|
|
You're in the
iis security
group:You are not authorized to view this page
iis security:
Hi
I have two IIS servers with similar setups, When I logon to the server and use IE to view the website, everything works as expected on both servers When I use a different computer to view the same pages, then one works OK, and the other gives me the error in the subject line. Looking in the log for the IIS server that gives me the error, there are a series of errors 302 0 0 301 0 0 401 1 0 402 2 2148074254 Where should I be looking to resolve the error and get the remote browser sesssion working? Thanks Heaps Bob
302 = redirect
301 = redirect Those are not "errors". Instead your browser is being told to make a new request for a different page. 401.1 is an authentication challenge (you are being challenged to provide allowed credentials) 402.2 - IIS does not implement this error code. Please verify what you have in your logfile. If it's, instead, 401.2 then that may be part of a legitimate NTLM authentication. What is the *next* request? Does it have a 200 OK status? Can you post the entire logfile entries you have (including the one following the entries above)? Cheers Ken -- My IIS Blog: www.adOpenStatic.com/cs/blogs/ken [quoted text, click to view] "Bob" <someone@microsoft.com> wrote in message
news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl... > Hi > > I have two IIS servers with similar setups, > When I logon to the server and use IE to view the website, everything > works as expected on both servers > > When I use a different computer to view the same pages, then one works OK, > and the other gives me the error in the subject line. > > Looking in the log for the IIS server that gives me the error, there are a > series of errors > 302 0 0 > 301 0 0 > 401 1 0 > 402 2 2148074254 > > Where should I be looking to resolve the error and get the remote browser > sesssion working? > > Thanks Heaps > > Bob >
Here is the log of the latest attempt. I got prompted for credentials 3
times before being rejected. No, there was no status=200 record to indicate sucess #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2007-04-29 21:55:00 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 2 2148074254 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) 401 1 0 [quoted text, click to view] "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl... > 302 = redirect > 301 = redirect > Those are not "errors". Instead your browser is being told to make a new > request for a different page. > > 401.1 is an authentication challenge (you are being challenged to provide > allowed credentials) > > 402.2 - IIS does not implement this error code. Please verify what you > have in your logfile. If it's, instead, 401.2 then that may be part of a > legitimate NTLM authentication. What is the *next* request? Does it have a > 200 OK status? > > Can you post the entire logfile entries you have (including the one > following the entries above)? > > Cheers > Ken > > -- > My IIS Blog: www.adOpenStatic.com/cs/blogs/ken > > "Bob" <someone@microsoft.com> wrote in message > news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl... >> Hi >> >> I have two IIS servers with similar setups, >> When I logon to the server and use IE to view the website, everything >> works as expected on both servers >> >> When I use a different computer to view the same pages, then one works >> OK, and the other gives me the error in the subject line. >> >> Looking in the log for the IIS server that gives me the error, there are >> a series of errors >> 302 0 0 >> 301 0 0 >> 401 1 0 >> 402 2 2148074254 >> >> Where should I be looking to resolve the error and get the remote browser >> sesssion working? >> >> Thanks Heaps >> >> Bob >> >
Hi,
On your server, can you enable "Logon Failure" auditing please (Start -> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable Failure auditing for Account Logon events, and Logon Events (by default only a "Success" is logged). Then, in your Windows Security event Logs, you should start getting some more detailed information on why authentication is failing. Lastly, there are no actual credentials in the log files below. It would appear that perhaps your browser is not actually sending credentials, or IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms have you configured for the "Reports" directory in IIS? (Basic? IWA? Digest?) Cheers Ken [quoted text, click to view] "Bob" <someone@microsoft.com> wrote in message
