Hi Brad,

Currently I have two suggestion on the troubleshooting for you:
1. since the IP url could logon successfully, I think the DNS configuration
of the site url may cause the failure of NTLM authentication. We could use
the WFetch from IIS resource kit to capture the http trace. Please capture
two traces by using IP logon and DNS url logon.
IIS resource kit
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-
b628-ade629c89499&DisplayLang=en

2. One authentication and Access Control Diagnostics tool is released by
Microsoft this year. We could monitor the authentication process to analyze
the failure. At the home page of this Diagnostics tool, please choose the
option "Monitor URL Failures" from the list box "Tasks". Then specify one
site URL then, select "continue?". Then click the button "Start
Diagnostics". Diagnostics tool will record the authentication; after the
monitoring, the button "Analyze Results" may provide more information.
AuthDiag
http://www.microsoft.com/downloads/details.aspx?FamilyId=E90FE777-4A21-4066-
BD22-B931F7572E9A&displaylang=en

Look forward to your troubleshooting result! It is my pleasure to be of any
assistance.

Best Regards,
Wei-Dong XU
Microsoft Product Support Services
This posting is provided "AS IS" with no warranties, and confers no rights.

I just rebuilt my win2k3 pc and in rebuilding my web sites I can't get nt
authenticaiton to work for any web app on any web site: all worked correctly
before the rebuild. Here are some of the details of how my pc is set up and
the problem:

- My pc is win2k3 sp1
- I am a administrator on my pc
- I have mulitple web sites on my pc (only used for local development)
- Each site has a unique ip address (host headers are not used).
- Each site ip address and name are listed in my "host" file.
- I have set certain web apps to require nt auth: in iis anonymous is
unchecked and the group "authenticated users" has permissions to the folder
for each web app which requires nt auth.
- When I attempt to access the web app using a named url (i.e.
http://myweb/myapp) I get an nt login dialog window and no matter what I
enter I am just locked into that dialog window (it is not accepting my
login). If I close the dialog I get a 401.1 error. I have security
auditing on and I get a event 537 with the following information (I
substituted "my..." below for privacy i.e. domain: mydomain):
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 7/14/2005
Time: 4:47:32 PM
User: NT AUTHORITY\SYSTEM
Computer: mywid
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: myuser
Domain: mydomain
Logon Type: 3
Logon Process: Ðù¢
Authentication Package: NTLM
Workstation Name: mywid
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.11
Source Port: 1259

IIS Log shows this:
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-07-15 00:16:09 192.168.0.11 GET /Default.aspx - 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
302 0 0
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 0
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252

- If I access the site using the ip address http://192.168.0.11/myapp I get
the nt login dialog but it will accept what I enter and I can get to the
appllication (note...in testing, my application is just a simple html page).
- This is not unique to a specific web app or web site on my pc. I have the
same problem for all apps/sites which require nt auth (the apps which do
not require nt auth have no problem).
- Prior to my machine rebuild this all worked correctly and I did not get a
login dialog....it just accepted my domain credentials.
- I am not using FP extensions.
- All of the web sites folders are under c:\inetpub i.e.
c:\inetpub\site1, c:\inetpub\site2.....
- Since this is after a pc rebuild, my web site folders were saved to
another locaiton prior to rebuild and I copied them back afterwards. I
relinked each site to iis by using iis console, adding each site and
specifying the folder and ip address for each site (I have checked that the
ip address in iis matches the one in my host file).
- Again note, I am an administrator on this pc and I am the one attempting
to access the apps/sites.


With all this info can anyone tell my why nt auth for iis might not work????

Thanks

Brad

This sounds like a variation of:
http://support.microsoft.com/?id=896861

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
I just rebuilt my win2k3 pc and in rebuilding my web sites I can't get nt
authenticaiton to work for any web app on any web site: all worked correctly
before the rebuild. Here are some of the details of how my pc is set up and
the problem:

- My pc is win2k3 sp1
- I am a administrator on my pc
- I have mulitple web sites on my pc (only used for local development)
- Each site has a unique ip address (host headers are not used).
- Each site ip address and name are listed in my "host" file.
- I have set certain web apps to require nt auth: in iis anonymous is
unchecked and the group "authenticated users" has permissions to the folder
for each web app which requires nt auth.
- When I attempt to access the web app using a named url (i.e.
http://myweb/myapp) I get an nt login dialog window and no matter what I
enter I am just locked into that dialog window (it is not accepting my
login). If I close the dialog I get a 401.1 error. I have security
auditing on and I get a event 537 with the following information (I
substituted "my..." below for privacy i.e. domain: mydomain):
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 7/14/2005
Time: 4:47:32 PM
User: NT AUTHORITY\SYSTEM
Computer: mywid
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: myuser
Domain: mydomain
Logon Type: 3
Logon Process: Ðù¢
Authentication Package: NTLM
Workstation Name: mywid
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.11
Source Port: 1259

