Internal corporate IIS 7.5 website not recognizing User's credentials - didn't used to ask for themIIS – Windows Authentication – Authenticating selfInstalling WindowsAuthentication breaks authentication / web.config?IIS 7.5 Basic AuthenticationWindows 7 caches FTP credentials?iis app pool set credentials not working for specific network accountUsing Basic Authentication with IIS Manager AuthenticationPrompt for Windows credentials in IIS when specific user or host is usedIIS 8.5 Credentials working for windows authentication but not for basicExchange Web Server exception : “Connection failed. Try later.”IIS - How to force Windows Authentication first then fall back to Anonymous Authentication
Can the pre-order traversal of two different trees be the same even though they are different?
How would you explain #1 and #2 below using standard quotes?
I just entered the USA without passport control at Atlanta airport
What is this plant I saw for sale at a Romanian farmer's market?
Does there exist a non-trivial group that is both perfect and complete?
Run 2 runs, run 2 (can "runs" be dropped in colloquial language) [cricket]
How useful is the GRE Exam?
Why does a Force divides equally on a Multiple Support/Legs?
Why is it easier to balance a non-moving bike standing up than sitting down?
Kelvin type connection
Battery dead, 3hrs later fine as usual.Why?
Scaling an object to change its key
What does this Swiss black on yellow rectangular traffic sign with a symbol looking like a dart mean?
Are there any individual aliens that have gained superpowers in the Marvel universe?
How is the idea of "girlfriend material" naturally expressed in Russian?
Math symbols in math operators
How much steel armor can you wear and still be able to swim?
Make symbols atomic, without losing their type
sudo passwd username keeps asking for the current password
Negation of a verb in the "passé Composé" and used with a "COI"
How would one carboxylate CBG into it's acid form, CBGA?
How can I improve my violin intonation for enharmonic notes?
Why are there no file insertion syscalls
Is the author of the Shu"t HaRidvaz the same one as the one known to be the rebbe of the Ariza"l?
Internal corporate IIS 7.5 website not recognizing User's credentials - didn't used to ask for them
IIS – Windows Authentication – Authenticating selfInstalling WindowsAuthentication breaks authentication / web.config?IIS 7.5 Basic AuthenticationWindows 7 caches FTP credentials?iis app pool set credentials not working for specific network accountUsing Basic Authentication with IIS Manager AuthenticationPrompt for Windows credentials in IIS when specific user or host is usedIIS 8.5 Credentials working for windows authentication but not for basicExchange Web Server exception : “Connection failed. Try later.”IIS - How to force Windows Authentication first then fall back to Anonymous Authentication
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm a developer that's been asked to maintain the IIS configuration for the web app that we're building, so bear with me.
We have an internal website that is accessible to employees once they've logged into the Windows LAN. The servers are Windows Server 2008 R2, they are remotely managed by an external service provider, and they have Symantec Endpoint Protection installed on them.
I rebooted our test server and now the website is asking for user credentials to view the page. Unfortunately, when I enter a valid user name and password for the corporate domain, it's not accepted. The server can still be Remotely connected through Citrix Jumpservers using a user account and the corporate domain, so it seems to be specific to IIS.
The IIS permissions for the website are set to:
Anonymous Authentication - disabled
ASP.NET Impersonation - enabled
Forms Authentication - disabled
Windows Authentication - enabled
I need to leave anonymous authentication disabled because of a flow through requirement in the system to Hummingbird's DM webservice.
This was working before the reboot and there were other issues going on with the company at the time (internet proxy spontaneously denied all internet webpages, and a samba share wasn't remounting for service account users). The code wasn't changed, and the IIS configuration wasn't changed (to my knowledge), so it seems like something on the network has changed, or maybe the service account.
This issue is likely going to get moved to corporate IT, but I need some sort of evidence that points to this being a network or security issue. Otherwise, they will simply dismiss it saying that it's our web app's fault or our IIS setup. Maybe it is, but I'm not sure what else to check and nothing was changed except rebooting the machine.
Are there any tests or tools that I can run to test the authentication configuration and isolate potential causes? Given that the server has Symantect Endpoint Protection on it, is there a setting that may have been changed that would cause this behaviour? Are there other settings in the Server Management Console that might cause this behaviour?
iis
asked Mar 12 '13 at 18:36
Mike MMike M
113
add a comment |
I'm a developer that's been asked to maintain the IIS configuration for the web app that we're building, so bear with me.
