Re: Basic Authentication fails with Error 401.2 where Integrated s

Roger,

I've set up the test directory as described in my first post. I'm then
trying to access the page (http://localhost/test/test.html) through internet
explorer. I get a windows log in box as a prompt. As you can imagine, I've
tried every possible combination of things but I'm mostly trying with
COMPUTERNAME\USER and the password. The password is for the moment set to
something absurdly simple so I'm sure it's not a problem with that.

I've enabled failure logging and tested a regular remote desktop log in to
verify the failure is being recorded (it is). When I attempt to access the
directory above, however, I don't get a failure audit. I don't get any event
at all for the user I'm trying to log in with. What I do get is a success
audit for the IUSR account (even though anonymous access is turned off and I
am denied access to the page I'm trying to get to). Some details from that
success audit:

User Name: IUSR_XXXXXXXXXXXXXXXX
Domain: XXXXXXXXXXXXXXXX
Logon ID: XXXXXXXXXXXXXXXX
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: XXXXXXXXXXXXXXXX
Logon GUID: -
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: XXXXXXXXXXXXXXXX
Caller Process ID: 184
Transited Services: -
Source Network Address: -
Source Port: -

I actually get two (identical) success audits for this account, and a
success audit for the NETWORK_SERVICE account, but it is as if the attempt to
log in through the username/password box just never happened.

Not sure if any of that is useful but any help would be appreciated.

Thanks for your time so far.

Jude Fisher



"Roger Abell [MVP]" wrote:

How are you trying to log in? With domain\account when
using a domain account ?? The auditing settings are in the
Local Security Policy which you will find in Administrative
Tools (though domain policy may be controlling).

"Jude Fisher" <JudeFisher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E1E3B299-F273-44FF-B61E-7DAC0CEF25AB@xxxxxxxxxxxxxxxx
Roger,

Thanks for replying.

The event log doesn't appear to be recording failures. How would I turn
that
on?

Thanks again.

Jude Fisher

"Roger Abell [MVP]" wrote:

Have you looked into the security event log, assuming that it
is configured to record login failures?
You will probably see a unknown account or bad password
event message, indicating the account that the domain.
This last is probably not correct if the login attempt did not
use domain\account syntax in the login attempt, where domain
might need to be the local machine name of the webserver if
domain account is not in use.


"Jude Fisher" <JudeFisher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6CF2177C-D68E-46CD-A95D-1FF4D51BC8C0@xxxxxxxxxxxxxxxx
Hi,

I'm a developer rather than a server tech and I've run into some
problems
configuring a website.

An external provider we're using requires that a specific script be in
a
directory that is protected by Basic Authentication. This isn't
something
I've had to do before so I've been stumbling along following the KB
instructions. I've set up a test directory but I can't seem to get
authentication working properly. Here are the details:

I'm running IIS 6 on Windows Server 2003 with Asp.Net 1.1 and 2.0 both
installed.

The directory is configured with regular read priveleges, no scripts or
executables for the moment. The page inside the directory that I am
using
for
testing is just a plain html page with one line of text in it.

The directory is configured in IIS with only Basic Authentication
checked
(Anonymous access, digest and integrated access are all cleared) and
the
domain and realm fields are empty.

I have a limted access account I want to use for this but for testing
I've
also tried my administrator account, which has priveleges to the folder
and
also local log on priveleges for the machine. Problems are consistent
whichever account is used.

The error occurs whether I'm connecting remotely or (through remote
desktop)
via localhost, which should rule out any proxies.

The error returned is HTTP Error 401.2 - Unauthorized: Access is denied
due
to server configuration.

*IMPORTANT* (I'm hoping this points directly to the problem!) - If I
check
the integrated authentication box in the IIS security configuration,
suddenly
the log in works. If I clear it so only basic is checked, it breaks
again.

Thanks in advance for any assistance.








.

Relevant Pages

  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... user account then IIS will reprompt for an account that does. ... I've enabled failure logging and tested a regular remote desktop log in to ... Authentication Package: Negotiate ... the integrated authentication box in the IIS security configuration, ...
    (microsoft.public.inetserver.iis.security)
  • Re: 4 forests-domains, roaming clients, no trusts, not Internet-Ba
    ... "Windows Server 2003 and Cross Forest Site Communications ... Communications across forests work in Configuration Manager 2007 if the ... Account appears to be for Client to Server communication. ...
    (microsoft.public.sms.setup)
  • Re: Minimizing the number of "setuid root" daemons
    ... >allow me to specify exactly what a particular privileged program can and ... reads system timezone configuration ... local account database ... generic -- maintaining an overall database of allowed actions would be ...
    (comp.os.linux.security)
  • Re: Is it really true that NTFS is secure?
    ... > and failure auditing starting with "Audit Account Management," and also try ... > The account Group got put back in the Administrator group again. ... > The logon to account: ...
    (microsoft.public.security)
  • Re: Server Application Unavailable
    ... The configuration is Windows 2000, with .NET 2.0 the default ASP.NET ... password supplied in the processModel section of the config file ... directory allow access to the configured account. ... Read/write rights in the ASP.NET Temporary Files under the framework directory ...
    (microsoft.public.dotnet.framework.aspnet)