peterwnorman
asked on
401.2 error with IIS using Integrated Security
Hey,
I'm trying to get to the bottom of a problem that is driving me crazy. I recently deployed an app for my company that uses IIS 6 and Tomcat. Everything seemed to be going fine until 2 users reported an error they got when they typed the url into a browser window. Everywhere i look for a solution it tells me i need to switch from Anonymous Authentication to something else, but since the start I've been using Integrated Security and these users have sufficient entitlements to access the site, but still they can't. Is there some other setting in IIS that i need to check? Or is it something specific with the browser version these two are using - quite a few people have logged on at this stage without encountering this problem
Hope you can HELP.
I'm trying to get to the bottom of a problem that is driving me crazy. I recently deployed an app for my company that uses IIS 6 and Tomcat. Everything seemed to be going fine until 2 users reported an error they got when they typed the url into a browser window. Everywhere i look for a solution it tells me i need to switch from Anonymous Authentication to something else, but since the start I've been using Integrated Security and these users have sufficient entitlements to access the site, but still they can't. Is there some other setting in IIS that i need to check? Or is it something specific with the browser version these two are using - quite a few people have logged on at this stage without encountering this problem
Hope you can HELP.
ASKER
the problem users are outside the domain, as is most everyone. everyone else is challenged by the server to enter their domain username and password. these 2 aren't. the server simply throws a 401.2 error
ASKER
i just found an article on microsoft.com that says the error can occur if you use NTLM on the server (which i am) and try and access the server through another proxy server. but surely there is some other method of allowing a user to access a site that is outside their current domain when they are accessing it through a proxy server...
see here..
Netscape doesn't support Integrated Windows authentication. If you want
Netscape users to be able to log in to the site, you'll need to select
Basic authentication. You can select both Integrated and Basic if you'd
like -- IE clients will use Integrated, and everyone else will use
Basic.
Please note that passwords go over the wire in almost-cleartext with
Basic
authentication. To prevent password sniffing, you'll want to install and
use an SSL certificate on your site.
And finally check here www.iisfaq.com for answers....
best of luck..
R.K
Netscape doesn't support Integrated Windows authentication. If you want
Netscape users to be able to log in to the site, you'll need to select
Basic authentication. You can select both Integrated and Basic if you'd
like -- IE clients will use Integrated, and everyone else will use
Basic.
Please note that passwords go over the wire in almost-cleartext with
Basic
authentication. To prevent password sniffing, you'll want to install and
use an SSL certificate on your site.
And finally check here www.iisfaq.com for answers....
best of luck..
R.K
ASKER
these users are using IE...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Team...I had same issue
i switched NTLM to Keberos authentication .now it working fine....
http://support.microsoft.com/kb/832769
i switched NTLM to Keberos authentication .now it working fine....
http://support.microsoft.com/kb/832769
cheers.