We have an internal website that is accessible to employees once they've logged into the Windows LAN. The servers are Windows Server 2008 R2, they are remotely managed by an external service provider, and they have Symantec Endpoint Protection installed on them.
I rebooted our test server and now the website is asking for user credentials to view the page. Unfortunately, when I enter a valid user name and password for the corporate domain, it's not accepted. The server can still be Remotely connected through Citrix Jumpservers using a user account and the corporate domain, so it seems to be specific to IIS.
The IIS permissions for the website are set to:
Anonymous Authentication - disabled
ASP.NET Impersonation - enabled
Forms Authentication - disabled
Windows Authentication - enabled
I need to leave anonymous authentication disabled because of a flow through requirement in the system to Hummingbird's DM webservice.
This was working before the reboot and there were other issues going on with the company at the time (internet proxy spontaneously denied all internet webpages, and a samba share wasn't remounting for service account users). The code wasn't changed, and the IIS configuration wasn't changed (to my knowledge), so it seems like something on the network has changed, or maybe the service account.
This issue is likely going to get moved to corporate IT, but I need some sort of evidence that points to this being a network or security issue. Otherwise, they will simply dismiss it saying that it's our web app's fault or our IIS setup. Maybe it is, but I'm not sure what else to check and nothing was changed except rebooting the machine.
Are there any tests or tools that I can run to test the authentication configuration and isolate potential causes? Given that the server has Symantect Endpoint Protection on it, is there a setting that may have been changed that would cause this behaviour? Are there other settings in the Server Management Console that might cause this behaviour?
iis
asked Mar 12 '13 at 18:36
Mike MMike M
113
add a comment |
I'm a developer that's been asked to maintain the IIS configuration for the web app that we're building, so bear with me.
We have an internal website that is accessible to employees once they've logged into the Windows LAN. The servers are Windows Server 2008 R2, they are remotely managed by an external service provider, and they have Symantec Endpoint Protection installed on them.
I rebooted our test server and now the website is asking for user credentials to view the page. Unfortunately, when I enter a valid user name and password for the corporate domain, it's not accepted. The server can still be Remotely connected through Citrix Jumpservers using a user account and the corporate domain, so it seems to be specific to IIS.
The IIS permissions for the website are set to:
Anonymous Authentication - disabled
ASP.NET Impersonation - enabled
Forms Authentication - disabled
Windows Authentication - enabled
I need to leave anonymous authentication disabled because of a flow through requirement in the system to Hummingbird's DM webservice.
This was working before the reboot and there were other issues going on with the company at the time (internet proxy spontaneously denied all internet webpages, and a samba share wasn't remounting for service account users). The code wasn't changed, and the IIS configuration wasn't changed (to my knowledge), so it seems like something on the network has changed, or maybe the service account.
This issue is likely going to get moved to corporate IT, but I need some sort of evidence that points to this being a network or security issue. Otherwise, they will simply dismiss it saying that it's our web app's fault or our IIS setup. Maybe it is, but I'm not sure what else to check and nothing was changed except rebooting the machine.
Are there any tests or tools that I can run to test the authentication configuration and isolate potential causes? Given that the server has Symantect Endpoint Protection on it, is there a setting that may have been changed that would cause this behaviour? Are there other settings in the Server Management Console that might cause this behaviour?
iis
asked Mar 12 '13 at 18:36
Mike MMike M
113
I'm a developer that's been asked to maintain the IIS configuration for the web app that we're building, so bear with me.
We have an internal website that is accessible to employees once they've logged into the Windows LAN. The servers are Windows Server 2008 R2, they are remotely managed by an external service provider, and they have Symantec Endpoint Protection installed on them.
I rebooted our test server and now the website is asking for user credentials to view the page. Unfortunately, when I enter a valid user name and password for the corporate domain, it's not accepted. The server can still be Remotely connected through Citrix Jumpservers using a user account and the corporate domain, so it seems to be specific to IIS.
The IIS permissions for the website are set to:
Anonymous Authentication - disabled
ASP.NET Impersonation - enabled
Forms Authentication - disabled
Windows Authentication - enabled
I need to leave anonymous authentication disabled because of a flow through requirement in the system to Hummingbird's DM webservice.
This was working before the reboot and there were other issues going on with the company at the time (internet proxy spontaneously denied all internet webpages, and a samba share wasn't remounting for service account users). The code wasn't changed, and the IIS configuration wasn't changed (to my knowledge), so it seems like something on the network has changed, or maybe the service account.
