|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS6, Windows Integrated Authentication, Denied accessissue also occurred on a Win 2003 R2 server). The site is configured to use Windows Integrated Authentication (it is a local Intranet app) and the web app works with this, mostly. Frequently, however, the user will receive an authentication dialog for a web resource. This doesn't happen always, but frequently it does. Sometimes the user can access the resource without any problems, other times he'll be prompted for a username and password. Entering his domain credentials does not allow access to the resource, however, when he is prompted. If he is not prompted, he can access the resource fine. I don't know what could be causing this behavior. Turning on full auditing for the files in the web site does not reveal any object access failure audits. However, in the web traffic log, I will see entries such as this: 2006-05-12 15:27:11 W3SVC1 142.101.204.107 GET /Survey/images/icon_arrow_down.gif - 80 - 10.166.4.193 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+CGI-ISDC;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 2148074241 What I find curious about this log entry is the following: - There is no LOGON_USER identified. Other successful log entries show the user name. - The server code for this entry is 401.1 - The Win32 code is 2148074241 I suspect that this has something to do with network communications with the domain controller, but this is just a guess. I really have no idea what could be causing this intermittent behavior. Does anyone know where else I can look in attempting to diagnose this problem? Thanks, DrJazz When using NTLM on Windows 2003 you will see three entries in the IIS logs
for each request made by a user. Line 1 - 401.1 Line 2 - 401.2 Line 3 - 200 (this of course assumes the page worked!) It does suggest that there may be authentication issues between your web server and DC. Have you checked your DC to make sure it is not being overly stressed. You could find that it is unable to deal with the numberof requests it is being sent. Monitoring Performance counters should help with this. Also try to analyse your log files for patterns when the authentication failures occur. (Using Log Parser from the IIS Resource Kit would really help with this). Again you may see some pattern, i.e. requests ont he half hour are failing, and you may be able to tie this back to a scheduled task etc.. Paul Walsh Show quoteHide quote "DrJazz" wrote: > I have deployed an ASP.NET 2 web app to a Windows 2003 Server with SP1 (this > issue also occurred on a Win 2003 R2 server). The site is configured to use > Windows Integrated Authentication (it is a local Intranet app) and the web > app works with this, mostly. > > Frequently, however, the user will receive an authentication dialog for a > web resource. This doesn't happen always, but frequently it does. Sometimes > the user can access the resource without any problems, other times he'll be > prompted for a username and password. Entering his domain credentials does > not allow access to the resource, however, when he is prompted. If he is not > prompted, he can access the resource fine. > > I don't know what could be causing this behavior. Turning on full auditing > for the files in the web site does not reveal any object access failure > audits. However, in the web traffic log, I will see entries such as this: > > 2006-05-12 15:27:11 W3SVC1 142.101.204.107 GET > /Survey/images/icon_arrow_down.gif - 80 - 10.166.4.193 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+CGI-ISDC;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 2148074241 > > What I find curious about this log entry is the following: > - There is no LOGON_USER identified. Other successful log entries show > the user name. > - The server code for this entry is 401.1 > - The Win32 code is 2148074241 > > I suspect that this has something to do with network communications with the > domain controller, but this is just a guess. I really have no idea what could > be causing this intermittent behavior. > > Does anyone know where else I can look in attempting to diagnose this problem? > > > Thanks, > DrJazz > > Paul,
Thank you for your quick response. Actually, for each successful URI request, I see 4 entries in the web log: 401 2 2148074254 401 1 0 401 1 0 200 0 0 As far as load on the DC goes, my network admin informs me that our DCs are actually way overpowered for our needs - we have 2 dual-processor machines acting only as DCs for under 250 people. There is nothing he can determine from examining the DCs (logs, etc.) that would shed light on this issue. Curiously, however, the resource that gets denied is often an image (it is much less frequently an ASPX page request), and is often the SAME image on a given page. For example, load the page a few times, everything works fine. Then, out of the blue, reload the page and one of the images won't load (prompting for a login). It can't be stress on the web server itself since I'm the only one using it. There does not appear to be any pattern to the resource denial, other than if I bang on the web site for 2 to 3 minutes, I'm bound to have at least one of these episodes. I was hoping the Win32 error code might provide a clue, but Google/MSN/Yahoo have precious little to offer on this code. Paul, once again thanks for you help. Cheers, DrJazz The only other thing I can suggest is running FileMon (www.sysinternals.com)
to see if that gives you any more detailed analysis. That extra 401.1 you see would probably indicate that the client is failing to correctly send its credentials to the web server when initally challenged. The other option is to run a Netmon or Etherreal trace. This would prove conclusivly if the client is correctly responding to the request for credentials. Just thought of one more option :-) Caching... Have you tried clearing down any client or server caches, and any front end network cache you may have.. Paul Walsh Show quoteHide quote "DrJazz" wrote: > Paul, > > Thank you for your quick response. Actually, for each successful URI > request, I see 4 entries in the web log: > > 401 2 2148074254 > 401 1 0 > 401 1 0 > 200 0 0 > > As far as load on the DC goes, my network admin informs me that our DCs are > actually way overpowered for our needs - we have 2 dual-processor machines > acting only as DCs for under 250 people. There is nothing he can determine > from examining the DCs (logs, etc.) that would shed light on this issue. > > Curiously, however, the resource that gets denied is often an image (it is > much less frequently an ASPX page request), and is often the SAME image on a > given page. For example, load the page a few times, everything works fine. > Then, out of the blue, reload the page and one of the images won't load > (prompting for a login). It can't be stress on the web server itself since > I'm the only one using it. > > There does not appear to be any pattern to the resource denial, other than > if I bang on the web site for 2 to 3 minutes, I'm bound to have at least one > of these episodes. I was hoping the Win32 error code might provide a clue, > but Google/MSN/Yahoo have precious little to offer on this code. > > Paul, once again thanks for you help. > > > Cheers, > DrJazz > 
Other interesting topics
Getting 401.1 when using DNS, okay using NETBIOS and Localhost
Host a secure web application and OWA, use as many servers and resources as necessary. Remote access to webserver w/website modifications iis 6 ssl issues Windows Authentication with asp.net 2.0 Password protect web page Integrated Windows Authority setting causing IIS 6.0 to crash Multiple Host Headers and SSL shared folder for iis website? Calling COM+ component from IIS 6 Annonymous local account |
|||||||||||||||||||||||
