« Previous Next »

• 04-22-2009, 11:36 AM

  frank.dublin Joined on 04-22-2009, 3:33 PM Posts 5

  Authentication in Terminal Services Web Access Reply Contact Hi, I have set up Terminal Services Web Access using IIS to host the Web Access page. However when I try to log on to the Web Access page I get a message saying "401 unauthorized access" even though I'm using the correct credentials. If I go into IIS and disable Windows Authentication and then re-enable it I can log in and it works for a while, but after a period of time the error returns, i.e. I get the 401 error again and the only way to fix it is by disabling and re-enabling Windows Authentication. Anyone have any ideas why this is happening? Frank

• 04-22-2009, 4:00 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343

  Re: Authentication in Terminal Services Web Access Reply Contact Can you provide the output of the following commands %windir%\system32\inetsrv\appcmd.exe list apps Then, for each app listed by the above command %windir%\system32\inetsrv\appcmd.exe list config "app-path" -section:system.webServer/security/authentication/windowsAuthentication Anil Ruia Senior Software Design Engineer IIS Core Server

• 04-23-2009, 4:02 AM

  In reply to

  frank.dublin Joined on 04-22-2009, 3:33 PM Posts 5	Re: Authentication in Terminal Services Web Access Reply Contact I ran the command but got an error, it says: "...filename: redirection.config ... cannot read configuration file due to insufficient permissions". I was logged in the server's administrator, I checked the permissions on both the appcmd.exe file and the redirection.config file and they both allow administrators to read and execute.

• 04-23-2009, 1:10 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Authentication in Terminal Services Web Access Reply Contact You will have to run these commands from an elevated command prompt. Anil Ruia Senior Software Design Engineer IIS Core Server

• 04-24-2009, 4:43 AM

  In reply to

  frank.dublin Joined on 04-22-2009, 3:33 PM Posts 5

  Re: Authentication in Terminal Services Web Access Reply Contact C:\Windows\System32\inetsrv>appcmd.exe list app APP "Default Web Site/" (applicationPool:DefaultAppPool) APP "Default Web Site/TS" (applicationPool:TSWebAccess) C:\Windows\System32\inetsrv>appcmd.exe list config "Default Web Site/" -section: system.WebServer/security/authentication/windowsAuthentication <system.webServer>   <security>     <authentication>       <windowsAuthentication enabled="true">         <providers>           <add value="Negotiate" />           <add value="NTLM" />         </providers>       </windowsAuthentication>     </authentication>   </security> </system.webServer> C:\Windows\System32\inetsrv> C:\Windows\System32\inetsrv>appcmd.exe list config "Default Web Site/TS" -sectio n:system.WebServer/security/authentication/windowsAuthentication <system.webServer>   <security>     <authentication>       <windowsAuthentication enabled="true" useKernelMode="false">         <providers>           <add value="NTLM" />           <add value="Negotiate" />         </providers>       </windowsAuthentication>     </authentication>   </security> </system.webServer> C:\Windows\System32\inetsrv>

• 04-24-2009, 2:48 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343

  Re: Authentication in Terminal Services Web Access Reply Contact There is a bug in IIS7 when the parent app is using kernel-mode authentication and child-app is using user-mode authentication which causes the child app to stop working - workaround would be to turn off kernel-mode authentication for the root app "%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" -section:system.webServer/security/authentication/windowsAuthentication -useKernelMode:false If you want to pursue a hot-fix for this issue, you will have to open a support case with microsoft support. Anil Ruia Senior Software Design Engineer IIS Core Server

• 04-29-2009, 7:27 AM

  In reply to

  frank.dublin Joined on 04-22-2009, 3:33 PM Posts 5

  Re: Authentication in Terminal Services Web Access Reply Contact Thanks for that, I ran the command but got the following error: C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site/" -section:s ystem.webServer/security/authentication/windowsAuthentication -useKernelMode:fal se ERROR ( message:Can not set attribute "useKernelMode" to value "false".. Reason:  This configuration section cannot be used at this path. This happens when the s ection is locked at a parent level. Locking is either by default (overrideModeDe fault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or t he legacy allowOverride="false". . )

• 04-29-2009, 12:28 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Authentication in Terminal Services Web Access Reply Contact Add a -commitpath:apphost so that the change is written to applicationhost.config - since the windowsAuthentication section is locked by default. Anil Ruia Senior Software Design Engineer IIS Core Server

• 05-06-2009, 6:02 AM

  In reply to

  frank.dublin Joined on 04-22-2009, 3:33 PM Posts 5	Re: Authentication in Terminal Services Web Access Reply Contact Thanks, that worked, I did it a few days ago and the problem hasn't arisen since.

• 11-08-2009, 1:04 PM

  In reply to

  ob1w4n Joined on 11-08-2009, 6:02 PM Posts 3

  Re: Authentication in Terminal Services Web Access Reply Contact Anil,  I tried to issue the "%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" -section:system.webServer/security/authentication/windowsAuthentication -useKernelMode:false -commitpath:apphost command and got the  following error:    C:\Windows\System32\inetsrv>%windir%\system32\inetsrv\appcmd.exe set config "Def ault Web Site/" -section:system.webServer/security/authentication/windowsAuthent ication -useKernelMode:false -commitpath:apphost ERROR ( message:Configuration error Filename: redirection.config Line Number: 0 Description: Cannot read configuration file due to insufficient permissions . )    So, what am I doing wrong?

• 11-09-2009, 12:24 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Authentication in Terminal Services Web Access Reply Contact Your command prompt is probably not elevated. Anil Ruia Senior Software Design Engineer IIS Core Server

• 11-09-2009, 8:08 PM

  In reply to

  ob1w4n Joined on 11-08-2009, 6:02 PM Posts 3	Re: Authentication in Terminal Services Web Access Reply Contact So, how do I get an elevated command prompt?

• 11-10-2009, 2:10 AM

  In reply to

  qbernard Joined on 03-26-2003, 2:12 AM Malaysia Posts 3,252	Re: Authentication in Terminal Services Web Access Reply Contact Errr. start the command prompt as Administrator, then execute the command. Cheers, Bernard Cheah

• 11-10-2009, 1:16 PM

  In reply to

  ob1w4n Joined on 11-08-2009, 6:02 PM Posts 3	Re: Authentication in Terminal Services Web Access Reply Contact The user I'm logged in as already belongs to the Administrator group.  Is this sufficient?

• 11-10-2009, 1:32 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Authentication in Terminal Services Web Access Reply Contact No, please read up on UAC in vista/win7. Anil Ruia Senior Software Design Engineer IIS Core Server