This issue is likely going to get moved to corporate IT, but I need some sort of evidence that points to this being a network or security issue. Otherwise, they will simply dismiss it saying that it's our web app's fault or our IIS setup. Maybe it is, but I'm not sure what else to check and nothing was changed except rebooting the machine.
Are there any tests or tools that I can run to test the authentication configuration and isolate potential causes? Given that the server has Symantect Endpoint Protection on it, is there a setting that may have been changed that would cause this behaviour? Are there other settings in the Server Management Console that might cause this behaviour?
iis
iis
asked Mar 12 '13 at 18:36
Mike MMike M
113
asked Mar 12 '13 at 18:36
Mike MMike M
113
edited Mar 12 '13 at 18:49
Mike M
asked Mar 12 '13 at 18:36
Mike MMike M
113
asked Mar 12 '13 at 18:36
Mike MMike M
113
asked Mar 12 '13 at 18:36
Mike MMike M
113
113
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Check the Administrative (for Vista and later) or System and Application event logs on the IIS box (Start, run, EventVwr if you haven't looked before) for indications of any problems with domain connectivity.
Events from Netlogon or UserEnv may indicate a problem contacting a Domain Controller, which is typically used to verify authentication credentials (simplification, but works for both NTLM and Kerberos in this scenario if the DCs have had a problem with the computer account, for example). Don't limit your investigation to those items - take a broad look at what's happening.
Security event logs may show the reason for logon failure by that user too, and looking those errors up may help (as a note, there are likely to be more than a few failures not related to the actual problem, so find one involving the user account you're testing with at the time you tried it).
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f487122%2finternal-corporate-iis-7-5-website-not-recognizing-users-credentials-didnt-u%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Check the Administrative (for Vista and later) or System and Application event logs on the IIS box (Start, run, EventVwr if you haven't looked before) for indications of any problems with domain connectivity.
Events from Netlogon or UserEnv may indicate a problem contacting a Domain Controller, which is typically used to verify authentication credentials (simplification, but works for both NTLM and Kerberos in this scenario if the DCs have had a problem with the computer account, for example). Don't limit your investigation to those items - take a broad look at what's happening.
Security event logs may show the reason for logon failure by that user too, and looking those errors up may help (as a note, there are likely to be more than a few failures not related to the actual problem, so find one involving the user account you're testing with at the time you tried it).
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
add a comment |
Check the Administrative (for Vista and later) or System and Application event logs on the IIS box (Start, run, EventVwr if you haven't looked before) for indications of any problems with domain connectivity.
Events from Netlogon or UserEnv may indicate a problem contacting a Domain Controller, which is typically used to verify authentication credentials (simplification, but works for both NTLM and Kerberos in this scenario if the DCs have had a problem with the computer account, for example). Don't limit your investigation to those items - take a broad look at what's happening.
Security event logs may show the reason for logon failure by that user too, and looking those errors up may help (as a note, there are likely to be more than a few failures not related to the actual problem, so find one involving the user account you're testing with at the time you tried it).
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
add a comment |
Check the Administrative (for Vista and later) or System and Application event logs on the IIS box (Start, run, EventVwr if you haven't looked before) for indications of any problems with domain connectivity.
Events from Netlogon or UserEnv may indicate a problem contacting a Domain Controller, which is typically used to verify authentication credentials (simplification, but works for both NTLM and Kerberos in this scenario if the DCs have had a problem with the computer account, for example). Don't limit your investigation to those items - take a broad look at what's happening.
Security event logs may show the reason for logon failure by that user too, and looking those errors up may help (as a note, there are likely to be more than a few failures not related to the actual problem, so find one involving the user account you're testing with at the time you tried it).
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
Check the Administrative (for Vista and later) or System and Application event logs on the IIS box (Start, run, EventVwr if you haven't looked before) for indications of any problems with domain connectivity.
Events from Netlogon or UserEnv may indicate a problem contacting a Domain Controller, which is typically used to verify authentication credentials (simplification, but works for both NTLM and Kerberos in this scenario if the DCs have had a problem with the computer account, for example). Don't limit your investigation to those items - take a broad look at what's happening.
Security event logs may show the reason for logon failure by that user too, and looking those errors up may help (as a note, there are likely to be more than a few failures not related to the actual problem, so find one involving the user account you're testing with at the time you tried it).
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
answered Mar 13 '13 at 0:54
TristanKTristanK
8,35822132
8,35822132
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f487122%2finternal-corporate-iis-7-5-website-not-recognizing-users-credentials-didnt-u%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
