I am struggling to find the root cause of an authentication issue. I have tested in both IE7 and Firefox 2 with similar results so this issue is not browser specific.
The setup is probably pretty typical of most enterprise configurations. There is a Cisco firewall in front, and three servers behind it - a domain server, a web server and a MS SQL Server.
Accessing the web site requires a PKI certificate. Once the certificate is verified, a user is authenticated using Windows authentication / NTLM to a domain server using a DOMAIN\username and password.
Now the problem is that after a user is authenticated and browsing the web site, they seem to lose their authentication. In the browser, a link is clicked and nothing happens for about 10 minutes until another authentication prompt pops up. Filling in the prompt makes it go away for another 10 minutes until it pops back up and so on.
In the IIS web logs (see attached file), a user clearly loses authenticated status. The last seven lines of the log show that I when I clicked on the /product/switch.asp page from the webtools.asp page, IIS forced the request back to the site's default home page (default1.asp) and issued a 403 7 64 error. The sc-win32-status of 64 indicates "The specified network name is no longer available", ERROR_NETNAME_DELETED (see
http://help.netop.com/support/errorcodes/win32_error_codes.htm) and the 403.7 error indicates a client certificate is required.
The final six lines show the browser trying to fetch the /product/switch.asp three times (10 minute timeout between) and getting a 401 2 2148074254 (what does a sc-win32-status of 2148074254 mean?) followed by a 401 1 0. Since the graphic files have the same pattern and loaded fine, I am more inclined to question why the 403.7 error occurred and what prevents the browser from recovering. If I completely close the browser, I can usually log back in and fetch the file without problem until some other random time in the future.
The other file attached is the logman IIS trace file. If you open the file and search for 'Request n.54', that is the start of the last good request for favorite.gif. 'Request n.55' is for the failed product/switch.asp file. Note that the IIS logman trace and the IIS web log file don't match up in that the web log shows the 403 7 64 error for the default1.asp page right after favorite.gif was requested. The logman trace also shows that request 55 (first attempt for switch.asp) authenticated me but then seems to end with four of the following:
AspReq: ASP_END_CACHE_ACCESS - Check Cache End
ErrorCode: 0x00000000
AccessResult: SERVED_CACHE_HIT_CHANGENOT
IF
ContextIDSeq: 55
Timestamp: 18:50:38.131.733400
Now most requests end with 'IISGeneral: GENERAL_REQUEST_END - IIS ends processing a request' and the logman trace was left on for another half hour so it is not like I cut the trace off before the request had finished. Note that nowhere is a redirection to default1.asp shown so not sure how IIS put that in the log file.
After reviewing this info, I don't feel any closer to a solution. Has anyone else seen anything similar?
I should also state that my domain login is in the local administrators group and the admin group, users group and IUSR_ account all have read access to the file so I doubt it is ACL related.
Start Free Trial
