Hi,

We have a Windows 2000 Server running IIS 5 and we are having problems with
integrated windows authentication but only with some clients.

For testing purposes I have been using WFetch on the server itself and we
are getting HTTP 401.1: Unauthorized Login Failed.

The application we are accessing is running under the default web site which
has anonymous authentication enabled. The application itself has anonymous
access disabled.

The WFetch request is being run using a domain account, I have checked the
ACLs for the physical folder and the Domain Users group has Read access.
I've also added the specific account I am using via WFetch and even given
this Full Control but I still get the same issue.

It works fine from XP clients and some Windows 2000 clients (excluding the
server itself), NT 4 clients do not work - in each case the latest version
of IE is being used.

The WFetch log file is included below, if anyone can help I would be very
grateful.

Best Regards,

Kirk

started....
WWWConnect::Connect("127.0.0.1","80")\n
source port: 3439\r\n
SEC_I_CONTINUE_NEEDED - InitializeSecurityContext\n
REQUEST: **************\n
GET /activedition/nms/netman.asp HTTP/1.1\r\n
Host: localhost\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
Authorization: NTLM TlRMTVNTUAABAAAAl4II4AAAAAAAAAAAAAAAAAAAAAA=\r\n
\r\n
RESPONSE: **************\n
HTTP/1.1 401 Access Denied\r\n
Server: Microsoft-IIS/5.0\r\n
Date: Wed, 13 Jul 2005 15:51:44 GMT\r\n
WWW-Authenticate: NTLM
TlRMTVNTUAACAAAAEAAQADAAAAAVgongrTwwCssyMXAAAAAAAAAAAHYAdgBAAAAAUABDAEYARABSAEkAVgBFAAIAEABQAEMARgBEAFIASQBWAEUAAQAIAFIAMgBEADIA
BAAgAHIAbwB5AGEAbABtAGkAbgB0AC4AZwBvAHYALgB1AGsAAwAqAHIAMgBkADIALgByAG8AeQBhAGwAbQBpAG4AdAAuAGcAbwB2AC4AdQBrAAAAAAA=\r\n
Connection: close\r\n
Content-Length: 4033\r\n
Content-Type: text/html\r\n
\r\n
SEC_E_OK - InitializeSecurityContext\n
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">\r\n
<html dir=ltr>\r\n
\r\n
<head>\r\n
<style>\r\n
a:link                  {font:8pt/11pt verdana; color:FF0000}\r\n
a:visited               {font:8pt/11pt verdana; color:#4e4e4e}\r\n
</style>\r\n
\r\n
<META NAME="ROBOTS" CONTENT="NOINDEX">\r\n
\r\n
<title>You are not authorized to view this page</title>\r\n
\r\n
<META HTTP-EQUIV="Content-Type" Content="text-html;
charset=Windows-1252">\r\n
</head>\r\n
\r\n
<script> \r\n
function Homepage(){\r\n
<!--\r\n
// in real bits, urls get returned to our script like this:\r\n
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm \r\n
\r\n
\t//For testing use DocURL =
"res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"\r\n
\tDocURL=document.URL;\r\n
\t\r\n
\t//this is where the http or https will be, as found by searching for ://
but skipping the res://\r\n
\tprotocolIndex=DocURL.indexOf("://",4);\r\n
\t\r\n
\t//this finds the ending slash for the domain server \r\n
\tserverIndex=DocURL.indexOf("/",protocolIndex + 3);\r\n
\r\n
\t//for the href, we need a valid URL to the domain. We search for the #
symbol to find the begining \r\n
\t//of the true URL, and add 1 to skip it - this is the BeginURL value. We
use serverIndex as the end marker.\r\n
\t//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);\r\n
\tBeginURL=DocURL.indexOf("#",1) + 1;\r\n
\turlresult=DocURL.substring(BeginURL,serverIndex);\r\n
\t\t\r\n
\t//for display, we need to skip after http://, and go to the next slash\r\n
\tdisplayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);\r\n
\tInsertElementAnchor(urlresult, displayresult);\r\n
}\r\n
\r\n
function HtmlEncode(text)\r\n
{\r\n
    return text.replace(/&/g, '&amp').replace(/'/g, '&quot;').replace(/</g,
'&lt;').replace(/>/g, '&gt;');\r\n
}\r\n
\r\n
