"Jan Nielsen" <janielsen@online.nospam> wrote in message
news:OzDS2wGZGHA.4920@TK2MSFTNGP02.phx.gbl...
> On a 2003 stand alone server I'm running Citrix webinterface on top of the
> IIS.
>
> This web interface implements it's own authentication for regular users,
> and as such IIS sees user sessions as anonymous. But a subdirectory of the
> IIS allows for administration of the web interface, and because of that
> I've set it to require integrated authentication. To access these
> administration pages I usually specify the local administrator (pretty
> much the only existing user on that box).
>
> Recently I installed SP1 + all existing security patches, and I thought
> that everything was working all right. Now some weeks later I've found out
> that I'm not able to login to the IIS anymore to access these
> administration web pages. It simply keeps asking for a user ID and
> password and after 3 tries it states that I'm not authorized to view the
> page, as if I had entered incorrect credentials.
> However I can login to the console. Furthermore I've checked policies
> (logon locally, access via network) and I've checked ACLs on the files and
> folders I'm trying to access. Everything seems to be ok, but I still can't
> login.
>
> For each logon attempt the following message is written to the audit log:
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 537
> Date: 20-04-2006
> Time: 13:08:35
> User: NT AUTHORITY\SYSTEM
> Computer: DKTSCSG01
> Description:
> Logon Failure:
> Reason: An error occurred during logon
> User Name: administrator
> Domain: DKTSCSG01
> Logon Type: 3
> Logon Process: ÐùX
`?
>
> Authentication Package: NTLM
> Workstation Name: DKTSCSG01
> Status code: 0xC000006D
> Substatus code: 0x0
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 193.x.x.x
> Source Port: 11611
>
> I'm not sure, but I'm suspecting the installation of SP1 has changed some
> security setting preventing this IIS login.
> Has anyone seen such a problem before or have an idea of what I could try
> or check ?
>
> I tried to enable basic authentication too, but it makes no difference.
>
>
> Thanks in advance,
> Jan Nielsen
>
>

"Jan Nielsen" <janielsen@online.nospam> wrote in message
news:%23HH8KTHZGHA.4424@TK2MSFTNGP05.phx.gbl...
> Hi Ken,
>
> First of all thanks for replying.
>
> Earlier I tried with basic and integrated authentication enabled at the
> same time, and yes it produced the same event.
> Now I just tried with basic autoantication only, and that succeded.
>
> Still I think this points towards some policy that might have been set
> more secure, as usual problems like wrong password, logon locally policy
> and ACLs should be ok.
> If no obvious explanation can be found, using basic auth is ok, as I only
> access these administration pages from the console or terminal session
> (limited by IP filter).
>
>
> kind regards,
> Jan Nielsen
>
>