Re: security error in IIS logs (401.2 error)

"Alexander Ferrugia" <AlexanderFerrugia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:98A1BB53-1656-4F46-9DE4-89472DEE7906@xxxxxxxxxxxxxxxx
Thanks for the response, Ken:

No, I do not get a 200 OK later in the log (posted in my original
message).
The first line that you see in the log is repeated over and over with the
same error each time anyone attempts to access a page in my ASP.NET
application. The only way I can get a 200 OK is if I manually enter in my
username/password. It will keep prompting you over and over as you travel
to
new pages.

So you do get a 200 OK if you type in your username/password? But when you
attempt to load the next page, you get another 401, then you need to enter
your username/password again and then you get a 200? Something like:

401 page1.aspx
200 page1.aspx
401 page2.aspx
200 page2.aspx

Do you have HTTP keep-alives enabled for this web site/web application?


I initially thought it was being blocked by a proxy on our network.

If there was an intervening proxy, you probably wouldn't be able to load the
pages at all. You'd just get 401s all the time.

Cheers
Ken


The
network guys don't think I should be going through the proxy. I read the
following today (see URL) and don't know if it could be describing the
culprit.... "Integrated Windows authentication is disabled by default if
you
install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream
installation of a Windows Server 2003 operating system". I did find out
that
our build was a "slipstreamed" version of Win2K3 with SP-1, but I don't
want
to wipe the install, reinstall Win2K3, then install SP-1 over it, only to
find out that this isn't going to fix the problem.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

Cheers,

Alexander


"Ken Schaefer" wrote:

After this request, do you see a succesful 200 OK request being logged?
The
request line below looks like part of a NTLM authentication handshake.

Cheers
Ken

"Alexander Ferrugia" <Alexander Ferrugia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:9B020444-0083-4729-8FD0-EC88C6E53D45@xxxxxxxxxxxxxxxx
Hi:

I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows
Server 2003 w/ SP-1. When I navigate to my site (locally or from
another
network computer) in Internet Explorer I'm being prompting for a
network
username/password. I believe have configured the server properly in
ISS,
have the correct NTFS file permissions, etc.

I would really like to know what sc-win32-status 2148074254 refers to
(see
my IIS log below). Anyone have any ideas? I know that the 401.2 error
means
"denied by server configuration" and often means a protocol issue
between
the
browser and IIS. I'm not trying to do anything special here, just want
to
use plain vanilla Windows Authentication. I have anonymous access
turned
off
for my site in IIS (my application requires this) but when I allow
anonymous
access the error goes away.

I have attached my [truncated] IIS log below. Please let me know if
you
require any additional details about my environment. Any help that
anyone
can offer would be greatly apprecaited. I'm running out of ideas.

Thanks in advance,

Alexander

---SOF---

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-23 17:04:28
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET
/eProfitStartup.aspx -
80
- 10.34.43.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254

---EOF---






.

Relevant Pages

  • Re: SBS2003 SP2 wizards not working
    ... Best practices and known issues when you install Windows Server 2003 Service ... This is a 'critical' class update targeted at all SBS ...
    (microsoft.public.windows.server.sbs)
  • RE: Provide feedback to DC promotion/replacement
    ... Also, since I am installing the new DC, I wouldn't install anything ... domain controllers in the domain must be Windows Server 2003. ... Can you elaborate what the functinal level must be set to Windows Server ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows Server 2003 Service Pack 1 will not install
    ... The hard disk space requirements for Windows Server 2003 Service Pack 1 ... The install program for Windows 2003 SP1, extracts to an temp i386 folder ...
    (microsoft.public.windows.server.sbs)
  • RE: Provide feedback to DC promotion/replacement
    ... Go to Add/remove Windows components and see if you have Certificate services ... Also, since I am installing the new DC, I wouldn't install anything ... Can you elaborate what the functinal level must be set to Windows Server ...
    (microsoft.public.windows.server.active_directory)
  • Re: P4C800-DELUXE XP Install Problems --- Hanging
    ... Windows Install Guide by Mr Steveo from ABX Zone Website. ... Additionally, if you have a Springdale or Canterwood chipset motherboard, ... Install chipset INFs before any video or sound drivers. ...
    (alt.comp.periphs.mainboard.asus)