views:

84

answers:

1

I have an intranet site that our customer needs to access both internally and from the internet. The site has access restricted with Window Authentication.

The problem is that the site works when access externally, but fails with a 401.1 when accessed from within the local network. Why would the authentication fail locally?

DETAILS

  • The site is running on Windows Server 2003 and IIS 6
  • The site has anonymous access disabled and Windows Authentication enabled
  • The users access the site from a url like dashboard.example.com
  • There is an entry in the local DNS that points dashboard.example.com to the Windows 2003 server
  • I can resolve the dashboard.example.com name to the Windows 2003 server without issue from the local network.
  • The clients active directory is actually example.com instead of the recommended example.local I'm not sure if this could be a source of problems or not.
  • New Information: The site will work internally if access from the machine name rather than the CNAME http://ServerName

FROM THE INTERNET

  1. User vists dashboard.example.com from home over the internet.
  2. They are prompted for their username and password
  3. They are then authenticated and the site is displayed
    This is the expected behavior

FROM THE LOCAL NETWORK

  1. User vists dashboard.example.com from the local network.
  2. They are prompted for their username and password
  3. The prompt reappears for three tries
  4. The site presents a 401.1 authentication failure message.
A: 

I think I have found the solution to this problem. It turned out that the user was not properly entering the domain prefix before their username (ie: example\joe)

The second issue that misled me, was testing directly on the web server. Apparently their is a loopback check that prevents the authentication from processing properly when on the server itself. For more information see this article: http://msfarmer.blogspot.com/2009/03/4011-errors-with-reporting-services-and.html

John Gully