news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl... > Here is the log of the latest attempt. I got prompted for credentials 3 > times before being rejected. No, there was no status=200 record to > indicate sucess > > #Software: Microsoft Internet Information Services 6.0 > #Version: 1.0 > #Date: 2007-04-29 21:55:00 > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query > s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus > sc-win32-status > 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 2 2148074254 > 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - > 172.17.150.136 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) > 401 1 0 > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message > news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl... >> 302 = redirect >> 301 = redirect >> Those are not "errors". Instead your browser is being told to make a new >> request for a different page. >> >> 401.1 is an authentication challenge (you are being challenged to provide >> allowed credentials) >> >> 402.2 - IIS does not implement this error code. Please verify what you >> have in your logfile. If it's, instead, 401.2 then that may be part of a >> legitimate NTLM authentication. What is the *next* request? Does it have >> a 200 OK status? >> >> Can you post the entire logfile entries you have (including the one >> following the entries above)? >> >> Cheers >> Ken >> >> -- >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken >> >> "Bob" <someone@microsoft.com> wrote in message >> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl... >>> Hi >>> >>> I have two IIS servers with similar setups, >>> When I logon to the server and use IE to view the website, everything >>> works as expected on both servers >>> >>> When I use a different computer to view the same pages, then one works >>> OK, and the other gives me the error in the subject line. >>> >>> Looking in the log for the IIS server that gives me the error, there are >>> a series of errors >>> 302 0 0 >>> 301 0 0 >>> 401 1 0 >>> 402 2 2148074254 >>> >>> Where should I be looking to resolve the error and get the remote >>> browser sesssion working? >>> >>> Thanks Heaps >>> >>> Bob >>> >> > >
Hi Ken,
The AuthN methods is "Windows Integrated", we are not using anonymous, or basic or digest Here is the event log for the failure. The computer is called BAY18, the domain is called TAIPAN-DEV Cheers 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: Unknown user name or bad password User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.17.150.183 Source Port: 2746 " 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT AUTHORITY\SYSTEM BAY18 "Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: IUSR_BAY18 Domain: BAY18 Logon Type: 8 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: BAY18 Caller User Name: kinosweb Caller Domain: TAIPAN-DEV Caller Logon ID: (0x0,0x65AD98) Caller Process ID: 2240 Transited Services: - Source Network Address: - Source Port: - " 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680 BAY18\IUSR_BAY18 BAY18 "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: IUSR_BAY18 Source Workstation: BAY18 Error Code: 0x0 [quoted text, click to view] "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl... > Hi, > > On your server, can you enable "Logon Failure" auditing please (Start -> > Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable > Failure auditing for Account Logon events, and Logon Events (by default > only a "Success" is logged). > > Then, in your Windows Security event Logs, you should start getting some > more detailed information on why authentication is failing. > > Lastly, there are no actual credentials in the log files below. It would > appear that perhaps your browser is not actually sending credentials, or > IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms > have you configured for the "Reports" directory in IIS? (Basic? IWA? > Digest?) > > Cheers > Ken > > > "Bob" <someone@microsoft.com> wrote in message > news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl... >> Here is the log of the latest attempt. I got prompted for credentials 3 >> times before being rejected. No, there was no status=200 record to >> indicate sucess >> >> #Software: Microsoft Internet Information Services 6.0 >> #Version: 1.0 >> #Date: 2007-04-29 21:55:00 >> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query >> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus >> sc-win32-status >> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - >> 172.17.150.136 >> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) >> 401 2 2148074254 >> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - >> 172.17.150.136 >> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) >> 401 1 0 >> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - >> 172.17.150.136 >> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+InfoPath.2) >> 401 1 0 >> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - >> 172.17.150.136
Are the two machines in the same Windows Active Directory Domain?
If so, I think your options are: a) enable Kerberos logging on all machines, and see what errors are being reported. Kerberos authN is failing for some reason, but we don't know why. http://support.microsoft.com/?id=262177 b) edit the metabase to remove Kerberos as an available AuthN option (i.e. so that only "NTLM" is offered and not "Negotiate") Cheers Ken [quoted text, click to view] "Bob" <someone@microsoft.com> wrote in message