IIS Log shows this:
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-07-15 00:16:09 192.168.0.11 GET /Default.aspx - 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
302 0 0
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 0
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252

- If I access the site using the ip address http://192.168.0.11/myapp I get
the nt login dialog but it will accept what I enter and I can get to the
appllication (note...in testing, my application is just a simple html page).
- This is not unique to a specific web app or web site on my pc. I have the
same problem for all apps/sites which require nt auth (the apps which do
not require nt auth have no problem).
- Prior to my machine rebuild this all worked correctly and I did not get a
login dialog....it just accepted my domain credentials.
- I am not using FP extensions.
- All of the web sites folders are under c:\inetpub i.e.
c:\inetpub\site1, c:\inetpub\site2.....
- Since this is after a pc rebuild, my web site folders were saved to
another locaiton prior to rebuild and I copied them back afterwards. I
relinked each site to iis by using iis console, adding each site and
specifying the folder and ip address for each site (I have checked that the
ip address in iis matches the one in my host file).
- Again note, I am an administrator on this pc and I am the one attempting
to access the apps/sites.


With all this info can anyone tell my why nt auth for iis might not work????

Thanks

Brad

Workaround #1 in that kb article (896861) resolved the problem. Thank you
very much!

I had been able to enable NTLM security using the workaround in
http://support.microsoft.com/?id=871179, but I could not get kerberos to
work (http://support.microsoft.com/?id=215383). I removed the
NTAuthenticationProviders metabase entry created by these workarounds (by
default no NTAuthenticationProviders entry existed) and applied the
workaround per the kb article you provided (896861) and security is working
now.

Thanks again.

Brad


[quoted text, click to view]
This sounds like a variation of:
http://support.microsoft.com/?id=896861

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
I just rebuilt my win2k3 pc and in rebuilding my web sites I can't get nt
authenticaiton to work for any web app on any web site: all worked correctly
before the rebuild. Here are some of the details of how my pc is set up and
the problem:

- My pc is win2k3 sp1
- I am a administrator on my pc
- I have mulitple web sites on my pc (only used for local development)
- Each site has a unique ip address (host headers are not used).
- Each site ip address and name are listed in my "host" file.
- I have set certain web apps to require nt auth: in iis anonymous is
unchecked and the group "authenticated users" has permissions to the folder
for each web app which requires nt auth.
- When I attempt to access the web app using a named url (i.e.
http://myweb/myapp) I get an nt login dialog window and no matter what I
enter I am just locked into that dialog window (it is not accepting my
login). If I close the dialog I get a 401.1 error. I have security
auditing on and I get a event 537 with the following information (I
substituted "my..." below for privacy i.e. domain: mydomain):
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 7/14/2005
Time: 4:47:32 PM
User: NT AUTHORITY\SYSTEM
Computer: mywid
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: myuser
Domain: mydomain
Logon Type: 3
Logon Process: Ðù¢
Authentication Package: NTLM
Workstation Name: mywid
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.11
Source Port: 1259

IIS Log shows this:
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-07-15 00:16:09 192.168.0.11 GET /Default.aspx - 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
302 0 0
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 0
2005-07-15 00:16:09 192.168.0.11 GET /portal/NTSecurity/NTLogon.aspx
/Default.aspx 80 - 192.168.0.11
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252

- If I access the site using the ip address http://192.168.0.11/myapp I get
the nt login dialog but it will accept what I enter and I can get to the
appllication (note...in testing, my application is just a simple html page).
- This is not unique to a specific web app or web site on my pc. I have the
same problem for all apps/sites which require nt auth (the apps which do
not require nt auth have no problem).
- Prior to my machine rebuild this all worked correctly and I did not get a
login dialog....it just accepted my domain credentials.
- I am not using FP extensions.
- All of the web sites folders are under c:\inetpub i.e.
c:\inetpub\site1, c:\inetpub\site2.....
- Since this is after a pc rebuild, my web site folders were saved to
another locaiton prior to rebuild and I copied them back afterwards. I
relinked each site to iis by using iis console, adding each site and
specifying the folder and ip address for each site (I have checked that the
ip address in iis matches the one in my host file).
- Again note, I am an administrator on this pc and I am the one attempting
to access the apps/sites.


With all this info can anyone tell my why nt auth for iis might not work????

Thanks

Brad