Hey all,
I've encountered a Win2008 IIS7 installation that appears to be refusing to send the WWW-Authenticate response headers automatically (the virtual dir is configured for Anonymous and Windows Authentication... and the first request is being rejected with a 401-Unauthorized response).
My clean test environment does this properly (a WWW-Authenticate header is automatically added to the response).
I'm 90% tempted to manually include the header via the IIS configuration... but I'd much rather understand why this one particular server does not appear to be doing it automatically (ie. correctly).
Any ideas where I should be looking?