abillz
asked on
IIS - Integrated Authentication with a loadbalanced website
I have an internal website that is running on IIS 6 on Windows 2003. The website authenticates users using the Windows Integrated Authentication (Active Directory) so that users are automatically logged onto the site without having to enter a username or password.
I am trying to load balance this website by spreading it accross three other instances. I would like to have two instances of the website running on two seperate servers, giving me four instances in total.
Here is how I have thing set up so far...
The two physical servers are named "server1" and "server2". Each server has two seperate IP addresses; "server1" has 192.168.1.110 and 192.168.1.111 and "server2" has 192.168.1.120 and 192.168.1.121. I have created two seperate websites in IIS on each server, and given each of the websites one of the IP addresses. Each of the websites is configured to use Integrated authentication, and I have ensured that all of the users have the proper ACL settings on the acutal website files.
I have also added a second DNS Host entry for each server that points to the second IP of each server; "server11" points to "192.168.1.111" and "server2" points to "192.168.1.121". The primary IP of each server is already pointed to the primary server names as the somputer are registered in Active Directory and DNS.
In my head, this should work. Here is the problem... If I try and access any of the secondary webs using the URL like "server11/index.html" I am prompted to enter a username and password. This is a windows prompt, it seems like the integrated authentication does not work.
My second issue is that I will be load balancing these out once it is working properly. Will the integrated authentication still work once these are loadbalanced?
I am trying to load balance this website by spreading it accross three other instances. I would like to have two instances of the website running on two seperate servers, giving me four instances in total.
Here is how I have thing set up so far...
The two physical servers are named "server1" and "server2". Each server has two seperate IP addresses; "server1" has 192.168.1.110 and 192.168.1.111 and "server2" has 192.168.1.120 and 192.168.1.121. I have created two seperate websites in IIS on each server, and given each of the websites one of the IP addresses. Each of the websites is configured to use Integrated authentication, and I have ensured that all of the users have the proper ACL settings on the acutal website files.
I have also added a second DNS Host entry for each server that points to the second IP of each server; "server11" points to "192.168.1.111" and "server2" points to "192.168.1.121". The primary IP of each server is already pointed to the primary server names as the somputer are registered in Active Directory and DNS.
In my head, this should work. Here is the problem... If I try and access any of the secondary webs using the URL like "server11/index.html" I am prompted to enter a username and password. This is a windows prompt, it seems like the integrated authentication does not work.
My second issue is that I will be load balancing these out once it is working properly. Will the integrated authentication still work once these are loadbalanced?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
probably those secondaries are not considered 'intranet site' by the web browser. Windows auth is only automatic when the remote site in included in that list. by default, only hostnames without any dots in them (i.e. http://localhost and http://server11, etc) will be considered 'intranet' zone. Any hostname containing periods (e.g. http://myserver.com.tz, http://10.10.2.3, etc) are not considered intranet sites.
Cheers.
Cheers.
ASKER
Any idea why I am prompted for credentials when I access the secondary instances on either server, but not the primary ones? I am never asked for the primaries, not even the first time access. IE and IIS just pass the creds along and the world is great, but this is not happening for the second one.