Re: Integrated Security fails using machine name, succeeds using FQN

On Jun 5, 1:02 pm, Seth Petry-Johnson <Seth Petry-
John...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Active Directory: BAR.COM
Webserver: FOOWEB, IIS 6, single static IP address, running a single ASP.NET
website. Contains a virtual directory (called "/protected") with Integrated
Security as the only authentication option.

When logged in locally to FOOWEB, pointing IE tohttp://fooweb/protected/default.aspxworks. The user is authenticated
automatically.

From another machine [FOOBAT], same domain, same local network, same user
account, browsing tohttp://fooweb/protected/default.aspxcauses the
username/password prompt to appear. THE USER CAN NOT AUTHENTICATE, even if he
manually enters his credentials!

On FOOBAT, the authentication DOES work if the user points IE at the fully
qualified namehttp://fooweb.bar.com/protected/default.aspx! [*.bar.com is
registered for local intranet zone]

Some observations:
1) The username prompt contains the FQN "fooweb.bar.com".
2) On FOOBAT, IE is in Intranet mode in both scenarios.
3) User is a domain admin and can access fileshares on FOOWEB, this is
certainly an IE/IIS issue.

I'm lost... any suggestions?


Make sure fooweb is actually getting to the correct server when access
from foobat. If it is, check the IIS log files on fooweb when the user
fails to authenticate from foobat. Provide the HTTP status, substatus,
and Win32 error code. That is what you need to troubleshoot.

The sequence of error codes from the IIS log file tells you what sort
of issue you have.

Based on your information, this is certainly not an IE/IIS issue and
almost certainly a user/misconfiguration issue. I am looking at the
IIS6 web server doing what you claim is not possible, so there must be
something misconfigured in your environment.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
.