Re: You are not authorized to view this page

---

• From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 30 Apr 2007 11:24:48 +1000

---

Hi,

On your server, can you enable "Logon Failure" auditing please (Start -> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable Failure auditing for Account Logon events, and Logon Events (by default only a "Success" is logged).

Then, in your Windows Security event Logs, you should start getting some more detailed information on why authentication is failing.

Lastly, there are no actual credentials in the log files below. It would appear that perhaps your browser is not actually sending credentials, or IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms have you configured for the "Reports" directory in IIS? (Basic? IWA? Digest?)

Cheers
Ken


"Bob" <someone@xxxxxxxxxxxxx> wrote in message news:e$oEUlqiHHA.4976@xxxxxxxxxxxxxxxxxxxxxxx

Here is the log of the latest attempt. I got prompted for credentials 3 times before being rejected. No, there was no status=200 record to indicate sucess

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-04-29 21:55:00
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 2 2148074254
2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0
2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0

"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> wrote in message news:u2XjyMjiHHA.4668@xxxxxxxxxxxxxxxxxxxxxxx

302 = redirect
301 = redirect
Those are not "errors". Instead your browser is being told to make a new request for a different page.

401.1 is an authentication challenge (you are being challenged to provide allowed credentials)

402.2 - IIS does not implement this error code. Please verify what you have in your logfile. If it's, instead, 401.2 then that may be part of a legitimate NTLM authentication. What is the *next* request? Does it have a 200 OK status?

Can you post the entire logfile entries you have (including the one following the entries above)?

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

"Bob" <someone@xxxxxxxxxxxxx> wrote in message news:uHYXtCUiHHA.5008@xxxxxxxxxxxxxxxxxxxxxxx

Hi

I have two IIS servers with similar setups,
When I logon to the server and use IE to view the website, everything works as expected on both servers

When I use a different computer to view the same pages, then one works OK, and the other gives me the error in the subject line.

Looking in the log for the IIS server that gives me the error, there are a series of errors
302 0 0
301 0 0
401 1 0
402 2 2148074254

Where should I be looking to resolve the error and get the remote browser sesssion working?

Thanks Heaps

Bob

.

---

• Follow-Ups:
  • Re: You are not authorized to view this page
    • From: Bob

• References:
  • You are not authorized to view this page
    • From: Bob
  • Re: You are not authorized to view this page
    • From: Ken Schaefer
  • Re: You are not authorized to view this page
    • From: Bob

• Prev by Date: Re: Getting 404 errors on files that are present
• Next by Date: Re: How to disable SSL v2 support on IIS 6.0?
• Previous by thread: Re: You are not authorized to view this page
• Next by thread: Re: You are not authorized to view this page
• Index(es):
  • Date
  • Thread

---

Relevant Pages Unknown Domain user - domain authentication appears limited ... IIS or Domain problem, it appears that it is actually a security ... When I tried this on the new server configuration I received the following ... due to the following error: Logon failure: the user has not been granted the ... requested logon type at this computer. ... (microsoft.public.windows.server.security) Re: Anonymous works 1 Day ?? ... - This server IS member of a domain. ... There is no group policy ... logon type permission... ... I cleared the "Allow IIS to control password" and it SEEMS ... (microsoft.public.inetserver.iis.security) Re: Please help refresh my memory on AD DC ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ... (microsoft.public.windows.server.active_directory) Re: Need to find out the IP of someone trying to hack a server ... If you know that it's IIS, then it most likely is OWA or some other Website ... If all the connections in the IIS logs show the IP address of the ISA server, ... I'm getting logon type 8, ... Having trouble finding a list of logon types referenced in event viewer. ... (microsoft.public.isa) Re: Logon Server Unavailable ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ... (microsoft.public.windows.server.dns)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)