IIS Server Security - The function requested is not supported

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > December 2004 > The function requested is not supported





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author The function requested is not supported
micheds

2004-12-15, 1:18 am

Hi,

I've just finished migrating an asp.net migration from a Windows 2000 to a Windows 2003 box. The application uses Integrated Authentication to determine whether the current user exists in one of four local groups (to which individual accounts are added manually).

Most XP users can browse to the site without trouble. All of our Windows 2000 users receive a vague, one-line error message:

The function requested is not supported.

A handfull of XP users are also receiving the following error:

You are not authorized to view this page
You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the Web server.

The option Use Windows Integrated Authentication is turned on in the Internet Options/Advanced sheet in IE. All users are using the latest versions of IE and their respective OSes.

At the server/IIS end, anonymous access is disabled for the site to require authenticated login. The box is running .Net 1.1 with the W2K3 patch applied and a single, non-default application pool is configured, to which the application has been added.

The system and application event logs show nothing seemingly related, although I have just come across this one:
"Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Description:
The Security System could not establish a secured connection with the server DNS/ns1.xxx.com. No authentication protocol was available."

The C:\WINDOWS\system32\LogFiles\HTTPERR log file reveals nothing conclusive other than a number timeouts. The IIS logs contain the following interesting entries:

2004-12-15 07:05:03 134.251.189.240 GET / - 80 - 134.251.220.146 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 401 1 0
2004-12-15 07:05:03 134.251.189.240 GET / - 80 - 134.251.220.146 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705) 500 0 2148074242

2148074242 equates to "The function requested is not supported"

Would Delegation of Authentication save the day here? My guess is this is security issue to do with Integrated Authentication on W2k3 but apart from that... I'm stuck!

Thanks,
Michael
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com