As part of the upgrade from Win 2008 to Win 2016-project, we have introduced the use of DNS-aliases (way overdue) for all IIS-sites in all enviroments. We now use IIS with ARR installed as a proxy server in order to "hide" the servername:portnumber for the clients. All this is straight forward except for a service that is protected using Windows Authentication (NTLM, Negotiate). This is causing problems for all clients of that service that uses the DNS-alias (other services, Clickonce applications
- For all other clients than Internet Explorer on my laptop the cs_username field is empty in the logs.
- Accessing the service using Internet Explorer - cs_username contains my username and I'mlogged in (http 401, followed by http 200)
- Accessing the service using Chrome, I get a pop up requesting username password
- On a server logged on as my admin-id and adding the alias to "Local Intranet" it did not help for Chrome, but on a server where I was logged on with my admin userid - it did enable IE to log on without uid/pwd.
Being all new to IIS and not being a developer, but an operations guy, I'm a bit lost at the moment on where I need to change stuff - in the Clickonce app, on the IIS ARR-server or on the server hosting the service?
Topology
