IIS Active Directory double handshake hickup

Question

I have a .net 2.0 click-once application that connects to IIS web services on Windows 2003 R2 64-bits. The IIS is setup with Integrated Windows Authentication.

So whenever a web service call is made to IIS web services, there is a double handshake taking place:

Client Request #1

GetEmployeeList

Server Response #1 <- 401

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

Client Request #2

REQUEST Header...

Server Response #2 <- 200

Data Received

Lately, however, Server Response #1 will sometimes (a good 20 percent of the calls) take a massive amount of time (like 25 to 30 seconds).

How do I debug this problem? Is this a Active Directory problem or a Domain Controller problem?

Answer 1

The double handshake will always take place as the client will attempt to gain access via IUSR. I'm not sure if you can not have this happen, but be sure that Anonymous auth is off and that you are supplying the credentials explicitly on the way in.