401.2 Error

[Guest]

I have a user who is receiving a 401.2 error (logon failed
due to server configuration) when trying to view a web
page on one of our servers from IE6(all updates applied).
The web server is publicly available although he has the
same problem whether he tries to connect to the site via
the internet or a VPN connection. He is using Windows XP
PRO SP1 with all the latest critical updates installed via
Windows Update. He was able to log on to the site without
issue up until a few days ago. According to the user, no
new software has been installed on his system since the
last time he was able to successfully access the site. His
computer is a member of a Windows NT4 domain and the web
server is also part of the same domain. I have
approximately ten other users with the same configuration
who are able to access the site without issue.

The web server is running on a Windows 2000 Server machine
using IIS version 5. There are multiple web sites on the
server with host headers used to differentiate between
them. The site in question is set to use Windows
Integrated Authentication; anonymous access, basic
authentication, and digest authentication are all
disabled. NTFS security on the folder where the site is
based allows read/execute access to the "Everyone" group.
Following is a list of things I've tried on the user's
computer and the web server in an attempt to resolve the
problem:


1. Tried all settings for both Internet and Local Intranet
under Internet Options/Security Tab/Custom Level/User
Authentication/Logon.
2. Enabled and disabled the "Enable Integrated Windows
Authentication" setting under Internet Options/Advanced
tab/Security.
3. Enabled "Basic Authentication" on the web server. This
worked and allowed the user to logon, although this is not
a solution as I do not want to allow clear text passwords.


Any ideas on a fix for this problem?

 

[Robert Aldwinckle]

I have a user who is receiving a 401.2 error (logon failed

due to server configuration) when trying to view a web
page on one of our servers

Does that mean you are expecting a password prompt?
Is the protocol involved https? Is there a proxy?
What level of HTTP are you using (Options, Advanced tab)?

<title>KB322032 - PRB: 401 Error Message When You Use Application Center Test with NTLM Authentication</title>

(MSKB Titles only search for
401
) ;o

Any ideas on a fix for this problem?

Try some of the regsvr32 commands that Windows Update users
are being advised to use for related symptoms:

<title>KB822798 - You Cannot Install Some Updates or Programs</title>


Good luck

Robert Aldwinckle

 

[Guest]

I tried the regsvr32 commands you suggested but it didn't
fix the problem.

In response to your questions:
-I am expecting a password prompt
-Https is not being used
-There is no proxy
-Http level is 1.1

I should also note that failed logon attempts are being
logged on the web server but when the user tries to logon
and receives the 401.2 error, a failed logon attempt is
not recorded. It seems as if there is a problem during the
NTLM negotiation process.

Any other ideas?

Thanks

-----Original Message-----

Does that mean you are expecting a password prompt?
Is the protocol involved https? Is there a proxy?
What level of HTTP are you using (Options, Advanced tab)?

<title>KB322032 - PRB: 401 Error Message When You Use

 

[H Leboeuf]

Can these articles help?

Error Message: HTTP 401.2 - Unauthorized: Logon Failed Due to Server
Configuration with No Authentication
You are not authorized to view this page.
HTTP 401.2 - Unauthorized: Logon failed due to server configuration Internet
Information Services.
http://support.microsoft.com/?kbid=253667 (4/22/2003)

How to Troubleshoot 401.2 HTTP Errors with Reverse Proxy Web Publishing
http://support.microsoft.com/?kbid=261689 (11/3/2003)

With WebShield Installed and Access Control Turned On, Proxy Server Clients
Receive HTTP 401.1 or 401.2 Error Message
http://support.microsoft.com/?kbid=286409 (1/31/2001)

 

[Guest]

-----Original Message-----

Does that mean you are expecting a password prompt?
Is the protocol involved https? Is there a proxy?
What level of HTTP are you using (Options, Advanced tab)?

<title>KB322032 - PRB: 401 Error Message When You Use

 

[Guest]

I tried the regsvr32 commands you suggested but it didn't
fix the problem.

In response to your questions:
-I am expecting a password prompt
-Https is not being used
-There is no proxy
-Http level is 1.1

I should also note that failed logon attempts are being
logged on the web server but when the user tries to logon
and receives the 401.2 error, a failed logon attempt is
not recorded. It seems as if there is a problem during the
NTLM negotiation process.

Any other ideas?

Thanks

-----Original Message-----

Does that mean you are expecting a password prompt?
Is the protocol involved https? Is there a proxy?
What level of HTTP are you using (Options, Advanced tab)?

<title>KB322032 - PRB: 401 Error Message When You Use

 

[Robert Aldwinckle]

....

I tried the regsvr32 commands you suggested but it didn't
fix the problem.

I just noticed that your code is 401.2 not just 401.
Some KB articles about that code also refer to fixes in urlmon.dll
so it would probably be a good idea to re-register it too:

regsvr32 /i urlmon.dll

Do wininet.dll too. It doesn't have an entrypoint for DllRegisterServer
but it does have a DllInstall:

regsvr32 /i /n wininet.dll

-Https is not being used

That's good. That allows you to do some tracing.

I suspect what you will find is that you are receiving an HTTP 401 response
with headers such as
Authenticate: negotiate
WWW-Authentication: NTLM

That is what should cause the prompt you are expecting but since
it also carries the HTML for the Access denied message it is what
you are seeing instead. That assumes you also have unchecked:
Show friendly HTTP error messages
(Options, Advanced tab)

If you don't have a proper tracing tool you could capture this particular
response using a telnet client. If necessary you could capture the same
diagnostic both from machines which are working and from the machine
which isn't working. Other diagnostics which could be illuminating via
this compare technique would be tracing using RegMon and FileMon
(freeware from SysInternals).

a failed logon attempt is not recorded.

If you aren't getting a prompt but just seeing the message
I think that this just means that there was no attempt.

Any other ideas?

You might get more informed help posting in a newsgroup which
specializes in Security for either IIS or XP.


HTH

Robert
---

 

[mosika]

Thanks for the ideas. I'll give these suggestions a try.
If I don't get it resolved I'll try another group. Thanks
again.