|
Home > Archive > IIS Server > January 2004 > Re: Windows Integrated Authentication returning "Server not found or DNS Error&qu
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: Windows Integrated Authentication returning "Server not found or DNS Error&qu
|
|
| Grizmister 2004-01-24, 1:35 am |
| For Win2K / IIS 5.0, I found that applying SP4 solved the problem.
Perico <nospam@nospam.com> wrote in message news:<O3kJb.2353057$uj6.5730949@telenews.teleline.es>...[QUOTE][color=darkred]
> I fount exactly the same problem in my job running win2k server and iis
> 5.0
>
> If somebody knows how to fix that problem please post it here.
>
> Thanks in advance
>
> Grizmister wrote:
>
| |
| Grizmister 2004-01-24, 1:35 am |
| Ques 1: Is the web domain listed in the Intranet zone on the
browser's security tab?
Negative.
Ques 2: Are you using a proxy server...
Negative to both questions.
jcochran.nospam@naplesgov.com (Jeff Cochran) wrote in message news:<3ff880e1.6364561@msnews.microsoft.com>...quote:
>
> Is the web domain listed in the Intranet zone on the browser's
> security tab? Are you using a proxy server, and/or have you done
> this:
>
> Control Panel -> Internet Options -> Connections -> LAN Settings ->
> Uncheck everything.
>
> Jeff
| |
| Grizmister 2004-01-24, 1:35 am |
| "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:<uDiPZfd0DHA.1916@TK2MSFTNGP10.phx.gbl>...quote:
> If you install NetMon on a third machine unrelated to the server and client
> (i.e. not disturb the network timing between the two machines) and monitor
> their does the issue reproduce itself? This is how you want to capture the
> issue without disturbing the timing on the server/client (i.e. a third-party
> observer running NetMon should be able to take a trace of the entire thing).
This would be possible if we were _not_ an all switched network. And
unfortunately, the switches don't have the intelligence to let one
port sniff the activity on another port. So to catch a NetMon trace
with a third-party machine will require at least 2 weeks with the
network staff to migrate one of the servers to a switch that has port
monitoring configured so we can collect a 3rd party trace. Of course,
re-configuring the network to do so could change the timing and make
it harder to reproduce the problem. But we'll go there if we have to.
quote:
> I'm not certain how the AD Server can respond faster than TCP would allow
> since its response is transported by TCP...
My thought was that if you have full-duplex, the AD server could start
sending TCP ACK packets while the auth requesting server was still
sending the data packets. But I may be all wet here since I am unable
to see the code of how the TCP/IP sub-system is implemented. ( I
vaguely remember in a Win95 / SAMBA server implementation, you
couldn't send more than 2 packets at a time because that's all Win95's
TCP/IP sub-system could buffer without dropping packets and forcing a
re-transmission. But I digress.)
quote:
> Now, is the "Server not found" message the the actual error response
> returned when IE's "Show Friendly HTTP Error" is turned off (i.e. what does
> IIS ACTUALLY return for the request which you claim arrived and is served by
> IIS?). This error response contains useful information (or you can look at
> the web log file to give the HTTP Status code and Win32 error code for the
> request that returns "Server not found")
"Server not found or DNS error" is the exact text of the message
displayed in the browser with "Show Friendly HTTP Error" disabled.
quote:
>
> If it is some sort of connection-level error, you would also find evidence
> in %SYSTEMROOT%\System32\LogFiles\HTTPERR\*
.log for that request.
>
> Please give the IIS and HTTPERR log file lines around the request that
> returns "Server not found" as well as NetMon trace.
Correction from my initial post. I _thought_ IIS was logging the
request, but I can find no entry now that I try to reproduce it ( must
have been IIS 5.0 / W2K ). Nothing in HTTPERR\*.log either related to
this request.
quote:
>
> Also, since this is NTLM-related -- can you give the authentication settings
> of all the apps on the website visited by the IE browser (is it uniformly
> NTLM or contains other authentication types as well) as well as when the
> user clicks the link, is it making a POST or a GET request (i.e. is this
> posting a form?)
