Re: iis problems with some xp clients - kerberos issue?
- From: mahalie@xxxxxxxxx
- Date: 24 Jul 2006 11:50:40 -0700
Thanks everyone for their suggestions. I'm working with my sysadmin
now to get Ethereal going and will do some investigating and report
back. I forgot to mention earlier that most everyone is using a roaming
profile, if that makes a difference.
And to answer an earlier query, yep, IE settings recognize the domains
as being in the intranet zone (it does this by default as the domains
use no dots, and include all local sites, sites that bypass proxy, all
network paths are checked), and I've added the domains manually just to
see if it made a difference. Logon is set to 'Automatic logon only in
Intranet zone'. (I've tried prompt as well.). Both pages in question
(one on intranet server and one on a different dev server) are
indicated as being in the intranet zone by the icon in the status bar
for both clients where it is working and clients where it is not. IE
settings are identical on working clients and non-working clients.
Due to the roaming profiles, identical AD settings and since a given
user's credentials aren't passed to sql on one client but everything
works as expected if they logon to someone's client that is working, it
seems like headers wouldn't the problem. That is, if Kerberos tickets
are user specific...if they also grow depending on machine(?), then we
need to look at that too.
<snip author="ken schaefer">
Then I would get packet captures (using www.ethereal.com) of traffic from</snip>
client -> webserver and webserver -> domain controller and webserver -> SQL
server.
Additionally, you can enable Kerberos logging on the webserver to see if
there are any Kerberos related issues (the events get logged to the Windows
event log)
<snip author="mahalie">
</snip>And both apps work for about 80% of our users. But the authentication
isn't being bassed from IE to the server to SQL as expected for the
rest, resulting in SQL errors. Our clients are all on XP. At first we
thought it was their profiles. But it's the client. The apps don't
work for anyone logged on those clients that aren't passing
authentication. And for those staff who have no problems, anyone can
log on and will have no problems / vice versa.
.
- Follow-Ups:
- Re: iis problems with some xp clients - kerberos issue?
- From: mahalie
- Re: iis problems with some xp clients - kerberos issue?
- References:
- iis problems with some xp clients - kerberos issue?
- From: mahalie
- Re: iis problems with some xp clients - kerberos issue?
- From: Ken Schaefer
- iis problems with some xp clients - kerberos issue?
- Prev by Date: Re: iis problems with some xp clients - kerberos issue?
- Next by Date: Re: IIS 5.0 vs IIS 6.0
- Previous by thread: Re: iis problems with some xp clients - kerberos issue?
- Next by thread: Re: iis problems with some xp clients - kerberos issue?
- Index(es):
Relevant Pages
|
