IIS 7 and Above
Encountering error 401 1 2148074254 while accessing the webservice in...
Last post May 09, 2019 08:24 AM by Able
May 07, 2019 01:10 PM|VinodKoti|LINK
I have an ASP.Net web application hosted in NLB infrastructure with 2 web servers and 2 app servers. I have 3 web services running in the application server with windows authentication enabled. Other settings as follows
Anonymous authentication is disabled
Basic authentication is disabled
Digest authentication is disabled
ASP.NET Impersonation is disabled.
Windows authentication is enabled
Negotiate is on priority with both Negotiate, NTLM is enabled.
using custom identity : DOmain\UserID2
useAppPoolCredentials set to true
useKernelMode set to TRUE
Registered serviceprincipa1Names for CN-UserID2.CN-Users.DC-XX.DC-XXXX.DC-COM:
HTTP/AppServerName2 : 10443
HTTP/AppServerName1 : 10443
HTTP/AppServerName2 : 443
HTTP/AppServerName1 : 443
As per my observation, user encounter error 401 1 2148074254 when website access a specific webservice(lets say webservice 1) for the first time. When user access the same function again then there is no recurrence of 401 error.
Noticed the Start Mode was set to “On Demand” mode in app pool settings. Tried changing the Start Mode to “Always Running” and Idle Time-Out to “0” but still encountered the same error and the same pattern.
Server: Windows Server 2012 R2 standard edition.
IIS Version: 8.5
Extract from IIS log
2019-05-07 06:16:27 XXX.XX.X.XXX POST /SecSvc/SecWebService.asmx - 10443 - XXX.XX.XXX.XXX Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+4.0.30319.42000) - 401 1 2148074254 2906
2019-05-07 06:16:27 XXX.XX.X.XXX POST /SecSvc/SecWebService.asmx - 10443 - XXX.XX.XXX.XXX Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+4.0.30319.42000) - 401 1 2148074254 3453
2019-05-07 06:16:30 XXX.XX.X.XXX POST /SecSvc/SecWebService.asmx - 10443 domain\UserID1 XXX.XX.XXX.XXX Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+4.0.30319.42000) - 200 0 0 3281
May 08, 2019 08:27 AM|Able|LINK
According to your description,401.1 error indicates that IIS failed to obtain an NT user token with which to execute the request.Since you have disabled Anonymous authentication,it may be caused by following reasons.
1.The client gave the wrong username/password (including none at all). This could be from incorrect cached auto-login attempt by the browser, or from a user login dialog from the browser.
2.The server has been reconfigured to deny necessary login privileges for the authenticating user or its containing group (either anonymous or through some authentication protocol). This can be done through automated re-application of Group Policy for domain
members, DCPROMO to/from Domain Controller, or static application of security templates. What ends up happening is that the server-side reconfiguration may remove Local/Remote Login rights for that user, impose new restrictions (like Login hours, Logon type),
etc... preventing IIS from successfully logging in the user to execute requests and resulting in 401.1.
Here is the link, you could find the reason for the error . I hope it could help you.
May 08, 2019 09:49 AM|VinodKoti|LINK
Thanks for your reply.
For your more information, the issue is between the Web Server and App server and
occurring only for the first time login of the day. Subsequent logins are fine and able to connect without any error.
May 09, 2019 08:24 AM|Able|LINK
According to your description, 401.1 means that you login failed,but you said that you succeed next time, so I think you could succeed to connect to server because you have created load balancing. Does it exists other same webservice in other server. When
you failed first time, load balance has just send the next request to other server and that servers connect successfully. I think , you could check it in log files or you could disconnect one server to see whether it could succeed to connect server again.