Solved

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.

Posted on 2014-02-16
17
5,323 Views
Last Modified: 2014-02-17
We just moved from a Windows Server 2003 to a Windows Server 2012.   Whenever we try to access any of the websites in IIS with the the error


HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.


I already made sure that anonymous authentication was enabled.   Windows Authentication is also available as an option, but it is disabled.

I gave the user IUSR full access to the folders where the webpage files are located in the server.

I also made sure that on the Authorization rules all users were allowed.

In the application pool, the Enable 32-bit Applications is set to True.


I'm thinking this is some kind of authentication error because if I enable Windows Authentication instead of Anonymous Authentication, I can see the website when I entered a valid username and password from one of the accounts in the server.  

Any help will be greatly appreciated.

Thanks
0
Comment
Question by:mfsrules
  • 9
  • 8
17 Comments
 
LVL 28

Expert Comment

by:becraig
ID: 39863316
Yes this is due to the type of authentication you setup.

I am not sure the nature of your application but if your expectation is for anyone to access the site then you need anonymous:
From the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
Under the Tree pane, browse to the desired Web site.
Right-click the Web site, and then click Properties.
On the Directory Security tab, under Anonymous access and authentication control, click Edit.


Can you also check the configuration on the 2003 server for comparison.

See the following link for more detailed info:
http://support.microsoft.com/kb/942043
0
 

Author Comment

by:mfsrules
ID: 39863339
Thanks for the reply.  I already went through that article.  Anonymous authentication is already enabled.    The only difference now is that on the Windows Server 2003  Other than Anonymous Authentication, we had also enabled "Integrated Windows authentication"
0
 
LVL 28

Expert Comment

by:becraig
ID: 39863368
So are you saying your site does not load when you select Anonymous auth ?

Take a look at the web.config for you app and see how it is configured

Also you might want to look into appcmd.exe unlock for a more advanced way of handling this.

appcmd unlock config /section:windowsAuthentication
appcmd set config "default web site" /section:windowsAuthentication /enabled:true


appcmd unlock config /section:anonymousAuthentication
appcmd set config "default web site" /section:anonymousAuthentication /enabled:true
0
 

Author Comment

by:mfsrules
ID: 39863392
@becraig

That is correct.  That is what makes it so confusing.   Here's the contents of the web.config file

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <staticContent enableDocFooter="false" />
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Allow" users="?" />
            </authorization>
        </security>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Authentication,Module" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="401.2" />
                </add>
            </traceFailedRequests>
        </tracing>
    </system.webServer>
    <system.web>
        <authentication mode="Windows" />
    </system.web>
</configuration>
Screen-Print.bmp
0
 
LVL 28

Expert Comment

by:becraig
ID: 39863415
Try running the below:

appcmd unlock config /section:anonymousAuthentication
appcmd set config "sitename.com" /section:anonymousAuthentication /enabled:true
appcmd unlock config "sitename.com\Your App" /section:windowsAuthentication -commit:apphost
appcmd set config "sitename.com\Your App" /section:windowsAuthentication -commit:apphost
iisrest /noforce

See if this resolves it for you.
0
 

Author Comment

by:mfsrules
ID: 39863425
I ran the first two per your previous comment and no luck.


What is the section "Your App"
0
 
LVL 28

Expert Comment

by:becraig
ID: 39863454
Can you test this, create a simple html page in the root directory of the app and try loading it anonymously.
0
 

Author Comment

by:mfsrules
ID: 39863516
I created a basic HTML document and changed the settings on the Default document options  so that it would load first. (Also renamed the index.asp file just to make sure).


Still getting the same error 401.2 Unauthorized
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 28

Expert Comment

by:becraig
ID: 39863545
okie so this sounds like possibly at the ntfs level.

Can you change permissions on the file to give Everyone Read permission and try again.
0
 

Author Comment

by:mfsrules
ID: 39863598
I gave the users group permission for read, but no success
0
 

Author Comment

by:mfsrules
ID: 39863602
Also gave the "Everyone" group permission for the index.html file.  No luck
0
 
LVL 28

Expert Comment

by:becraig
ID: 39863603
Does anonymous access work on any other sites on this server ?
0
 

Author Comment

by:mfsrules
ID: 39864987
No.  None of the websites work at all.  All of them give the same error.   I also tried givig "Everyone"  Read access to the C:\inetpub\wwwroot  folder.   No luck as well
0
 
LVL 28

Accepted Solution

by:
becraig earned 500 total points
ID: 39865508
Quick question can you tell me what method you used to migrate the websites
0
 

Author Comment

by:mfsrules
ID: 39865521
Copy and paste the website folders from the old server to the new server.   We dont run many websites so we just created the websites from scratch from the IIS Manager
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39865600
Ok so let's hope you still have the 2003 / iis server online.
I am going to give you a link for migrating websites.

Let's use that method (there are several difference between iis6 & iis7 any of which could be the cause for the break here).

It would be easier to just do a migration.
It will take a few hours (mostly reviewing the process).

http://technet.microsoft.com/en-us/library/ff633422%28v=ws.10%29.aspx

Though the link says 2008 (it should work for 2012)
0
 

Author Closing Comment

by:mfsrules
ID: 39865857
We do not mavy many websites, so we just deleted all of the websites from the IIS menu and re-added them.   Somewhere along the lines, my co-worker did something when he first imported the websites.   Now everything is working as it should be.  I guess I should have thought about about this before, but reminded me with the migration issues comments.  Thank you very much @becraig
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now