> We have a web application in our Virtualised Development/Test
> environment  which when we access via the server name gets blocked with
> access denied  (HTTP Error 401.1 - Unauthorized: Access is denied due
> to invalid credentials.
> Internet Information Services (IIS) but allows access if the server IP
> address is used instead of its name.

> The setup is like this:
> Live Systems---------||| Firewal |||------- Dev/Test Env
> Domain=Master------|||     |||------Domain=Master
> ClientPC=xxx----------|||     |||-----TargerServer=yyy, IP=1.1.1.1

> The Virtual Master domain is a clone of the live and has the same name
> with  the firewall ensuring AD seperation.
> The test user is logged on in the Master domain in the live systems.
> The users id and pw are identical in both copies of the Master domain.
> If the user attempts to acces http://yyy/application/default.aspx it
> gets  rejected with access denied by IIS.
> If the user attempts to access http://1.1.1.1/application/default.aspx
> he  gets in ok.

> Is there any way we can get IIS to accept access requests using the
> server  name?

> Please help if you can.
> Regards, Major.
> p.s. Major is my christian name :-)

"Daniel Crichton" wrote:

> Mr wrote  on Mon, 9 Mar 2009 09:05:02 -0700:
>
> > We have a web application in our Virtualised Development/Test
> > environment  which when we access via the server name gets blocked with
> > access denied  (HTTP Error 401.1 - Unauthorized: Access is denied due
> > to invalid credentials.
> > Internet Information Services (IIS) but allows access if the server IP
> > address is used instead of its name.
>
> > The setup is like this:
> > Live Systems---------||| Firewal |||------- Dev/Test Env
> > Domain=Master------|||     |||------Domain=Master
> > ClientPC=xxx----------|||     |||-----TargerServer=yyy, IP=1.1.1.1
>
> > The Virtual Master domain is a clone of the live and has the same name
> > with  the firewall ensuring AD seperation.
> > The test user is logged on in the Master domain in the live systems.
> > The users id and pw are identical in both copies of the Master domain.
> > If the user attempts to acces http://yyy/application/default.aspx it
> > gets  rejected with access denied by IIS.
> > If the user attempts to access http://1.1.1.1/application/default.aspx
> > he  gets in ok.
>
> > Is there any way we can get IIS to accept access requests using the
> > server  name?
>
> > Please help if you can.
> > Regards, Major.
> > p.s. Major is my christian name :-)
>
> Below is how I understand things to work, it may well be wrong. Hopefully
> it's close enough to the correct answer to give you an idea why it's not
> working :)
>
> When using http://yyy/... IE will automatically send the currently logged in
> Windows user credentials because the hostname is in the Intranet zone and so
> attempts to login using Kerberos which will result in login failure (a
> Kerberos ticket will be different in each side of your network even though
> the user credentials are the same). When you use the IP address the browser
> will not do this, and instead will pop up the login request which allows you
> to enter details for a local user on that domain and will be done via NTLM
> or Basic auth (depending on your authentication settings). To work around
> this you'll need to either set IE for each user to always prompt for login
> credentials in the Intranet zone, or you could use a hostname with a dot in
> it (eg. yyy.zzz which will cause IE to no longer treat it as being in the
> Intranet zone and so drop to NTLM/Basic.
>
> --
> Dan
>
>
>