MOSS 2007 Authentication Problems
Posted on 2009-12-16
We are currently running a Moss 2007 server as an intranet document solution in an active directory 2003 domain.
After adding a second access mapping to the default zone through "alternative access mappings" under "operations" in the central administration, users are prompted for a username and password at random intervals while browsing the site - especially when trying to access a document.
Usually, the user can click cancel, and access the ressource as desired, sometimes the user recieves multiple prompts and then finally an error message from IIS:
"HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration favoring an alternate authentication method"
The authentication providers for the site were not modified, and both access mappings use the same settings, i.e. the web application was not "extended".
Here are the current settings we are using:
IIS 6.0 - Website Security:
Anonymous Access = Off
Authentication: Integrated Windows Authentication
In the application's web.config:
<authentication mode="Windows" />
<identity impersonate="true" />
The application's authentication provider:
Integrated Windows Authentication: On / NTLM
I could not find any file permission related issues, and tracing access with filemon returned no results of access denied (which would return another HTTP status code anyways).
Thinking that I (even tho adding a mapping shouldn't produce such effects) may have made a mistake, I reverted the changes manually. As that didn't change anything, I restored the config-database from a date before the changes were made, and cleared the file system cache as described under KB 939308, but to no avail.
Does anyone have any other ideas what I could change to allow the normal active directory user credentials to be passed on to the sharepoint application?
We are not accessing any resources on other servers, or going through proxys or whatever, which could produde the "double-hop" effect while using NTLM auth.
I (and the rest of our MOSS users ;-) )would be grateful for any suggestions you may have that could help!
Thanks in advance!