Re: Integrated Authentication - Manual Authentication Popup

just some thoughts ....

Check kerberos is correctly setup on all boxes:
- DNS alias
- SPN
- AD account in AppPools
- Bindings Host Header Name + Port + IP Address
- VDirs and their AppPools (should all be the same as the WebSite)

Also, enable all security auditings on both servers. When the issue happens,
check for the username in the log and why the access was denied.

Check for any W3SVC events for AppPool recycling.
Check F5 rules and possible errors when redirecting.

Tiago Halm

"Chris Hoare" <choare@xxxxxxxxxxxxx> wrote in message
news:E58BA53D-F64F-4AF3-B944-AD4152307F29@xxxxxxxxxxxxxxxx
Hello,

I have a strange intermittant problem.

There are two web servers configured to load ballance behind an F5 load
ballancer. Each of the web servers has a .Net application running in IIS 6
on
Windows 2003. The site is setup to use integrated authentication only and
domain users are allowed read access to the folder. We are getting
sporadic
in time and random on pages domain authentication popups on the client
pc's.
It is not with any obvious pattern and it is affecting more than one user.
I
cant turn the Integrated authentication off as we are using a single sign
on
through AD to access the software. The app pool for the application is
only
running the single application with this issue; its running as Network
Service at the moment.

Can anyone suggest how to work through this issue; i am loathe to demote
the
web servers down kerboros through setspn but the users are becoming
frustrated by the popup box appearing so i am need of suggestions for a
fix


.