- GET request.
- Only One Site. IsDefault. 3 Virtual Directories under the default
web site.
- Default Web Site security configuration.
Enable Anonymous Access - Checked ( IUSR_servername )
Integrated Windows Authentication - Checked
Digest authentication - Checked
Basic authentication - not checked
.NET Passport Authentication - not checked
- 3 Virtual Directories
Enable Anonymous Access - not checked ( IUSR_servername )
Integrated Windows Authentication - Checked
Digest authentication - Checked
Basic authentication - not checked
.NET Passport Authentication - not checked
Anything else?
Thanks for your help David. Much appreciated.
quote:
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "Grizmister" <grimes73a@yahoo.com> wrote in message
> news:48db783b.0312311514.1f07433f@posting.google.com...
> This one may be for the microsoft internal development staff.
>
> PROBLEM DESCRIPTION
> This problem first manifested itself in our Windows 2000 / IIS 5.0
> environment. When an IE 6.0 user clicks on a link to display an ASP
> web page on an IIS server they _immediately_ get a "Server not found
> or DNS error" response in the browser. However, if they F5 (refresh)
> 3,4,5,6, or more times the ASP generated page eventually displays.
>
> RESEARCH TO DATE
> We traced the problem to some kind of a network timing issue with
> Windows Integrated Authentication enabled in IIS for the particular
> site. However when we enabled the NetMon packet driver to collect
> TCP/IP packets in trying to zero in on the exact problem, the problem
> became much much harder to reproduce. (The app worked as expected.)
> As soon as we disabled the NetMon driver, the problem returned. This
> behavior supports our theory that the problem was a network timing
> issue in the TCP/IP subsystem.
>
> Before we found the root of the problem, SP4 came out for Windows 2000
> Server and the problem went away. I cannot find anything in the list
> of documented fixes that points to the problem we were experiencing.
>
> However, now we are experiencing the exact same senario on our Windows
> 2003 IIS 6.0 Servers. One running SharePoint. One running a third
> party app. Both requiring Windows Integrated Authentication.
>
> No recored errors or warnings are recorded in the event logs.
> I have verified in the IIS Logs that the server received the page
> request even when the browser displays "Server not found". So we know
> the request is getting to the IIS server.
>
> ENVIRONMENT
> The servers are connected 100 Mbit Full-Duplex Switched Ethernet to a
> 1 GB backplane. The only thing I can figure from looking at the
> NetMon packets collected is that IIS is sending a request to the
> ActiveDirectory server to verify authentication and the AD server is
> responding faster than the TCP/IP sub-system is able to accept the
> result and pass it back up to IIS as valid.
>
> 2 AD Servers are Win 2000 w/ SP4
> Windows 2000 / IIS 5.0 Servers running SP4 work fine
> Windows 2000 / IIS 5.0 Servers running SP3 reproduce the error
> Windows 2003 / IIS 6.0 Servers reproduce the error
> All systems are on the same 10.x.x.x subnet.
>
> REQUEST
> I've searched msdn, technet, and usenet for hours looking for a
> similar documented experience or a fix. Nothing.
>
> Is there anyone who can provide some additional insight that yes this
> is a known problem and/or where I can go to get a fix for Win2003?
| |
| Kostas 2004-01-31, 12:34 pm |
| Not sure if this is a solution to the problem but I just found on a
different posting that for window integrated security to work you must
have HTTP Keep-Alives setting Enabled in IIS.
grimes73a@yahoo.com (Grizmister) wrote in message news:<48db783b.0401050740.20f1cbac@posting.google.com>...[QUOTE][color=darkred]
> Ques 1: Is the web domain listed in the Intranet zone on the
> browser's security tab?
>
> Negative.
>
> Ques 2: Are you using a proxy server...
> Negative to both questions.
>
> jcochran.nospam@naplesgov.com (Jeff Cochran) wrote in message news:<3ff880e1.6364561@msnews.microsoft.com>...
|
|
|
|
|