possible problems...help! ... their password will still be able to logon to an NT 4.0 - but using their ... Windows 2003/2000/NT ... > They NT 4.0 domain controllers will still be able to authenticate users, ... > Why not just upgrade the BDCs to Windows 2000 Server? ... (microsoft.public.windows.server.general) How to prevent user from logon? ... How do I set up a policy within Active Directory that will only authenticate ... how do I prevent a user account from having logon ... with a specialized server on our end. ... (microsoft.public.win2000.security) Re: Advanced Digest Authentication Failure ... An IIS 6.0 server setup on a Windows Server 2003 Domain Controller is no ... authenticate clients using Advanced Digest Authentication, ... : Logon Failure: ... : Caller User Name: - ... (microsoft.public.inetserver.iis.security) Re: Win2K and NT4 question ... During logon, the client ... What OS is running on these clients? ... >from the NT4 server. ... >What I would like to do is have everyone authenticate to the NT4 server ... (microsoft.public.win2000.security) Re: Cannot print from OS X 103 to windows 2003 print server ... what did you use as your SMB UNC type ... authenticate to the server to print. ... > Logon Failure: ... (microsoft.public.win2000.macintosh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2005-10