Re: security error in IIS logs (401.2 error)

Let me explain what I think is misunderstood from the URL. It is indicating
that we made anonymous-only websites the default... and NOT that Integrated
Authentication is "broken" by default such that you have to do anything
other than tick the check box to enable/use it. All we did was change the
default of the checkbox from on to off, and you can tick it back on just as
easily.

Is KeepAlives allowed on your server.
What are the Application Pool settings configured for that URL.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Alexander Ferrugia" <AlexanderFerrugia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:98A1BB53-1656-4F46-9DE4-89472DEE7906@xxxxxxxxxxxxxxxx
Thanks for the response, Ken:

No, I do not get a 200 OK later in the log (posted in my original
message).
The first line that you see in the log is repeated over and over with the
same error each time anyone attempts to access a page in my ASP.NET
application. The only way I can get a 200 OK is if I manually enter in my
username/password. It will keep prompting you over and over as you travel
to
new pages.

I initially thought it was being blocked by a proxy on our network. The
network guys don't think I should be going through the proxy. I read the
following today (see URL) and don't know if it could be describing the
culprit.... "Integrated Windows authentication is disabled by default if
you
install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream
installation of a Windows Server 2003 operating system". I did find out
that
our build was a "slipstreamed" version of Win2K3 with SP-1, but I don't
want
to wipe the install, reinstall Win2K3, then install SP-1 over it, only to
find out that this isn't going to fix the problem.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

Cheers,

Alexander


"Ken Schaefer" wrote:

After this request, do you see a succesful 200 OK request being logged?
The
request line below looks like part of a NTLM authentication handshake.

Cheers
Ken

"Alexander Ferrugia" <Alexander Ferrugia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:9B020444-0083-4729-8FD0-EC88C6E53D45@xxxxxxxxxxxxxxxx
Hi:

I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows
Server 2003 w/ SP-1. When I navigate to my site (locally or from
another
network computer) in Internet Explorer I'm being prompting for a
network
username/password. I believe have configured the server properly in
ISS,
have the correct NTFS file permissions, etc.

I would really like to know what sc-win32-status 2148074254 refers to
(see
my IIS log below). Anyone have any ideas? I know that the 401.2 error
means
"denied by server configuration" and often means a protocol issue
between
the
browser and IIS. I'm not trying to do anything special here, just want
to
use plain vanilla Windows Authentication. I have anonymous access
turned
off
for my site in IIS (my application requires this) but when I allow
anonymous
access the error goes away.

I have attached my [truncated] IIS log below. Please let me know if
you
require any additional details about my environment. Any help that
anyone
can offer would be greatly apprecaited. I'm running out of ideas.

Thanks in advance,

Alexander

---SOF---

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-23 17:04:28
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET
/eProfitStartup.aspx -
80
- 10.34.43.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254

---EOF---






.

Relevant Pages

  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... The AP was sending out an Identity Request every second, ... request to the identification server. ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: server authentication & ASP authentication
    ... on to the client workstation with an authorized Windows account. ... SQL Server with Windows authentication. ...
    (microsoft.public.sqlserver.security)
  • Re: ADFS Development Issues
    ... site to be automatically authenticated by our windows application so ... based on redirects and possibly uses forms-based authentication to collect ... web service proxies don't handle this type of thing ... the server based on how it needs to work. ...
    (microsoft.public.windows.server.active_directory)