RE: security error in IIS logs (401.2 error)

Found the solution to my problem and thought I would share:

Short story: Had to make a DNS entry for the IP address of the site name
that I was using to host my ASP.NET application.

More detailed story: I noticed that everything worked when I added the IP
address as a "trusted site" in Internet Explorer. Without having this
address added as a trusted server it would prompt me. I noticed that when I
pinged a computer name in a command window, it would show up as the fully
qualified name (sitename.domain). Therefore IE or TCPIP is getting
information back from the DNS lookup in some fashion and it knows that this
site is a "trusted site" -- although IE or TCP does not know this information
if I try to use the actual IP address (instead of the name).

This may just have something to do with our network settings. It is
interesting though because we have a large global network largely managed by
Microsoft (from the software side), so I imagine other people have or will
run into this problem in the future. For those people, I hope reading this
post helps.

Cheers,

Alexander


"Alexander Ferrugia" wrote:

Hi:

I'm trying to deploy my VisualStudio2003 ASP.NET application on Windows
Server 2003 w/ SP-1. When I navigate to my site (locally or from another
network computer) in Internet Explorer I'm being prompting for a network
username/password. I believe have configured the server properly in ISS,
have the correct NTFS file permissions, etc.

I would really like to know what sc-win32-status 2148074254 refers to (see
my IIS log below). Anyone have any ideas? I know that the 401.2 error means
"denied by server configuration" and often means a protocol issue between the
browser and IIS. I'm not trying to do anything special here, just want to
use plain vanilla Windows Authentication. I have anonymous access turned off
for my site in IIS (my application requires this) but when I allow anonymous
access the error goes away.

I have attached my [truncated] IIS log below. Please let me know if you
require any additional details about my environment. Any help that anyone
can offer would be greatly apprecaited. I'm running out of ideas.

Thanks in advance,

Alexander

---SOF---

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-23 17:04:28
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-23 17:04:28 W3SVC331956636 10.34.43.11 GET /eProfitStartup.aspx - 80
- 10.34.43.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254

---EOF---

.

Relevant Pages

  • Re: security error in IIS logs (401.2 error)
    ... I initially thought it was being blocked by a proxy on our network. ... "Integrated Windows authentication is disabled by default if you ... Server 2003 w/ SP-1. ... I have attached my IIS log below. ...
    (microsoft.public.inetserver.iis.security)
  • netwok problem
    ... Need help with Samba and DOS client ... Question about network setup ... RE: dns entry ...
    (RedHat)
  • Re: Watch Guard Firebox 1000 and VPN
    ... >> Router but not any of the computers on the network. ... One more thing - if you didn't assign a DNS entry of an internal DNS ... PPTP connection, then you can only ping by IP, not by name. ...
    (comp.security.firewalls)
  • Re: Intermittent http-400 Errors
    ... I had passed this information along to our network staff and web host. ... amount of 400 'Bad Request' errors. ... issue mostly from looking at LiveStats and the IIS log: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: OWA "session has timed out" - Exchange 2007
    ... outside network? ... understand in the IIS log I searched and it has "401 2 2148074254" error. ... credentials. ... MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm ...
    (microsoft.public.exchange.admin)
Loading