IIS 7 and Above
What cause IIS error 401.2.5 ?
Last post Feb 12, 2018 03:05 PM by Philippe.Masse
Feb 08, 2018 09:33 PM|Philippe.Masse|LINK
We are seeing a lot of http error in our IIS 8.5 logs that return due 401.2 substatus code : 5. I am not able to find on Microsoft website a explicit explaination on what can cause this error. I find plenty of documents on 401.2 but the sc-win32-status 5
is not very documented.
Is someone can explain to me what cause an IIS 401.2.5 error ?
Feb 09, 2018 02:07 AM|Rovastar|LINK
Feb 09, 2018 05:32 AM|Yuk Ding|LINK
In addition, 401 2 5 always means that user failed to pass the authentication or authorization rule. So if you were using basic authentication, please check your credential. If you were using windows authentication please check the local intranet and domain
configuration. Of course, you need to check whether the user is allowed by authorization rule and NTFS permission. If you were using the anonymous authentication, please ensure the anonymous account IUSR has NTFS permission and authorization rule will not
block the anonymous user in both site and global level.
Feb 09, 2018 12:57 PM|Philippe.Masse|LINK
Thanks for the fast reply.
For us as of now I think this situation is happening because of a load balancer failing to authenticate user on the same Web Server. It looks like when users use windows authentication and they are located in front of a nlb, this appliance balance the auth
request between the iis servers behind, causing a round trip of auth challenge. That would probably cause the 401.2.5 errors.
To conclude, is there any document referencing all SC-WIN32.STATUS returning code ? I am asking because for this particular post, I was looking for a Win32 code wich is easy to find using net helpmsg but sometimes there is error codes like –2146232797
and such that make error resolution harder.
Feb 12, 2018 12:22 AM|mahamr|LINK
With Windows Authentication, 401 2 5 is normal. The vast majority of clients do not send credentials on their first request, in other words, they send anonymous requests initially. If Windows Auth (or some other kinds of auth) is enabled, then the 401 2
5 is the server denying access to the anonymous request. In that 401 response, the server includes additional headers (WWW-Authenticate) indicating the methods the server accepts. The client then takes the response with the new headers, and sends credentials
in a new request, usually automatically with no need for user intervention. Again, this is normal and does not indicate any issue by itself.
Regarding your question about win32 status codes, here's a document describing them:
And regarding error codes like this one:
Convert that value into a hexadecimal (I use the win10/2016 calculator in Programming mode), and check the resulting code online to see what it means.
The decimal code above converts to:
-2146232797 = FFFFFFFF80131623, take the last part, so 0x80131623 is your error code to investigate
Feb 12, 2018 09:46 AM|Yuk Ding|LINK
Which authentication are you using? In addition, could you pass the authentication with localhost, unassigned IP? When you failed to access the website behind windows authentication, please check whether the DNS could resolve your domain and whether you
have input the correct user credential like domain\user.
Feb 12, 2018 03:05 PM|Philippe.Masse|LINK
Thank you very much for your help !