This is a weird one. We were happily running with Windows Authentication on our intranet site until I demoted one of our domain controllers. Now some workstations still work fine and are authenticated automatically, but others cannot get authenticated at all. The browser prompts for credentials and it doesn't matter what credentials you put in, it refuses to authenticate. (401.1) The problem is per workstation. (I cannot get in from my own workstation, but another works fine for me.) I have not yet found a pattern of working vs non-working workstations. (Two identical workstations in the same OU - one works and the other doesn't)
I've followed all the links on this article: https://stackoverflow.com/questions/12517127/windows-authentication-not-working-in-iis-7-5 and have tried all the solutions suggested, with no luck. (Tried moving NTLM to the top of the list, tried disabling loopback checking and strict name checking) I've also compared HTTP headers between a working computer and a non-working one, and they appear to all be the same. No relevant entries in the Event Logs, except the Audit Failure in the Security Log (Unknown user name or bad password, 0xc000006d, 0xc000006a) Kernel-mode authentication is also disabled and extended protection is turned off.
As a workaround, we're running on Basic authentication which is working fine. But I'd like to get Windows authentication working again.
Where should I try to look next?
Domain is 2003 with 2003 and 2008 R2 domain controllers. IIS server is 2008 R2 member server. Workstations are XP Professional SP3 32-bit and Windows 7 Enterprise 64-bit SP1.
