2

Completely stumped at this one. We've got an internal web server accessed by users for a variety of sites. One of those requires Windows Authentication the site is http://caf. ("caf" is an A record in DNS in our domain)

The server itself is set up for Windows Authentication: installed roles

And the site is set up like this:

Authentication Advanced Settings Providers

Believe me, every permutation of the provider order, extended protection, and kerberos switch have been tried over the past few days of debugging.

After repeated prompting for name/password, the error that comes back is 401 Unauthorized. The name and password are correct, have not been locked out, are being presented with the domain name, etc..

I turned on failed request tracing, and this is what comes out of it:

Failed Request

Detail here, but I've omitted some for brevity:

trace1 ... trace2 ... trace3

Can anyone shed some light on what's going on here? Perhaps suggest a remedy?

Clinton Pierce
  • 186
  • 2
  • 10
  • I think this might be a Kerbos issue - http://forums.iis.net/t/1183613.aspx?How+to+resolve+the+issue+of+Integrated+windows+authentication+asking+username+and+password+in+Windows+Server+2008+R2+IIS+7+5+ Did you find resolution to it? –  Oct 12 '15 at 16:58
  • @Clinton Pierce, Has anyone have a resolution to this – user575219 Jan 21 '16 at 17:38
  • I would also like to have an answer to this... – Stig Eide Dec 22 '16 at 08:57

1 Answers1

1

This could be loop back issue, are you trying to access the IIS site from the same machine.

Try accessing the site from different machine in the LAN.

bkk
  • 111
  • 2
  • If disabling loopback check works, then what are alternative solutions? I don't want to disable loopback check on production server. Do I need to host sites on two different servers for it to work? Is there something I can do in DNS? – codeMonkey Aug 14 '19 at 18:34