Re: Network/Web Site Authentication

Hi Ben,

I saw NTLM works according to the trace. As least, the authentication is
passed between IIS and the client. Now it looks like this is probably a
Kerberos auth related issue.

Please go to the problematic client, open its IE Internet
Options->Advanced, make sure the 'Enable Integrated Windows Authentication'
option isn't selected. In this case, IE will use NTLM to perform Integrated
auth with IIS instead of Kerberos protocol. See if this will let the SUS
site work from now.

If it works, this means Kerberos authentication fails in your domain. You
have to ping our Windows AD group to help on Kerberos side troubleshooting.
Do you have a proper Kerberos Domain Controller(KDC) set in the domain?

Thanks.

Best Regards,

WenJun Zhang

Microsoft Online Community Support

==================================================

Get notification to my posts through email? Please refer to:
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at:

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.



.

Relevant Pages

  • Re: Email/Calendar/LDAP
    ... We are migrating towards Kerberos for authentication and still wanting to use ldap for authorization, but JES mail/calendar doesn't support Kerberos. ... Computing and Information Services ...
    (RedHat)
  • Re: Error Writing to Event Log
    ... me what authentication mode you are using in you Asp.net project? ... modify the DACL setting of eventlog in registry with SDDL format. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.general)
  • Re: Datadomain Windows 2008 DC
    ... applications that are using Kerberos authentication like SQL. ... that do not support Kerberos. ... I happen to be the Data Domain admin so I can attempt to answer some ...
    (microsoft.public.windows.server.active_directory)
  • Re: Need some tips on kerberizing our ENTIRE network
    ... When you ask about nagios support are you asking about authentication to the nagios interface or monitoring a KDC? ... was looking into using an ldap directory. ... and we should be considering the use of kerberos ...
    (comp.protocols.kerberos)
  • Re: Network/Web Site Authentication
    ... after turning off the 'Enable Integrated Windows ... Authentication' option in IE the WSUS site works. ... We are running 2 Windows 2003 domain controllers, so Kerberos should work, I ... Microsoft Online Community Support ...
    (microsoft.public.inetserver.iis.security)