news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl... > Hi Ken, > > The AuthN methods is "Windows Integrated", we are not using anonymous, or > basic or digest > Here is the event log for the failure. The computer is called BAY18, the > domain is called TAIPAN-DEV > > Cheers > > 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: Unknown user name or bad password > User Name: > Domain: > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 172.17.150.183 > Source Port: 2746 > " > 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT > AUTHORITY\SYSTEM BAY18 "Logon Failure: > Reason: The user has not been granted the requested > logon type at this machine > User Name: IUSR_BAY18 > Domain: BAY18 > Logon Type: 8 > Logon Process: Advapi > Authentication Package: Negotiate > Workstation Name: BAY18 > Caller User Name: kinosweb > Caller Domain: TAIPAN-DEV > Caller Logon ID: (0x0,0x65AD98) > Caller Process ID: 2240 > Transited Services: - > Source Network Address: - > Source Port: - > " > 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680 > BAY18\IUSR_BAY18 BAY18 "Logon attempt by: > MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Logon account: IUSR_BAY18 > Source Workstation: BAY18 > Error Code: 0x0 > > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message > news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl... >> Hi, >> >> On your server, can you enable "Logon Failure" auditing please (Start -> >> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable >> Failure auditing for Account Logon events, and Logon Events (by default >> only a "Success" is logged). >> >> Then, in your Windows Security event Logs, you should start getting some >> more detailed information on why authentication is failing. >> >> Lastly, there are no actual credentials in the log files below. It would >> appear that perhaps your browser is not actually sending credentials, or >> IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms >> have you configured for the "Reports" directory in IIS? (Basic? IWA? >> Digest?) >> >> Cheers >> Ken >> >> >> "Bob" <someone@microsoft.com> wrote in message >> news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl... >>> Here is the log of the latest attempt. I got prompted for credentials 3 >>> times before being rejected. No, there was no status=200 record to >>> indicate sucess >>> >>> #Software: Microsoft Internet Information Services 6.0 >>> #Version: 1.0 >>> #Date: 2007-04-29 21:55:00 >>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query >>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus >>> sc-win32-status >>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - >>> 172.17.150.136
Ken,
Here is the record from the Sytem Log for Kerberos 30/04/2007 1:36:04 PM Kerberos Error None 3 N/A BAY18 A Kerberos Error Message was received: on logon session Client Time: Server Time: 3:36:4.0000 4/30/2007 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: TAIPAN-DEV.MY.GOV.AU Server Name: host/bay18.taipan-dev.my.gov.au Target Name: host/bay18.taipan-dev.my.gov.au@TAIPAN-DEV.MY.GOV.AU Error Text: File: 9 Line: ae0 Error Data is in record data. Bob [quoted text, click to view] "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:%23JYZPEtiHHA.5052@TK2MSFTNGP05.phx.gbl... > Are the two machines in the same Windows Active Directory Domain? > > If so, I think your options are: > a) enable Kerberos logging on all machines, and see what errors are being > reported. Kerberos authN is failing for some reason, but we don't know > why. http://support.microsoft.com/?id=262177 > > b) edit the metabase to remove Kerberos as an available AuthN option (i.e. > so that only "NTLM" is offered and not "Negotiate") > > Cheers > Ken > > > > "Bob" <someone@microsoft.com> wrote in message > news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl... >> Hi Ken, >> >> The AuthN methods is "Windows Integrated", we are not using anonymous, or >> basic or digest >> Here is the event log for the failure. The computer is called BAY18, the >> domain is called TAIPAN-DEV >> >> Cheers >> >> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: Unknown user name or bad password >> User Name: >> Domain: >> Logon Type: 3 >> Logon Process: Kerberos >> Authentication Package: Kerberos >> Workstation Name: - >> Caller User Name: - >> Caller Domain: - >> Caller Logon ID: - >> Caller Process ID: - >> Transited Services: - >> Source Network Address: 172.17.150.183 >> Source Port: 2746 >> " >> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT >> AUTHORITY\SYSTEM BAY18 "Logon Failure: >> Reason: The user has not been granted the requested >> logon type at this machine >> User Name: IUSR_BAY18 >> Domain: BAY18 >> Logon Type: 8 >> Logon Process: Advapi >> Authentication Package: Negotiate >> Workstation Name: BAY18 >> Caller User Name: kinosweb >> Caller Domain: TAIPAN-DEV >> Caller Logon ID: (0x0,0x65AD98) >> Caller