> Hi

> I have following system settings:
> 2x Windows server 2003 cluster + SP1 also DC
> IIS6 service running on the cluster
> IIS auth mode: integrated windows authentication
> Clusterresource: data5


> Now I have following problem:
> If I connect via http://data5/index.html everything is working fine.
> If I use the FQDN or the ip- address of data5
> (http://data5.domain.local/index.html) I get a login prompt.
> I already change the “NTAuthenticationProviders” to "NTLM". (KB 871179)
> But the problem was not fixed.
> I hope somebody can help me.

> Best regards
> Stefan

> Hi
>
> I have following system settings:
> 2x Windows server 2003 cluster + SP1 also DC
> IIS6 service running on the cluster
> IIS auth mode: integrated windows authentication
> Clusterresource: data5
>
> Now I have following problem:
> If I connect viahttp://data5/index.htmleverything is working fine.
> If I use the FQDN or the ip- address of data5
> (http://data5.domain.local/index.html) I get a login prompt.
> I already change the “NTAuthenticationProviders” to "NTLM". (KB 871179)
> But the problem was not fixed.
> I hope somebody can help me.
>
> Best regards
> Stefan
>
> PS: Sorry for my bad English

> On Oct 7, 12:15 am, Stefan Mitterbuchner <dr_mitch*NO-SP***@web.de>
> wrote:
>> Hi
>>
>> I have following system settings:
>> 2x Windows server 2003 cluster + SP1 also DC
>> IIS6 service running on the cluster
>> IIS auth mode: integrated windows authentication
>> Clusterresource: data5
>>
>> Now I have following problem:
>> If I connect viahttp://data5/index.htmleverything is working fine.
>> If I use the FQDN or the ip- address of data5
>> (http://data5.domain.local/index.html) I get a login prompt.
>> I already change the “NTAuthenticationProviders” to "NTLM". (KB 871179)
>> But the problem was not fixed.
>> I hope somebody can help me.
>>
>> Best regards
>> Stefan
>>
>> PS: Sorry for my bad English
>
>
> This is by-design.
>
> By default, IE does not perform auto-login for URLs with FQDN or IP
> addresses because they are considered in the "Internet Zone".
> Meanwhile, just "data5" is considered "Intranet Zone", which has auto-
> login.
>
> To "get around this", you will have to configure the browsers to trust
> the FQDN, either by making people add the FQDN to their Trusted Sites
> list, or change Internet Zone to auto login.
>
> However, be aware that both are undesirable from a security
> perspective because:
> - you don't want to auto-login for the Internet Zone (that would be a
> security hazard -- a hacker site can use Basic Auth + Auto-Login to
> steal your username/password)
> - it is a hassle to get users to add FQDN into the Trusted Sites list,
> and you don't want users accustomed to adding random FQDN into their
> Trusted Sites list just to "make things work".
>
> In general, if you are trying to login from the Internet, you should
> provide credentials. If your users are inside the domain and Intranet,
> then they should use the Internal name and not FQDN.
>
> In other words, the default settings are for your safety, and when you
> alter them for convenience, you are explicitly responsible for the
> security of your own choices.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //