We host an Intranet via IIS 6.0, which many staff (all in developing countries) must access. Of the 25 or so countries, approximately half are having difficulties logging into the Intranet. The problem could be the local ISPs themselves, which often have restrictive or relatively uninformed policies in place. However the problem could be my IIS config as well.
A few points:
- Anonymous Access is disabled. Authentication is via Integrated Windows Authentication (against AD), which is working fine for most of us;
- Users often get to the login screen and are able to enter credentials. The errors begin after that, and they are denied access.
- I had a conversation with an ISP in Mozambique re this. They said our server was configured for "session-based" access, not "user-based", and thus the credentials/communications would not pass successfully thru the ISP's servers. (They were unwilling to tweak their system for us.)
- Today an error message forwarded to me from Nigeria said something to the effect: You do not have permission to view this page using the credentials that you suppliied because yuour Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.
The Question: I'm open to broad advice about this problem in general, but mainly want to know if there is an IIS config on my end (or other security related steps) that can make for successful access from our field offices?