iis security: Hello,

An IIS 6.0 server setup on a Windows Server 2003 Domain Controller is no
longer successfully authenticating clients. The server is set to
authenticate clients using Advanced Digest Authentication, and has been
working flawlessly for the past few months. However, now whenever a client
attempts to authenticate to the web-server, they are prompted to
authenticate three times, before receiving a "You are not authorized to view
this page" message.

An inspection of the Security Event Log on the server returns the following
curious event:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 29/10/2005
Time: 3:07:11 PM
User: NT AUTHORITY\SYSTEM
Computer: <cut>
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: <cut>
Domain: <cut>
Logon Type: 3
Logon Process: WDIGEST
Authentication Package: WDigest
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC000000D
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.2
Source Port: 1940

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I am at a total loss as to what this event means, let alone how to resolve
the problem. However, this event almost certainly appears to be the culprit
of the problem. Any help in resolving this problem would be greatly
appreciated, as the IIS server is unable to authenticate clients until this
issue is resolved.

Thanks in advance,

Ralish

Anything that you're aware of that might have changed recently?

Status 0xC000006D = STATUS_LOGON_FAILURE
ntstatus.h
# The attempted logon is invalid. This is either due to a bad
# username or authentication information.

Substatus 0xC0000006 = STATUS_INVALID_PARAMETER
ntstatus.h
# An invalid parameter was passed to a service or function.

Not sure if that helps much though...

Cheers
Ken

[quoted text, click to view]
: Hello,
:
: An IIS 6.0 server setup on a Windows Server 2003 Domain Controller is no
: longer successfully authenticating clients. The server is set to
: authenticate clients using Advanced Digest Authentication, and has been
: working flawlessly for the past few months. However, now whenever a client
: attempts to authenticate to the web-server, they are prompted to
: authenticate three times, before receiving a "You are not authorized to
view
: this page" message.
:
: An inspection of the Security Event Log on the server returns the
following
: curious event:
:
: Event Type: Failure Audit
: Event Source: Security
: Event Category: Logon/Logoff
: Event ID: 537
: Date: 29/10/2005
: Time: 3:07:11 PM
: User: NT AUTHORITY\SYSTEM
: Computer: <cut>
: Description:
: Logon Failure:
: Reason: An error occurred during logon
: User Name: <cut>
: Domain: <cut>
: Logon Type: 3
: Logon Process: WDIGEST
: Authentication Package: WDigest
: Workstation Name: -
: Status code: 0xC000006D
: Substatus code: 0xC000000D
: Caller User Name: -
: Caller Domain: -
: Caller Logon ID: -
: Caller Process ID: -
: Transited Services: -
: Source Network Address: 192.168.0.2
: Source Port: 1940
:
: For more information, see Help and Support Center at
: http://go.microsoft.com/fwlink/events.asp.
:
: I am at a total loss as to what this event means, let alone how to resolve
: the problem. However, this event almost certainly appears to be the
culprit
: of the problem. Any help in resolving this problem would be greatly
: appreciated, as the IIS server is unable to authenticate clients until
this
: issue is resolved.
:
: Thanks in advance,
:
: Ralish
:
: