3

In a Windows AD domain environment (MYDOMAIN with DNS suffix mydomain.local), I have a server with an Intranet website, that runs on IIS 7.5. I have disabled all authentication types except Windows Authentication.

When I access my website with only http://mywebsite/ (DNS set up properly), the browser logs me in automatically (without a login box). However, when I access the website by its' full name http://mywebsite.mydomain.local/ (DNS also OK, and I have the appropriate website binding) I keep getting a login box.

Although I get my website after I fill out the username and passsword, that login box bugs me, as I want to be able to access the website by its full name, but without a login box. That's because I have a wildcard SSL certificate that maps to exactly *.mydomain.local, and for it to work a website must use a binding with the full name.

That (no login box when using short name, but always login box with the full DNS name) happens on all websites across all servers in my domain.

Any ideas on how to fix this?

Goran
  • 53
  • 1
  • 9

1 Answers1

2

Have you tried adding *.mydomain.local to your Local Intranet zone in IE?

Chris McKeown
  • 7,128
  • 1
  • 17
  • 25
  • 1
    Thanks! That resolves the problem, but I was hoping for more of a server-side solution, if there is any. If not, I could create a domain-wide GPO with that in the Local Intranet zone. – Goran Oct 02 '12 at 11:52
  • Ideally Internet Explorer should automatically detect the domain network and put addresses in the Intranet zone. If it isn't doing that (which it obviously isn't!) then make sure that things like the DNS suffix of your client machines are set correctly. – Chris McKeown Oct 02 '12 at 11:59
  • 1
    The domain suffix on all client computers are set up right, but I don't know why IE isn't automatically putting the domain network in the Intranet zone. I have fully resloved my problem now in the domain-wide GPO following the instructions [here](http://www.vichong.com/blog/2009/7/15/set-trusted-local-intranet-zone-trusted-sites-group-policy-i.html) under "Setting up Trusted Zones for all your users on the network". Thanks Chris! – Goran Oct 02 '12 at 12:12