tags:

views:

139

answers:

2
Q: 

IIS 7.5 Windows Authentication failed with 401.

Since we moved from IIS 7.0 to IIS 7.5 the Windows Authentication doesn't work anymore from remote requests. If I open the website on the webserver everything works fine.

web.config:

<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
        <deny users="?" />
        <allow users="*" />
</authorization>

IIS Settings:

Authentication (enabled): ASP.NET Impersonation, Windows Authentication (all others are disabled)
ApplicationPool: Managed Pipeline Mode -> Classic, Identity -> ApplicationPoolIdentity

Failed Request Trace:

MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName: WindowsAuthenticationModule
Notification: 2
HttpStatus: 401
HttpReason: Unauthorized 
HttpSubStatus: 1
ErrorCode: 2148074254 
ConfigExceptionInfo:  
Notification: AUTHENTICATE_REQUEST
ErrorCode No credentials are available in the security package (0x8009030e)

Any suggestions?

A: 

Which client are you using? you might be running a client that is trying to pre-authenticate, but in IIS 7 we use Kernel Mode authentication by default which requires a challenge. If that is the case you can disable Kernel Mode auth by selecting the Windows Authentication entry and clicking Advanced Settings, you should see a checkbox that allows you to Disable that for the specific application and it should work if this is the problem.

CarlosAg  2010-07-16 18:04:19
After I disable it I will get two FailedTrace Request:1st:Request SummaryUrl http://computername:80/ App Pool AppPoolName Authentication NOT_AVAILABLEUser from token Activity ID {00000000-0000-0000-0A00-0080000000FC} MODULE_SET_RESPONSE_ERROR_STATUS 401.22nd:Request Summary:Url http://computername:80/ App Pool AppPoolName Authentication NTLM User from token domain\username Activity ID {00000000-0000-0000-0C00-0080000000FC} MODULE_SET_RESPONSE_ERROR_STATUS 401.5It looks like the first request is an PreAuthentication but I have disabled the KernelMode.
Dave  2010-07-19 06:02:20
We tried it with the following clients with no success, Windows XP (Safari, Firefox, IE) and Windows 7 (Chrome, IE)
Dave  2010-07-19 06:17:32
+1  A: 

We had a two-hop problem I think. If I move our SQL/Oracle DB to the server which is running IIS it works.

So here is an article to which describes a solution.

How to configure SQL and IIS for two hop kerberos authentication 2

or SSRS Reportviewer ASP.NET Credentials 401 Exception

Thanks

Dave  2010-07-20 05:42:27

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)