IIS6 & Integrated windows authentication prompts login window !!!

Posted on 2007-10-03
Medium Priority
Last Modified: 2012-08-14
We have an intranet application running on healthcare.yourdomain.co.uk.

We have deployed this application in a server belonging to mydomain.com domain. We have configured this application to use integrated windows authentication.

We have configured this application in server100.mydomain.com. (NetBIOS name DOMAIN).
Windows 2003 SP2 & IIS6.

We have created one more DNS entry healthcare.yourdomain.co.uk pointing to server100.mydomain.com.

We have configured the website for healthcare.yourdomain.co.uk on server100.mydomain.com
And I have placed a header healthcare.yourdomain.co.uk.

Our users PCs are in mydomain.com. (NetBIOS name DOMAIN).Whenever user types healthcare.yourdomain.co.uk in IE they are prompted for login window, it never consider integrated windows authentication. When I enter DOMAIN\myuserid and password it comes up with the website.

But when we try to access the application using server100.mydomain.com (we have configured this application default website and configured server100.mydomain.com & healthcare.yourdomain.co.uk as host headers), no auth prompt is shown; users are directly logged into the application

Ideally, when we try to access healthcare.yourdomain.co.uk the authentication prompt should not have come and users should be seamlessly logged into the application. What is the resolution of this problem?

Our users in mydomain.com. (NetBIOS name DOMAIN) should be able to access healthcare.yourdomain.co.uk without any prompt (it should use integrated windows authentication).

Question by:moorthy_kulumani
  • 2
LVL 51

Expert Comment

by:Ted Bouskill
ID: 20072971
I'm assuming you are using IE, Firefox doesn't have a fix for this and will always show a prompt dialog.

Any in IE if you look at the bottom right of IE it shows an icon for the current zone.  Intranet, Trusted or Internet are the standard three.  By default the automatic login for username and password will ONLY work for Intranet (local) sites.  However, for IE to decide that you are local is that the domain of the computer and the website have to be the same! (Which yours are not)

The only way to fix this is to change the IE policy settings so that the website is trusted and to autologon onto trusted sites.
LVL 26

Accepted Solution

EDDYKT earned 172 total points
ID: 21366332
Try to run this on your iis machine

cscript C:\Inetpub\AdminScripts\adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"

Assisted Solution

bcrosby007 earned 164 total points
ID: 21517633
I edited my group policy to add our intranet site to the tusted intranets. I do not get prompted for a username or password unless i am off site.
LVL 51

Assisted Solution

by:Ted Bouskill
Ted Bouskill earned 164 total points
ID: 21519939
I want to change my answer for FireFox.  There is a solution!

- In the Address bar type about:config then [Enter]
- A filter Window will appear with configuration settings
- Type NTLM in the filter Window
- double click on network.automatic-ntlm-auth.trusted-uris
- Enter your domain that you want to automatically log into



Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question