|
Home > Archive > IIS Server Security > November 2004 > KRB_AP_ERR_MODIFIED
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
KRB_AP_ERR_MODIFIED
|
|
| Jörgen 2004-11-15, 8:06 am |
| The error below occurs periodically when running a webapplication (.net). The
server is a Windows 2003 and the clients run Windows XP. It is a intranet
with Windows integrated authentication.
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/pasp1h1.forsmark.se. This indicates..." Source: Kerberos, id=4.
While you are using the webapplication a loginform popup periodically.
Sometimes it works to login, but not always. If you leave the webform open in
IE for about 30 minutes and then return and click some link the loginform
always popup. It works for a while if you close and reopen IE.
The iis applicationpool runs under a domain user because the webapplication
needs to write files on a fileserver.
We have a testserver where the webapplication works with no problems. I set
up a new webserver but got the same problem. If I use the IP-adress instead
of the servername in IE it seems too work. If the applicationpool runs under
the Network service it also works.
Thanks in advance for any help!
//Jörgen
| |
| JustinNg 2004-11-16, 7:47 am |
|
"Jörgen" <Jörgen@discussions.microsoft.com> wrote in message
news:8BC71ECF-E72D-4F77-AF7F-1421877D03A2@microsoft.com...
> The error below occurs periodically when running a webapplication (.net).
> The
> server is a Windows 2003 and the clients run Windows XP. It is a intranet
> with Windows integrated authentication.
>
> "The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
> host/pasp1h1.forsmark.se. This indicates..." Source: Kerberos, id=4.
>
> While you are using the webapplication a loginform popup periodically.
> Sometimes it works to login, but not always. If you leave the webform open
> in
> IE for about 30 minutes and then return and click some link the loginform
> always popup. It works for a while if you close and reopen IE.
>
> The iis applicationpool runs under a domain user because the
> webapplication
> needs to write files on a fileserver.
>
> We have a testserver where the webapplication works with no problems. I
> set
> up a new webserver but got the same problem. If I use the IP-adress
> instead
> of the servername in IE it seems too work. If the applicationpool runs
> under
> the Network service it also works.
>
> Thanks in advance for any help!
> //Jörgen
>
Kerberos is quite sensitive to connections that use user accounts to run
services. refer to
http://www.microsoft.com/resources/..._forcentlm.mspx
You can disable Kerberos and use NTLM instead by using vbscript or editing
the metabase.
cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders "Negotiate,NTLM"
| |
| Jörgen 2004-11-18, 7:47 am |
| Thank's for your answer, it solved my problem.
//Jörgen
"JustinNg" wrote:
>
> "Jörgen" <Jörgen@discussions.microsoft.com> wrote in message
> news:8BC71ECF-E72D-4F77-AF7F-1421877D03A2@microsoft.com...
> Kerberos is quite sensitive to connections that use user accounts to run
> services. refer to
> http://www.microsoft.com/resources/..._forcentlm.mspx
>
> You can disable Kerberos and use NTLM instead by using vbscript or editing
> the metabase.
> cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders "Negotiate,NTLM"
>
>
>
|
|
|
|
|