• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 764
  • Last Modified:

IIS6.0 UNC Shared Virtual Directory 401.3 Error

Hey all,

I have the current setup:
- Web server (machine name "server") IIS6.0 Windows2003
- Web server has a header of "users.domain.com"
- Virtual directory named "Test"
- Virtual directory has passthru credentials enabled (the Always user the authenticated user's credentials when validating access to the network directory is checked)
- Virtual directory pointing to \\shares\Users
- Virtual directory has anon access removed
- Only Windows Authentication is enabled

- File server (machine name "shares") running Windows2003
- Share of "Users" has Everyone permissions and security set to Full Control

Both of these machines are in the same domain.

When I try to access http://users.domain.com/Test I get a credentials box which I fill out w/ the Administrator's credentials.  However, after that I'm greeted by 2 more attempts which then lead to a 401.3 error.  Does anyone know why on earth I can not for the life of me get access to that UNC share through a web browser?  Is there a local security policy that I have to set?  When I add the share to the "Shares that can be accessed anonymously" list, then I can get through, however the user is not the authenticated user, it's the ANON USER.

Thanks!
0
TivexExchange
Asked:
TivexExchange
1 Solution
 
matalyn1016Commented:
Ok, this is a lot of reading but well worth it and it answers your question. - http://www.serverwatch.com/tutorials/article.php/3113161
0
 
TivexExchangeAuthor Commented:
Right... I just don't understand how i'm applying FULL PERMISSIONS to Everyone both on the share and on the file system and yet I'm still getting 401.3 errors.  It would be really handy to see what exactly is being checked for and the credentials that are being used....
0
 
WerewolfTACommented:
I'm guessing you're using this like an Intranet site, right?  We had a similar issue here.  Even though we were pointing to http://servername.domainname, which was clearly on our internal domain as the domain name ended in .local, the browser would treat it like it was in the Internet Security Zone, and refuse to pass AD credentials, prompting for logins and in some cases still refusing to let us into certain locations.  We added *.servername.domainname into the Local Intranet security group in IE, and everything cleared up.  After that, we set the same thing through Group Policy and now everyone gets the permissions they're supposed to as set with ntfs permissions on various folders using their cached credentials, no login prompts.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now