All,

I have IIS6 running on my Windows 2003 SP1 enterprise server and have a
problem accessing websites using IE6 that are using integrated
authentication over the interner.

When I browse to a virtual directory that only has annoymous access over the
internet I am
able to see the page using IE6. Now if I browse to a virtual directory that
is using only integrated authentication on a WinXP SP2 machine over the
internet I am prompted
to enter a username and password which I do so in the following format:

Username: domain\username
passwiord: *******

the page appears.  If I do the same thing in Windows 2000 SP4 IE6 over the
internet I am
prompted for username, password and domain which I enter and then get a http
401.1 error.

If I use Firefox 1.02 on my Windows 2000 SP4 machine over the internet I am
prompted for user
and password that I enter in the following format:

Username: domain\username
passwiord: *******

and the page appears, so my question is why does IE6 give me a http 401.1
error - not authorized to view page?

I recently installed SP1 for Windows 2003 and applied the following:

http://support.microsoft.com/default.aspx?scid=kb;en-us;896861

Can some please help :-)

Thanks
msuk

According to KB 896861, it applies only if the client and server are on the
same machine (i.e. accessing localhost). This is not what you are doing, so
it is no surprise that it does nothing for you.

If the server is in a domain, it is probably because IE tried (and failed)
to get Kerberos working over the Internet (probably because you don't have
it working), while Firefox tried (and randomly succeeded) to get NTLM
working.

Determine which authentication protocol you want to use, and configure
client/server to use that protocol.

It would be useful to look at the web server's log files for the failed
401.x requests to know what sub status error as well as Win32 status code.
Otherwise, you are just blindly guessing.

Integrated authentication over the Internet is pretty much only going to
work with Kerberos (NTLM is connection based authentication and will be very
hit-and-miss, depending on the network proxies between client and server),
so you'll want to make Kerberos work.

Here are some URLs to get started :
http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/kerbsteps.asp
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kerbnlb.mspx

I have IIS6 running on my Windows 2003 SP1 enterprise server and have a
problem accessing websites using IE6 that are using integrated
authentication over the interner.

When I browse to a virtual directory that only has annoymous access over the
internet I am
able to see the page using IE6. Now if I browse to a virtual directory that
is using only integrated authentication on a WinXP SP2 machine over the
internet I am prompted
to enter a username and password which I do so in the following format:

Username: domain\username
passwiord: *******

the page appears.  If I do the same thing in Windows 2000 SP4 IE6 over the
internet I am
prompted for username, password and domain which I enter and then get a http
401.1 error.

If I use Firefox 1.02 on my Windows 2000 SP4 machine over the internet I am
prompted for user
and password that I enter in the following format:

Username: domain\username
passwiord: *******

and the page appears, so my question is why does IE6 give me a http 401.1
error - not authorized to view page?

I recently installed SP1 for Windows 2003 and applied the following:

http://support.microsoft.com/default.aspx?scid=kb;en-us;896861

Can some please help :-)

Thanks
msuk

IIS 6 conflict using port 443 for NON-SSL traffic
Intranet problem - 404 and 405 errors
How to tell if IIS lockdown Tool is installed?
Failure posting files to iis6.0 using ssl client authentication
URLScan as an attack vector?
Anonymous access
NTFS permissions
request certificate immediately
update databse
encrypting and signing