function TagAttrib(name, value)\r\n
{\r\n
    return ' '+name+'="'+HtmlEncode(value)+'"';\r\n
}\r\n
\r\n
function PrintTag(tagName, needCloseTag, attrib, inner){\r\n
    document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );\r\n
    if (needCloseTag) document.write( '</' + tagName +'>' );\r\n
}\r\n
\r\n
function URI(href)\r\n
{\r\n
    IEVer = window.navigator.appVersion;\r\n
    IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );\r\n
\r\n
    return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?\r\n
        encodeURI(href) :\r\n
        escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');\r\n
}\r\n
\r\n
function InsertElementAnchor(href, text)\r\n
{\r\n
    PrintTag('A', true, TagAttrib('HREF', URI(href)), text);\r\n
}\r\n
\r\n
//-->\r\n
</script>\r\n
\r\n
<body bgcolor="FFFFFF">\r\n
\r\n
<table width="410" cellpadding="3" cellspacing="5">\r\n
\r\n
  <tr>  \r\n
    <td align="left" valign="middle" width="360">\r\n
\t<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are
not authorized to view this page</h1>\r\n
    </td>\r\n
  </tr>\r\n
  \r\n
  <tr>\r\n
    <td width="400" colspan="2">\r\n
\t<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have
permission to view this directory or page using the credentials you
supplied.</id><
/font></td>\r\n
  </tr>\r\n
  \r\n
  <tr>\r\n
    <td width="400" colspan="2">\r\n
\t<font style="COLOR:000000; FONT: 8pt/11pt verdana">\r\n
\t<hr color="#C0C0C0" noshade>\r\n
<p>Please try the following:</p>\r\n
\r\n
<ul>\r\n
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to
try again with different credentials.</li>\r\n
\r\n
<li>If you believe you should be able to view this directory or page, please
contact the Web site administrator by using the e-mail address or phone nu
mber listed on the\r\n
\r\n
\t<script> \r\n
\t<!--\r\n
\tif (!((window.navigator.userAgent.indexOf("MSIE") > 0) &&
(window.navigator.appVersion.charAt(0) == "2")))\r\n
\t{\r\n
\t\tHomepage();\r\n
\t}\r\n
\t//-->\r\n
\t</script> home\r\n
    page.</li>\r\n
</ul>\r\n
\r\n
    <h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.1 -
Unauthorized: Logon Failed<br>\r\n
    Internet Information Services</h2>\r\n
\t\t\r\n
\t<hr color="#C0C0C0" noshade>\r\n
\t\r\n
\t<p>Technical Information (for support personnel)</p>\r\n
\t\r\n
<ul>\r\n
<li>More information:<br>\r\n
<a
href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.1&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3="
target="_blank">Mic
rosoft Support</a>\r\n
</li>\r\n
\r\n
    </font></td>\r\n
  </tr>\r\n
  \r\n
</table>\r\n
</body>\r\n
</html>\r\n
WWWConnect::Close("127.0.0.1","80")\n
closed source port: 3439\r\n
cannot send data, because connection is closed
finished.

Show quote Hide quote 401.1 indicates that either the username or password provided is bad - in
other words the server could not authenticate the client based on those
credentials.  Are you using domain or local accounts?

Hi Tom.

The username and password are definately correct. I am using domain
accounts. We have tried this on numerous machines with numerous accounts.

Any ideas?

Kirk

Show quoteHide quote

WWW-Authenticate header field From http://www.developmentnow.com/g/91_2005_7_0_0_559107/IIS-5--Integrated-Windows-Authentication-Issues.htm Posted via DevelopmentNow.com Groups http://www.developmentnow.com/g/

Redirecting http:// to https:/
How to disable SSL Security Alert in IE
IIS Crashes at regular interval of time - Urgent
Problem with IIS, Powerpoint and AVI-File
How to create a Client certificate
Certificate Question
Exchange 2003 OWA and IIS over SSL
Securing IIS 6
Http Error 401.1
HTTP TRACE verb on IIS 6.0