IIS integrated windows authentification suddenly failes for some ?

J

Jonte

We are running an IIS5 on a windows 2000 server SP4 (no post sp4 rollup
package) with integrated windows authentification. This IIS server is a
member server in our windows server 2003 AD in interim mode. "Suddenly",
some users (just a hand full) get prompted for username and password with
the IIS computer name as account source instead of the domain, like
IIS_computernam\username. If you manually change this to domain\username and
type correct password you get in and then it works for that session. After a
reboot of your machine you get promted again.

The event id 681 from the security event log with the error code 3221225572
which will mean "User logon with misspelled or bad user account" on the IIS
server. The clients are Windows XP sp2. If I test another user account on
one of the failing XP machines it works fine.

I read some article that it might be some kerberos problem and I changed the
IIS-computer to a "Trusted for delegation ..." in the ADUC but with no
results. Has the profile for the failing users something to do with it ?

Plese help me !

Sincerely

\\Jonas B
 
S

Steven L Umbach

Compare Internet Explorer settings for a user that works compared to a user
that does not. In particular look at tools/internet options/security to see
if the settings are the same for the Web Content Zones and also checking the
sites lists for intranet, trusted, and restricted Web Content Zones in case
your web server is specifically listed. Also look in tools/internet
options/advanced - security to make sure that enable integrated Windows
authentication is enabled. --- Steve
 
R

Roger Abell [MVP]

I believe Steve has already pointed you at the likely solution,
the IE setting for its providing the browsing users Windows
credentals "behind the scene".

However, I wanted to add a couple notes.

Being prompted with the IIS_computernam\username login
challenge form is normal, and common for XP clients.

Do not forget to get rid of the "trusted for delegation" setting
that you had made in attempt to resolve this. Also, unless you
have really, really gone out of your way IIS 5 will not be using
Kerberos for anything related to the browsing client.
 
J

Jonte

I checked your list but couldn't see any special. But I tested a new user on
one of the machines with the problem and that new user had no problem.
Therefore I created a new windows profile for the problem user and volia,
now it works fine.

Thank's for your tips anyway

Sincerely

\\Jonas B
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Q: Automatic authentification 5
IIS Integrated Windows authentication and SQL Integrated security 2
Prompt Popup window for Integrated windows authentication 0
Failure Audits in Event log question 1
ASP.NET Integrated Windows Authentication 2
Integrated Windows Authentication not working 1
IIS 7.0 and Windows Integrated Authentication? 1
User authentification on web applications 2

Top