HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.

We just moved from a Windows Server 2003 to a Windows Server 2012.   Whenever we try to access any of the websites in IIS with the the error


HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.


I already made sure that anonymous authentication was enabled.   Windows Authentication is also available as an option, but it is disabled.

I gave the user IUSR full access to the folders where the webpage files are located in the server.

I also made sure that on the Authorization rules all users were allowed.

In the application pool, the Enable 32-bit Applications is set to True.


I'm thinking this is some kind of authentication error because if I enable Windows Authentication instead of Anonymous Authentication, I can see the website when I entered a valid username and password from one of the accounts in the server.  

Any help will be greatly appreciated.

Thanks
mfsrulesAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
becraigConnect With a Mentor Commented:
Quick question can you tell me what method you used to migrate the websites
0
 
becraigCommented:
Yes this is due to the type of authentication you setup.

I am not sure the nature of your application but if your expectation is for anyone to access the site then you need anonymous:
From the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
Under the Tree pane, browse to the desired Web site.
Right-click the Web site, and then click Properties.
On the Directory Security tab, under Anonymous access and authentication control, click Edit.


Can you also check the configuration on the 2003 server for comparison.

See the following link for more detailed info:
http://support.microsoft.com/kb/942043
0
 
mfsrulesAuthor Commented:
Thanks for the reply.  I already went through that article.  Anonymous authentication is already enabled.    The only difference now is that on the Windows Server 2003  Other than Anonymous Authentication, we had also enabled "Integrated Windows authentication"
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
becraigCommented:
So are you saying your site does not load when you select Anonymous auth ?

Take a look at the web.config for you app and see how it is configured

Also you might want to look into appcmd.exe unlock for a more advanced way of handling this.

appcmd unlock config /section:windowsAuthentication
appcmd set config "default web site" /section:windowsAuthentication /enabled:true


appcmd unlock config /section:anonymousAuthentication
appcmd set config "default web site" /section:anonymousAuthentication /enabled:true
0
 
mfsrulesAuthor Commented:
@becraig

That is correct.  That is what makes it so confusing.   Here's the contents of the web.config file

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <staticContent enableDocFooter="false" />
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Allow" users="?" />
            </authorization>
        </security>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Authentication,Module" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="401.2" />
                </add>
            </traceFailedRequests>
        </tracing>
    </system.webServer>
    <system.web>
        <authentication mode="Windows" />
    </system.web>
</configuration>
Screen-Print.bmp
0
 
becraigCommented:
Try running the below:

appcmd unlock config /section:anonymousAuthentication
appcmd set config "sitename.com" /section:anonymousAuthentication /enabled:true
appcmd unlock config "sitename.com\Your App" /section:windowsAuthentication -commit:apphost
appcmd set config "sitename.com\Your App" /section:windowsAuthentication -commit:apphost
iisrest /noforce

See if this resolves it for you.
0
 
mfsrulesAuthor Commented:
I ran the first two per your previous comment and no luck.


What is the section "Your App"
0
 
becraigCommented:
Can you test this, create a simple html page in the root directory of the app and try loading it anonymously.
0
 
mfsrulesAuthor Commented:
I created a basic HTML document and changed the settings on the Default document options  so that it would load first. (Also renamed the index.asp file just to make sure).


Still getting the same error 401.2 Unauthorized
0
 
becraigCommented:
okie so this sounds like possibly at the ntfs level.

Can you change permissions on the file to give Everyone Read permission and try again.
0
 
mfsrulesAuthor Commented:
I gave the users group permission for read, but no success
0
 
mfsrulesAuthor Commented:
Also gave the "Everyone" group permission for the index.html file.  No luck
0
 
becraigCommented:
Does anonymous access work on any other sites on this server ?
0
 
mfsrulesAuthor Commented:
No.  None of the websites work at all.  All of them give the same error.   I also tried givig "Everyone"  Read access to the C:\inetpub\wwwroot  folder.   No luck as well
0
 
mfsrulesAuthor Commented:
Copy and paste the website folders from the old server to the new server.   We dont run many websites so we just created the websites from scratch from the IIS Manager
0
 
becraigConnect With a Mentor Commented:
Ok so let's hope you still have the 2003 / iis server online.
I am going to give you a link for migrating websites.

Let's use that method (there are several difference between iis6 & iis7 any of which could be the cause for the break here).

It would be easier to just do a migration.
It will take a few hours (mostly reviewing the process).

http://technet.microsoft.com/en-us/library/ff633422%28v=ws.10%29.aspx

Though the link says 2008 (it should work for 2012)
0
 
mfsrulesAuthor Commented:
We do not mavy many websites, so we just deleted all of the websites from the IIS menu and re-added them.   Somewhere along the lines, my co-worker did something when he first imported the websites.   Now everything is working as it should be.  I guess I should have thought about about this before, but reminded me with the migration issues comments.  Thank you very much @becraig
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.