Solved

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.

Posted on 2014-02-16
17
6,104 Views
Last Modified: 2014-02-17
We just moved from a Windows Server 2003 to a Windows Server 2012.   Whenever we try to access any of the websites in IIS with the the error


HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.


I already made sure that anonymous authentication was enabled.   Windows Authentication is also available as an option, but it is disabled.

I gave the user IUSR full access to the folders where the webpage files are located in the server.

I also made sure that on the Authorization rules all users were allowed.

In the application pool, the Enable 32-bit Applications is set to True.


I'm thinking this is some kind of authentication error because if I enable Windows Authentication instead of Anonymous Authentication, I can see the website when I entered a valid username and password from one of the accounts in the server.  

Any help will be greatly appreciated.

Thanks
0
Comment
Question by:mfsrules
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
17 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 39863316
Yes this is due to the type of authentication you setup.

I am not sure the nature of your application but if your expectation is for anyone to access the site then you need anonymous:
From the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
Under the Tree pane, browse to the desired Web site.
Right-click the Web site, and then click Properties.
On the Directory Security tab, under Anonymous access and authentication control, click Edit.


Can you also check the configuration on the 2003 server for comparison.

See the following link for more detailed info:
http://support.microsoft.com/kb/942043
0
 

Author Comment

by:mfsrules
ID: 39863339
Thanks for the reply.  I already went through that article.  Anonymous authentication is already enabled.    The only difference now is that on the Windows Server 2003  Other than Anonymous Authentication, we had also enabled "Integrated Windows authentication"
0
 
LVL 29

Expert Comment

by:becraig
ID: 39863368
So are you saying your site does not load when you select Anonymous auth ?

Take a look at the web.config for you app and see how it is configured

Also you might want to look into appcmd.exe unlock for a more advanced way of handling this.

appcmd unlock config /section:windowsAuthentication
appcmd set config "default web site" /section:windowsAuthentication /enabled:true


appcmd unlock config /section:anonymousAuthentication
appcmd set config "default web site" /section:anonymousAuthentication /enabled:true
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 

Author Comment

by:mfsrules
ID: 39863392
@becraig

That is correct.  That is what makes it so confusing.   Here's the contents of the web.config file

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <staticContent enableDocFooter="false" />
        <security>
            <authorization>
                <remove users="*" roles="" verbs="" />
                <add accessType="Allow" users="?" />
            </authorization>
        </security>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="WWW Server" areas="Authentication,Module" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:00" statusCodes="401.2" />
                </add>
            </traceFailedRequests>
        </tracing>
    </system.webServer>
    <system.web>
        <authentication mode="Windows" />
    </system.web>
</configuration>
Screen-Print.bmp
0
 
LVL 29

Expert Comment

by:becraig
ID: 39863415
Try running the below:

appcmd unlock config /section:anonymousAuthentication
appcmd set config "sitename.com" /section:anonymousAuthentication /enabled:true
appcmd unlock config "sitename.com\Your App" /section:windowsAuthentication -commit:apphost
appcmd set config "sitename.com\Your App" /section:windowsAuthentication -commit:apphost
iisrest /noforce

See if this resolves it for you.
0
 

Author Comment

by:mfsrules
ID: 39863425
I ran the first two per your previous comment and no luck.


What is the section "Your App"
0
 
LVL 29

Expert Comment

by:becraig
ID: 39863454
Can you test this, create a simple html page in the root directory of the app and try loading it anonymously.
0
 

Author Comment

by:mfsrules
ID: 39863516
I created a basic HTML document and changed the settings on the Default document options  so that it would load first. (Also renamed the index.asp file just to make sure).


Still getting the same error 401.2 Unauthorized
0
 
LVL 29

Expert Comment

by:becraig
ID: 39863545
okie so this sounds like possibly at the ntfs level.

Can you change permissions on the file to give Everyone Read permission and try again.
0
 

Author Comment

by:mfsrules
ID: 39863598
I gave the users group permission for read, but no success
0
 

Author Comment

by:mfsrules
ID: 39863602
Also gave the "Everyone" group permission for the index.html file.  No luck
0
 
LVL 29

Expert Comment

by:becraig
ID: 39863603
Does anonymous access work on any other sites on this server ?
0
 

Author Comment

by:mfsrules
ID: 39864987
No.  None of the websites work at all.  All of them give the same error.   I also tried givig "Everyone"  Read access to the C:\inetpub\wwwroot  folder.   No luck as well
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 39865508
Quick question can you tell me what method you used to migrate the websites
0
 

Author Comment

by:mfsrules
ID: 39865521
Copy and paste the website folders from the old server to the new server.   We dont run many websites so we just created the websites from scratch from the IIS Manager
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 39865600
Ok so let's hope you still have the 2003 / iis server online.
I am going to give you a link for migrating websites.

Let's use that method (there are several difference between iis6 & iis7 any of which could be the cause for the break here).

It would be easier to just do a migration.
It will take a few hours (mostly reviewing the process).

http://technet.microsoft.com/en-us/library/ff633422%28v=ws.10%29.aspx

Though the link says 2008 (it should work for 2012)
0
 

Author Closing Comment

by:mfsrules
ID: 39865857
We do not mavy many websites, so we just deleted all of the websites from the IIS menu and re-added them.   Somewhere along the lines, my co-worker did something when he first imported the websites.   Now everything is working as it should be.  I guess I should have thought about about this before, but reminded me with the migration issues comments.  Thank you very much @becraig
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question