Re: Authentication Fails with DNS name, works for Server Name and IP



Look in the server's security log, once login success/failure is enabled.
What I am wondering is if it has negotiated to use Kerberos but then
fails to do so. Using servername (non-DNS) or IP guarantees that the
negotiation will not elect to use Kerberos.

Roger

"Jeff Gilleland" <jeffreybruce@xxxxxxxxx> wrote in message
news:25801638-be78-4285-a96a-6a39909b79bc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am having what seems to be a fairly unique problem and one that I
cannot find much of a resolution for.
I have a web application that is using Windows Authentication. IIS
authenticates it first just fine and then a web service sends out a
request which is then returned for re-authentication.
The url string comes back in the format of

http://dev.domain.domain.com/webservice.asmx?initialize?user=34&parameters=

When this url returns, it will not pass through the Windows
Authentication again. Putting everything anon works fine but breaks
some of the functionality of the site as it needs the current user's
credentials.

However, if I use the machine name or IP address, it works just fine.
Those URLs would be:

http://machinename/webservice.asmx?initialize?user=34&parameters=
http://10.0.0.10/webservice.asmx?initialize?user=34&parameters=

Any ideas?


.



Relevant Pages

  • Re: External Access to IIS via Kerberos Authentication
    ... Integrated Windows Authentication encompasses two authentication ... Kerberos also requires that the client machine be a member of the forest. ... If users are connecting from non-member machines, only NTLM is used. ...
    (microsoft.public.inetserver.iis.security)
  • Re: security works for VPN users, doesnt for local
    ... i am attempting to configure security for an intranet web application ... it uses Windows authentication, retrieving roles from ... this was really wigging me out, especially since authentication works ... your server's Kerberos security protocol isnt working, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: KERBEROS OR NTLM
    ... This means that for your web app, the default zone is using the Windows Authentication provider. ... In the "Edit Authentication" page from the "Authentication Providers" you should also see a section called "IIS Authentication settings" where you will see a check mark beside "Integrated Windows Authentication", there you can see if you are using NTLM or Negotiate. ... Kerberos authentication was set for each web application, ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... until a user logon event. ... the Netdiag utility will show the Kerberos error in this scenario ... On these machines I ... me a plausible starting point to solve my Kerberos authentication problem. ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... I just wanted to let you know there is a known bug in netdiag that reports ... >> mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
    (microsoft.public.windows.server.security)