IIS 7 and Above
How to resolve the issue of Integrated windows authentication asking...
Last post Sep 13, 2013 04:45 PM by alexbartel
Nov 30, 2011 04:24 AM|Ramanji434|LINK
I had server Windows Server 2008 R2, IIS 7.5
WebSite has to be accessed from Intranet by authenticated users of different domains.
Website is running under AppPool custom account
Only Integrated windows authenitcation is enabled, rest every thing is disabled mode.
We had tried resolution steps
1) given full Folder permissions for the custom account of AppPool
HTTP Error 401. The requested resource requires user authentication
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
When website is accessed by users, for many of users, it is working fine,
for some users, it is asking to enter credentials,
How to solve this problem..?
we tried in client machine browser, internet options-->Secuirty -->Disable integrated windows authentication
with this for some users problem resolved, but they are still some users who are not able to acess the site,
even though enter credntials, for second time , some can access site, for some even 3 times asking, after that it throws error ?
please help me to resolve the isse .
thanks for your help in advance ......
Nov 30, 2011 09:42 AM|qbernard|LINK
Looks like client end browser issue.. same version? settings?
if it works on many but not few, then IIS should not be the problem.
You can look at those log entries from those problematic client and see if you get more clues from it.
Nov 30, 2011 09:43 AM|Uk-Sam|LINK
Does IIS server integrated with AD environment, does all domain have domain trust relation.
If User belong to different domain and IIS in other domain, then both domain should have trust relation between them.
Dec 01, 2011 05:08 AM|Ramanji434|LINK
IIS server is integrarted with AD Environment.
all domians are integrated..
Please help us ..
Dec 01, 2011 08:55 AM|qbernard|LINK
please help us to help you.. is the browser diff for those having problem?
IIS log files?
Dec 10, 2011 09:45 AM|Ramanji434|LINK
all browsers are only IE8/IE9.
for those users, website is prompting username and password,i checked randomly for some users, if website is accessed by IP Address, instead of direct name, no problem,no prompt for credentials.
but with direct name it is still asking the username and password,even correctly entering also not able conect.
Note : This is only intranet website,
thanks in advance.
Dec 13, 2011 02:17 AM|qbernard|LINK
MMm... have you include the direct name/etc as trusted sites?
It looks like browser end config to me. Read -
Jan 03, 2012 02:59 PM|Mark_L|LINK
I ran into this same issue. In IIS, in the Authentication section for your web app, select Windows Authentication (only mode I have enabled) select Providers (below "Advanced Settings...") from the menu on the right. This will display the Enabled Providers,
I have Negotiate and NTLM displayed. Highlight NTLM and select "Move Up", click OK. I then recycled the app pool (just in case) and everything worked as anticipated. For some reason and I haven't looked into the why, but placing NTLM at the top of the list
solves the issue. I'm guessing that if Negotiate fails, it doesn't fall thru to NTLM like you would expect it to, or there is something not quite configured correctly in our network, but that's up to another area of our dept and out of my hands, but this
did solve the issue.
Jan 30, 2012 03:48 AM|qbernard|LINK
Mm.. can you post the log entries when 'Negotiate' is at the top list?
In Nego mode, it will try kerberos and NTLM, however there is no fall back to others if both fails, which is kind of weird, at least NTLM should work like when you place it at the top.
Sep 13, 2013 04:45 PM|alexbartel|LINK
Did you fix this issue. I am facing same one and don't know how to.