Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' - .NET/IIS/SQL 2000

Posted on 2003-03-13
Medium Priority
Last Modified: 2007-12-19
The error is received by web client under the following config:

Webserver: W2K / .NET / IIS
-  IIS is using Integrated Windows authentication and the server itself resides on our domain.
-  ConnectionString = "server=<ourdbserver>;Trusted_Connection=true;database=<ourdb>;"
-  web.config has a <identity impersonate="true" /> tag

DB Server: W2K / SQL 2000
- The DB has the domain accounts defined as SQL Logins with the appropriate permissions to the DB.

These servers are physically 2 separate machines, both on the same windows domain.  We've tried many different combinations of config settings.  It appears that IIS is not passing the logon credentials to the SQL box.  We tried adding a "Persist Security Info=true" into the connection string without any success.  We also tried added the domain accounts onto the SQL Server's local Administrators group without any success.  Every posting I've seen suggests using Anonymous authentication; but this is an enterprise app that must use NTLM.

How do you get Windows Integrated security to work with IIS/.NET/SQL2000 across multiple servers???
We only have 75 points to offer but this is very important!!!!
Question by:hzhkx4
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Accepted Solution

AndresM earned 300 total points
ID: 8131656
>It appears that IIS is not passing the logon credentials to the SQL box
That's the probem. NTLM at IIS does not support "AuthenticationPassThrough". You should set Basic Authentication in IIS in order to let the password pass through.
See INF: Authentication Methods for Connections to SQL Server in Active Server Pages.

This is another option, but unsupported:
UNCAuthenticationPassThrough Support Limitation in IIS 5.0
Enabling Pass-through-authentication for IIS 4 and IIS 5


Expert Comment

ID: 8135232
I recommended to use the digest authentication if you be in a intranet environnement. So the user password will not be send in clear text over your network.

Note that this authentication method work only with IE and only since IE 5.5

Author Comment

ID: 8137822
Thanks the articles really helped.  The answer is integrated won't work with multiple servers.  Only basic/anonymous will.  

The other pass through options aren't supported, and therefore really aren't feasible.  

Also this app is for use on the Intranet and Internet, so the Digest auth wouldn't work.

I still don't understand though why IIS won't support integrated security to another box?  Especially when both are on the same domain.


Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question