Microsoft IIS Web Server
--
Questions
--
Followers
Top Experts
Authentication popus up randomly when using Windows Integrated Auth.
Here's the situation:
We had to re-build a crashed Exchange / IIS server (Windows 2000 Server SP4) recently and restored all the documents and data, but none of the IIS or Windows settings. We set up IIS with its default settings, installed our security certificate, and changed authentication to ONLY use Windows Integrated Authentication. For the most part, this works fine like it did before the crash - the user's domain login is passed to IIS and scripts like ASP can read it and the login also gets written to the IIS logs.
Users are now reporting that they are occasionally getting an authentication pop-up (and we're able to see a matching 401 entry in the IIS logs and the domain login spot is empty). If they close out of everything and go back in, usually everything works again, but it's annoying. Plus, this MAY be related to a similar problem with Exchange - a couple of users are reporting that Outlook randomly pops up with a login box and freezes Outlook - the login box can't be cancelled.
So I'm wondering if these are two separate issues or if there's some bigger central issue (maybe with security policies or Kerberos or something?). Any pointers would be helpful. ย Thank you!
- Jonathan
We had to re-build a crashed Exchange / IIS server (Windows 2000 Server SP4) recently and restored all the documents and data, but none of the IIS or Windows settings. We set up IIS with its default settings, installed our security certificate, and changed authentication to ONLY use Windows Integrated Authentication. For the most part, this works fine like it did before the crash - the user's domain login is passed to IIS and scripts like ASP can read it and the login also gets written to the IIS logs.
Users are now reporting that they are occasionally getting an authentication pop-up (and we're able to see a matching 401 entry in the IIS logs and the domain login spot is empty). If they close out of everything and go back in, usually everything works again, but it's annoying. Plus, this MAY be related to a similar problem with Exchange - a couple of users are reporting that Outlook randomly pops up with a login box and freezes Outlook - the login box can't be cancelled.
So I'm wondering if these are two separate issues or if there's some bigger central issue (maybe with security policies or Kerberos or something?). Any pointers would be helpful. ย Thank you!
- Jonathan
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
the IIS issue maybe be related to the properties of the files and folders be browsed, if when you restored you copied the files and folder and did not move them, the properties belive it or not are not reset for target system's file system, check the properties and inheritance of all virutal directories, files and folders in your IIS sites and reset them if need be. This should solve the login prompts
Exchange and outlook, with regards to outlook issue, on one of the culprit machines try reinstalling office, failing that wipe their profile from the terminal (or rather just rename it) and try reloggin back on recreating the exchange account and simply monitor its progress
hope this helped
Exchange and outlook, with regards to outlook issue, on one of the culprit machines try reinstalling office, failing that wipe their profile from the terminal (or rather just rename it) and try reloggin back on recreating the exchange account and simply monitor its progress
hope this helped
I'll try that, but in the meantime, why would it happen randomly? If the file permissions were off, I'd think that the probably would be consistent...
- Jonathan
- Jonathan
Permissions look correct, and I noticed one more thing. Even if I try to access a non-existent page, i.e. http://server/nopagehere.htmldeedoo, I still get prompted for authentication.
A couple more facts:
- The site is in the intranet zone.
- I am able to access other internal IIS servers and use scripts that correctly print out my Request.ServerVariables("l
So by process of elimination, it seems like IIS or Windows 2000 isn't reading my domain login information automatically, and since my IIS web site is set up for Windows authentication only, it is prompting for that login information before it even checks to see if the requested page is there or not.
Again, any suggestions are much appreciated.
- J
A couple more facts:
- The site is in the intranet zone.
- I am able to access other internal IIS servers and use scripts that correctly print out my Request.ServerVariables("l
So by process of elimination, it seems like IIS or Windows 2000 isn't reading my domain login information automatically, and since my IIS web site is set up for Windows authentication only, it is prompting for that login information before it even checks to see if the requested page is there or not.
Again, any suggestions are much appreciated.
- J
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
And another update:
- IIS gets installed by default with its own Administration web site as well. I granted access to my IP, went to it in my browser, and was NOT prompted for any authentication. It was also able to display my current domain login username.
So it looks like it might have something to do with the "Default Web Site" web site listing in IIS?
- Jonathan
- IIS gets installed by default with its own Administration web site as well. I granted access to my IP, went to it in my browser, and was NOT prompted for any authentication. It was also able to display my current domain login username.
So it looks like it might have something to do with the "Default Web Site" web site listing in IIS?
- Jonathan
Hmm interesting
My suggesting would be compare the settings in IIS against another machine running IIS thats not displaying this eratic behaviour. Other than this i would have to be there to take a look myself.
My suggesting would be compare the settings in IIS against another machine running IIS thats not displaying this eratic behaviour. Other than this i would have to be there to take a look myself.
oh is this IIS service part of your domain ? linked to your active directory?
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
The server is a domain controller, so as far as I know, yes. I've never had to manually link IIS to AD before... as far as I know, it just happens after promoting the server to domain controller.
- J
- J
Okay, here was the solution to the problem after calling Microsoft - they had me disable the Kerberos/Negotiate authentication protocol, which forced the server to use NTLM security:
1. Go to the server and go to the command line.
2. cd into the Inetpub\Adminscripts directory, like this:
ย ย cd c:\inetpub\adminscripts
3. Then run this command:
ย ย cscript adsutil.vbs set w3svc/NTAuthenticationProv
4. Restart the server.
- Jonathan
1. Go to the server and go to the command line.
2. cd into the Inetpub\Adminscripts directory, like this:
ย ย cd c:\inetpub\adminscripts
3. Then run this command:
ย ย cscript adsutil.vbs set w3svc/NTAuthenticationProv
4. Restart the server.
- Jonathan
The automatic logon feature in IE relies on the client being able to figure out that it's in the same domain as the server. (More or less, anyway). Is it possible that your clients have got bad data left in their netbios cache?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Microsoft IIS Web Server
--
Questions
--
Followers
Top Experts
IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.