Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


IIS Service

Posted on 2006-07-11
Medium Priority
Last Modified: 2008-01-09
My company are migrating to a new Domain. There is a 2 way trust setup between the old Domain A and the new Domain B.
I've installed a IIS server on the new Domain B. When users from the old Domain A try to access the site it's running they get error "No Authority could be contacted to authorisation".
I've tried mapping to a machine on the new Domain and get message there are no logon servers availaible to service the request.

The web site running on the new IIS server cannot have anonymous access as it needs to use the windows login for users on the new Domain to function.

Anyone know how i can set it up so users on the old domain can access this resouce?
Question by:jonhagger
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
LVL 38

Expert Comment

ID: 17083199
When connecting to the new domain, have you tried logging on as "DOIMAINNAME\USERNAME"?
When you specifically name the domain (before your network name), you can force the authentication to that domain.
Good Luck,

Author Comment

ID: 17083718
They're not prompted for a username/password. Just fails straight away!
LVL 38

Expert Comment

ID: 17083828
Are your users not required to log onto their computers?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Expert Comment

ID: 17085959
To turn on logging on a Web site, follow these steps:
1.      Start the Internet Information Services Manager. To do this, click Start, point to Administrative Tools, and then click Internet Information Services.
2.      Double-click your server_name, where server_name is the name of the server.
3.      Expand the Web Site folder.
4.      Right-click the Web site for which you want to turn on logging, and then click Properties.
5.      On the Website tab, select Enable Logging.
Note Both Enable Logging on the Website tab and Log visits on the Home Directory Tab must be checked for logging to be enabled.
6.      Select a format in the Active log format list.
7.      Click Properties.
8.      On the General tab, select the way that you want to schedule the logging or change the Log file folder. For more information, see the Configuration Options for Saving IIS Log Files section of this article.
9.      Click the Advanced tab, and then click the items that you want to monitor in the log.NOTE: If you select ODBC logging, click Properties, provide the ODBC Data Source Name (DSN), table, user name, and password, and then click OK.
10.      Click OK.

Now Restart IIS on Domain B

Try to enter. Now copy back the IIS LOG here.

Find the log here: C:\winnt\System32\LogFiles

Expert Comment

ID: 17085966
IIS6 Windows 2003 ?
LVL 26

Expert Comment

by:Leon Fester
ID: 17088583
This is definitely a problem that occurs when authenitcation happens via a Trusted Domain

Check out Authentication and Access Control Diagnostics 1.0

Authentication and authorization failures are common on Internet Information Services (IIS) platforms. AuthDiag is a tool designed to aid customers in effectively troubleshooting and determining the root cause of the problem.

Author Comment

ID: 17088673
The server is W2k3 with IIS6. I've enabled the logging but the connection attempts don't show.
When i tested with anonmous access from the old domain were able to access OK but it used the local IIS machine account (this attempt shows up in the logs).

DVT - where do i need to run the tool? on the IIS server or on the client?

LVL 26

Accepted Solution

Leon Fester earned 750 total points
ID: 17088752
To install Authentication and Access Control Diagnostics 1.0 manually, please follow these steps:

1). Download and save authdiag.msi to your workstation or server
2). Double-click on authdiag.msi and click Next at the Authdiag (x86) Wizard
3). Accept the terms of the License Agreement (Required)
4). Accept the default username and organization or change and click Next
5). Choose the installation type and click next
6). Click Install

Upon completion of the installation, Authentication and Access Control Diagnostics 1.0 will be shown on the programs menu under "IIS Diagnostics\AuthDiag."

To automate the installation, please download the authdiag.msi file and do the following steps:

1). Click Start | Run and enter cmd.exe and click Run
2). Change to the download directory where AuthDiag.msi is located
Ex: cd AuthDiag
3). At the command prompt, type the following: msiexec /i authdiag.msi /q

This should successfully install AuthDiag with no user interaction. :)

Author Comment

ID: 17088773
I logged onto the IIS server locally (off DOMAIN) and ran tool. Error reported : Service principal name (SPN) for machine 'servername' not found in Active Directory. Can this be related?

Author Comment

ID: 17088836
Is there a way to force IE to prompt for a username and password when loading the site?
LVL 26

Expert Comment

by:Leon Fester
ID: 17088847
That is exactly the problems that you're looking for.

Heres some steps to fix that error.

Author Comment

ID: 17088909
I've got WINS dynamic registration allowed on the WINS server and the host files for the PDC are present on the old domain PDC WINS :(

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question