|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS auth. problem with 2003 SP1IIS. This web interface implements it's own authentication for regular users, and as such IIS sees user sessions as anonymous. But a subdirectory of the IIS allows for administration of the web interface, and because of that I've set it to require integrated authentication. To access these administration pages I usually specify the local administrator (pretty much the only existing user on that box). Recently I installed SP1 + all existing security patches, and I thought that everything was working all right. Now some weeks later I've found out that I'm not able to login to the IIS anymore to access these administration web pages. It simply keeps asking for a user ID and password and after 3 tries it states that I'm not authorized to view the page, as if I had entered incorrect credentials. However I can login to the console. Furthermore I've checked policies (logon locally, access via network) and I've checked ACLs on the files and folders I'm trying to access. Everything seems to be ok, but I still can't login. For each logon attempt the following message is written to the audit log: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 537 Date: 20-04-2006 Time: 13:08:35 User: NT AUTHORITY\SYSTEM Computer: DKTSCSG01 Description: Logon Failure: Reason: An error occurred during logon User Name: administrator Domain: DKTSCSG01 Logon Type: 3 Logon Process: ÐùX?`? Authentication Package: NTLM Workstation Name: DKTSCSG01 Status code: 0xC000006D Substatus code: 0x0 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 193.x.x.x Source Port: 11611 I'm not sure, but I'm suspecting the installation of SP1 has changed some security setting preventing this IIS login. Has anyone seen such a problem before or have an idea of what I could try or check ? I tried to enable basic authentication too, but it makes no difference. Thanks in advance, Jan Nielsen Hi
Error 0xC000006D # for hex 0xc000006d / decimal -1073741715 : STATUS_LOGON_FAILURE ntstatus.h # The attempted logon is invalid. This is either due to a bad # username or authentication information. Don't know if that helps at all. Do you get the same errors in the event log when you use Basic AuthN? Cheers Ken Show quoteHide quote "Jan Nielsen" <janielsen@online.nospam> wrote in message news:OzDS2wGZGHA.4920@TK2MSFTNGP02.phx.gbl... > On a 2003 stand alone server I'm running Citrix webinterface on top of the > IIS. > > This web interface implements it's own authentication for regular users, > and as such IIS sees user sessions as anonymous. But a subdirectory of the > IIS allows for administration of the web interface, and because of that > I've set it to require integrated authentication. To access these > administration pages I usually specify the local administrator (pretty > much the only existing user on that box). > > Recently I installed SP1 + all existing security patches, and I thought > that everything was working all right. Now some weeks later I've found out > that I'm not able to login to the IIS anymore to access these > administration web pages. It simply keeps asking for a user ID and > password and after 3 tries it states that I'm not authorized to view the > page, as if I had entered incorrect credentials. > However I can login to the console. Furthermore I've checked policies > (logon locally, access via network) and I've checked ACLs on the files and > folders I'm trying to access. Everything seems to be ok, but I still can't > login. > > For each logon attempt the following message is written to the audit log: > Event Type: Failure Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 537 > Date: 20-04-2006 > Time: 13:08:35 > User: NT AUTHORITY\SYSTEM > Computer: DKTSCSG01 > Description: > Logon Failure: > Reason: An error occurred during logon > User Name: administrator > Domain: DKTSCSG01 > Logon Type: 3 > Logon Process: ÐùX?`? > > Authentication Package: NTLM > Workstation Name: DKTSCSG01 > Status code: 0xC000006D > Substatus code: 0x0 > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 193.x.x.x > Source Port: 11611 > > I'm not sure, but I'm suspecting the installation of SP1 has changed some > security setting preventing this IIS login. > Has anyone seen such a problem before or have an idea of what I could try > or check ? > > I tried to enable basic authentication too, but it makes no difference. > > > Thanks in advance, > Jan Nielsen > > Hi Ken,
First of all thanks for replying. Earlier I tried with basic and integrated authentication enabled at the same time, and yes it produced the same event. Now I just tried with basic autoantication only, and that succeded. Still I think this points towards some policy that might have been set more secure, as usual problems like wrong password, logon locally policy and ACLs should be ok. If no obvious explanation can be found, using basic auth is ok, as I only access these administration pages from the console or terminal session (limited by IP filter). kind regards, Jan Nielsen Hi,
If Basic and IWA are both enabled, the browser will choose IWA (i.e. NTLM or Kerberos), which is probably why you are seeing the same symptoms when both are enabled. Since Basic is working fine, check the following KB article to see if it applies to you: http://support.microsoft.com/default.aspx?scid=kb;en-us;896861 Cheers Ken Show quoteHide quote "Jan Nielsen" <janielsen@online.nospam> wrote in message news:%23HH8KTHZGHA.4424@TK2MSFTNGP05.phx.gbl... > Hi Ken, > > First of all thanks for replying. > > Earlier I tried with basic and integrated authentication enabled at the > same time, and yes it produced the same event. > Now I just tried with basic autoantication only, and that succeded. > > Still I think this points towards some policy that might have been set > more secure, as usual problems like wrong password, logon locally policy > and ACLs should be ok. > If no obvious explanation can be found, using basic auth is ok, as I only > access these administration pages from the console or terminal session > (limited by IP filter). > > > kind regards, > Jan Nielsen > > 
Other interesting topics
Certificates on .local domain
Problem Configure my Web Site to Use SSL New Virus or Something default scripts and manuals Access denied logging to event log on Windows Server 2003 IUSR Account Question Integrated windows authentication problems Cross Site authentication ? HTTP Link to .xls file returns 404 - IIS 6 log in problem to a link |
|||||||||||||||||||||||