Process ID: 2240 >> Transited Services: - >> Source Network Address: - >> Source Port: - >> " >> 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680 >> BAY18\IUSR_BAY18 BAY18 "Logon attempt by: >> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 >> Logon account: IUSR_BAY18 >> Source Workstation: BAY18 >> Error Code: 0x0 >> >> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message >> news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl... >>> Hi, >>> >>> On your server, can you enable "Logon Failure" auditing please (Start -> >>> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can >>> enable Failure auditing for Account Logon events, and Logon Events (by >>> default only a "Success" is logged). >>> >>> Then, in your Windows Security event Logs, you should start getting some >>> more detailed information on why authentication is failing. >>> >>> Lastly, there are no actual credentials in the log files below. It would
Ken,
Some good news. I have solved the problem. It seems that by using a different user account in the AppPool, then that user and the server need to ahve their "servicePrincipalName" attribute populated in AD. The commands to acheive this are setspn -a http/bay18 taipan-dev\kinosweb setspn -a http/bay18.taipan-dev.my.gov.au taipan-dev\kinosweb By running these two commands on the domain controller, everything now works as expected Thanks for your help [quoted text, click to view] "Bob" <someone@microsoft.com> wrote in message
news:OejwXutiHHA.3472@TK2MSFTNGP04.phx.gbl... > Ken, > > Here is the record from the Sytem Log for Kerberos > 30/04/2007 1:36:04 PM Kerberos Error None 3 N/A BAY18 A Kerberos Error > Message was received: > on logon session > Client Time: > Server Time: 3:36:4.0000 4/30/2007 Z > Error Code: 0xd KDC_ERR_BADOPTION > Extended Error: 0xc00000bb KLIN(0) > Client Realm: > Client Name: > Server Realm: TAIPAN-DEV.MY.GOV.AU > Server Name: host/bay18.taipan-dev.my.gov.au > Target Name: host/bay18.taipan-dev.my.gov.au@TAIPAN-DEV.MY.GOV.AU > Error Text: > File: 9 > Line: ae0 > Error Data is in record data. > > Bob > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message > news:%23JYZPEtiHHA.5052@TK2MSFTNGP05.phx.gbl... >> Are the two machines in the same Windows Active Directory Domain? >> >> If so, I think your options are: >> a) enable Kerberos logging on all machines, and see what errors are being >> reported. Kerberos authN is failing for some reason, but we don't know >> why. http://support.microsoft.com/?id=262177 >> >> b) edit the metabase to remove Kerberos as an available AuthN option >> (i.e. so that only "NTLM" is offered and not "Negotiate") >> >> Cheers >> Ken >> >> >> >> "Bob" <someone@microsoft.com> wrote in message >> news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl... >>> Hi Ken, >>> >>> The AuthN methods is "Windows Integrated", we are not using anonymous, >>> or basic or digest >>> Here is the event log for the failure. The computer is called BAY18, >>> the domain is called TAIPAN-DEV >>> >>> Cheers >>> >>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: >>> Domain: >>> Logon Type: 3 >>> Logon Process: Kerberos >>> Authentication Package: Kerberos >>> Workstation Name: - >>> Caller User Name: - >>> Caller Domain: - >>> Caller Logon ID: - >>> Caller Process ID: - >>> Transited Services: - >>> Source Network Address: 172.17.150.183 >>> Source Port: 2746 >>> " >>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT >>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>> Reason: The user has not been granted the requested >>> logon type at this machine >>> User Name: IUSR_BAY18 >>> Domain: BAY18 >>> Logon Type: 8 >>> Logon Process: Advapi >>> Authentication Package: Negotiate >>> Workstation Name: BAY18 >>> Caller User Name: kinosweb >>> Caller Domain: TAIPAN-DEV >>> Caller Logon ID: (0x0,0x65AD98) >>> Caller Process ID: 2240 >>> Transited Services: - >>> Source Network Address: - >>> Source Port: - >>> " >>> 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680 >>> BAY18\IUSR_BAY18 BAY18 "Logon attempt by:
Hi,
Yes, if you are running the Web App Pool under an account under the inbuilt default principals (LocalSystem, Local Service, Network Service) you will need to register the SPN properly: IIS and Kerberos Part 2 - What are Service Principal Names? http://www.adopenstatic.com/cs/blogs/ken/archive/2006/11/19/606.aspx Cheers Ken [quoted text, click to view] "Bob" <someone@microsoft.com> wrote in message
news:%23f8TCguiHHA.4976@TK2MSFTNGP03.phx.gbl... > Ken, > > Some good news. I have solved the problem. > It seems that by using a different user account in the AppPool, then that > user and the server need to ahve their "servicePrincipalName" attribute > populated in AD. > The commands to acheive this are > > > setspn -a http/bay18 taipan-dev\kinosweb > > setspn -a http/bay18.taipan-dev.my.gov.au taipan-dev\kinosweb > > > By running these two commands on the domain controller, everything now > works as expected > > Thanks for your help > > "Bob" <someone@microsoft.com> wrote in message > news:OejwXutiHHA.3472@TK2MSFTNGP04.phx.gbl... >> Ken, >> >> Here is the record from the Sytem Log for Kerberos >> 30/04/2007 1:36:04 PM Kerberos Error None 3 N/A BAY18 A Kerberos Error >> Message was received: >> on logon session >> Client Time: >> Server Time: 3:36:4.0000 4/30/2007 Z >> Error Code: 0xd KDC_ERR_BADOPTION >> Extended Error: 0xc00000bb KLIN(0) >> Client Realm: >> Client Name: >> Server Realm: TAIPAN-DEV.MY.GOV.AU >> Server Name: host/bay18.taipan-dev.my.gov.au >> Target Name: host/bay18.taipan-dev.my.gov.au@TAIPAN-DEV.MY.GOV.AU >> Error Text: >> File: 9 >> Line: ae0 >> Error Data is in record data. >> >> Bob >> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message >> news:%23JYZPEtiHHA.5052@TK2MSFTNGP05.phx.gbl... >>> Are the two machines in the same Windows Active Directory Domain? >>> >>> If so, I think your options are: >>> a) enable Kerberos logging on all machines, and see what errors are >>> being reported. Kerberos authN is failing for some reason, but we don't >>> know why. http://support.microsoft.com/?id=262177 >>> >>> b) edit the metabase to remove Kerberos as an available AuthN option >>> (i.e. so that only "NTLM" is offered and not "Negotiate") >>> >>> Cheers >>> Ken >>> >>> >>> >>> "Bob" <someone@microsoft.com> wrote in message >>> news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl... >>>> Hi Ken, >>>> >>>> The AuthN methods is "Windows Integrated", we are not using anonymous, >>>> or basic or digest >>>> Here is the event log for the failure. The computer is called BAY18, >>>> the domain is called TAIPAN-DEV >>>> >>>> Cheers >>>> >>>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> " >>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT >>>> AUTHORITY\SYSTEM BAY18 "Logon Failure: >>>> Reason: Unknown user name or bad password >>>> User Name: >>>> Domain: >>>> Logon Type: 3 >>>> Logon Process: Kerberos >>>> Authentication Package: Kerberos >>>> Workstation Name: - >>>> Caller User Name: - >>>> Caller Domain: - >>>> Caller Logon ID: - >>>> Caller Process ID: - >>>> Transited Services: - >>>> Source Network Address: 172.17.150.183 >>>> Source Port: 2746 >>>> "
Hi.
Nobody will help you. Becouse Micorosft are bad. I have installed iis6 and when i try to open php it give HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource. Internet Information Services (IIS) HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI application. Internet Information Services (IIS) did you see Microsoft,are bad. This problems are from 2004 and again are coming. They only can give you information what is that,but they can't give you answers. SHAME MICROSOFT. That is it for now. Goodbye.
OP has no problems running PHP - he has a Kerberos issue.
There are many tutorials on how to install/configure PHP on IIS on the web (I even have one on my blog for running PHP on IIS 7). PHP is not a MIcrosoft product - you should get support from the PHP team if you wish to install/configure their product. Cheers Ken -- My IIS Blog: www.adOpenStatic.com/cs/blogs/ken [quoted text, click to view] "Plamen" <pichaga@pichaga.com> wrote in message
news:O8$q9l3jHHA.4188@TK2MSFTNGP02.phx.gbl... > Hi. > > Nobody will help you. > Becouse Micorosft are bad. > I have installed iis6 and when i try to open php it give > > HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the > requested resource. > Internet Information Services (IIS) > > HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI > application. > Internet Information Services (IIS) > did you see Microsoft,are bad. > This problems are from 2004 and again are coming. > > They only can give you information what is that,but they can't give you > answers. > SHAME MICROSOFT. > > That is it for now. > > Goodbye. >
Hi.
Ops.Man you are on error. Microsoft don't say nothing for this error. I don't have installed kerberos,so this is Micorosft problems,bastard. That is it for now. Goodbye. From http://www.developmentnow.com/g/91_2007_5_0_0_963689/You-are-not-authorized-to-view-this-page.htm Posted via DevelopmentNow.com Groups
Hi,
Kerberos is in-built into Windows. You have a PHP problem - this thread is about Kerberos configuration. You seem to be completely confused as to what is being discussed here. If you have a PHP problem, please start a new thread about your configuration. Cheers Ken [quoted text, click to view] "Plamen" <pichaga@pichaga.com> wrote in message
news:21766d76-bf79-4108-9f5c-ae9c18304790@developmentnow.com... > Hi. > > Ops.Man you are on error. > > Microsoft don't say nothing for this error. > I don't have installed kerberos,so this is Micorosft problems,bastard. > > That is it for now. > > Goodbye. > > From > http://www.developmentnow.com/g/91_2007_5_0_0_963689/You-are-not-authorized-to-view-this-page.htm > > Posted via DevelopmentNow.com Groups > http://www.developmentnow.com
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |