|
Home > Archive > IIS Server Security > May 2005 > unable to authenticate to IIS 6
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
unable to authenticate to IIS 6
|
|
|
| Hi,
I just setup an IIS 6 server on one of the member server in my AD domain
and created a virtual directory.
I would like to be able to use webfolder and IE to access this virtual
directory However, I can't seem to get the authentication working
properly. The only way I can get access to the virtual directory is to
use anonymous logon. If I enable any one of the authenticated access,
only the basic authentication will work (still only on IE but not
webfolder). I have checked NTFS permission on the virtual directory as
well as the status of webdav (allowed) and everything seems right to me.
Anyone has an idea?
Thanks
Keith
| |
| Tom Kaminski [MVP] 2005-05-17, 5:52 pm |
| "OM" <hkg04@hotmail.com> wrote in message
news:%23MIkOelWFHA.3176@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> I just setup an IIS 6 server on one of the member server in my AD domain
> and created a virtual directory.
>
> I would like to be able to use webfolder and IE to access this virtual
> directory However, I can't seem to get the authentication working
> properly. The only way I can get access to the virtual directory is to use
> anonymous logon. If I enable any one of the authenticated access, only the
> basic authentication will work (still only on IE but not webfolder). I
> have checked NTFS permission on the virtual directory as well as the
> status of webdav (allowed) and everything seems right to me.
>
> Anyone has an idea?
What NTFS permissions are set on the folder?
Can you post the section of the IIS log file that shows the access attempts?
--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
| |
|
| Tom Kaminski [MVP] wrote:
> "OM" <hkg04@hotmail.com> wrote in message
> news:%23MIkOelWFHA.3176@TK2MSFTNGP12.phx.gbl...
>
>
>
> What NTFS permissions are set on the folder?
> Can you post the section of the IIS log file that shows the access attempts?
>
Thanks for the reply Tom. I have assigned NTFS full control to the
authenticated account
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-05-17 15:50:05
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
sc-win32-status
2005-05-17 15:50:05 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-05-17 15:50:05 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252
2005-05-17 15:50:14 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 15:50:23 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252
2005-05-17 15:52:16 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-05-17 15:52:16 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 15:52:20 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 15:52:31 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.83
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
401 3 5
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-05-17 15:54:27
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
sc-win32-status
2005-05-17 15:54:27 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.7.7)+Gecko/20050414+Firefox/1.0.3
401 2 2148074254
2005-05-17 15:54:40 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.83
Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.7.7)+Gecko/20050414+Firefox/1.0.3
401 3 5
2005-05-17 15:54:57 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.83
Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.7.7)+Gecko/20050414+Firefox/1.0.3
401 3 5
2005-05-17 15:54:59 W3SVC1 10.10.10.89 GET /favicon.ico - 80 -
10.10.10.83
Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.7.7)+Gecko/20050414+Firefox/1.0.3
404 0 2
2005-05-17 15:55:16 W3SVC1 10.10.10.89 PROPFIND /webdav - 80 -
10.10.10.83 Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2005-05-17 15:55:16 W3SVC1 10.10.10.89 PROPFIND /webdav - 80 -
10.10.10.83 Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
2005-05-17 15:55:16 W3SVC1 10.10.10.89 PROPFIND /webdav - 80 -
10.10.10.83 Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-05-17 16:19:02
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
sc-win32-status
2005-05-17 16:19:02 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-05-17 16:19:28 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 16:19:35 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074257
2005-05-17 16:19:42 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 3 5
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-05-17 16:20:54
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
sc-win32-status
2005-05-17 16:20:54 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 2 2148074254
2005-05-17 16:20:54 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 16:20:56 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 16:21:00 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 3 5
2005-05-17 16:21:09 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252
2005-05-17 16:21:09 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.89
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322)
401 1 2148074252
Thanks
| |
| Tom Kaminski [MVP] 2005-05-18, 6:03 pm |
| "OM" <hkg04@hotmail.com> wrote in message
news:uSc965vWFHA.3760@TK2MSFTNGP15.phx.gbl...
> Tom Kaminski [MVP] wrote:
>
> Thanks for the reply Tom. I have assigned NTFS full control to the
> authenticated account
>
>
> #Software: Microsoft Internet Information Services 6.0
> #Version: 1.0
> #Date: 2005-05-17 15:50:05
> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
> sc-win32-status
> 2005-05-17 15:50:05 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> 401 2 2148074254
> 2005-05-17 15:50:05 W3SVC1 10.10.10.89 GET /webdav - 80 - 10.10.10.83
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> 401 1 2148074252
> 2005-05-17 15:50:14 W3SVC1 10.10.10.89 GET /webdav - 80 TRWIN\ngkeith
> 10.10.10.83
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
> 401 3 5
You're getting a 401.3 error for TRWIN\ngkeith - is that the account that
has NTFS permissions? What does TRWIN represent?
--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
| |
|
| Tom Kaminski [MVP] wrote:
> "OM" <hkg04@hotmail.com> wrote in message
> news:uSc965vWFHA.3760@TK2MSFTNGP15.phx.gbl...
>
>
>
> You're getting a 401.3 error for TRWIN\ngkeith - is that the account that
> has NTFS permissions? What does TRWIN represent?
>
yes, that account has read, write and list folder NTFS permission on the
shared folder that the virtual directory defined. TRWIN is the name of
AD domain.
One thing I want to mentioned is that if I specify this username and
password in the connect as field within the virtual directory, it will
let me in (it still prompt me for the username and password and it is
only working on IE but not web folder).
Thanks
| |
|
| OM wrote:
> Tom Kaminski [MVP] wrote:
>
>
>
> yes, that account has read, write and list folder NTFS permission on the
> shared folder that the virtual directory defined. TRWIN is the name of
> AD domain.
>
> One thing I want to mentioned is that if I specify this username and
> password in the connect as field within the virtual directory, it will
> let me in (it still prompt me for the username and password and it is
> only working on IE but not web folder).
>
> Thanks
Hi Tom,
I figure that my problem has to do with assigning users in frontpage
extension. It works if the virtual directory is pointing to a local
folder. It will not work if it is a shared folder (I can't even manage
it from remote IE it is not a local folder)
Keith
| |
| Tom Kaminski [MVP] 2005-05-20, 6:03 pm |
| "OM" <hkg04@hotmail.com> wrote in message
news:%23BnwjXKXFHA.2468@TK2MSFTNGP10.phx.gbl...
> OM wrote:
>
> Hi Tom,
>
> I figure that my problem has to do with assigning users in frontpage
> extension. It works if the virtual directory is pointing to a local
> folder. It will not work if it is a shared folder (I can't even manage it
> from remote IE it is not a local folder)
I haven't tried that. You're on IIS 6?
--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
| |
|
| Tom Kaminski [MVP] wrote:
> "OM" <hkg04@hotmail.com> wrote in message
> news:%23BnwjXKXFHA.2468@TK2MSFTNGP10.phx.gbl...
>
>
>
> I haven't tried that. You're on IIS 6?
>
Sorry for the late reply, I was thinking no one is reading the thread
anymore. Yes, it is on IIS 6 without SP1.
OM
| |
| Mike Masi 2005-05-25, 6:02 pm |
| Hey Tom,
If you are using a file share, also check the permissions of the file
share.
You know that there are a few issues with WebDAV on the client side
right? IE 6 on windows 2003 is missing that functionality, the files to
install it can be taken from win2k or xp. Also, there is a patch for
WebDAV client on MS site.
Thanks,
Mike
*** Sent via Developersdex http://www.codecomments.com ***
| |
|
| Mike Masi wrote:
> Hey Tom,
> If you are using a file share, also check the permissions of the file
> share.
> You know that there are a few issues with WebDAV on the client side
> right? IE 6 on windows 2003 is missing that functionality, the files to
> install it can be taken from win2k or xp. Also, there is a patch for
> WebDAV client on MS site.
> Thanks,
> Mike
>
> *** Sent via Developersdex http://www.codecomments.com ***
Thanks for the advice Mike,
So what is the issues about webdav?
Regarding the NTFS permission I have already assigned full permission
for the authenticated users.
OM
|
|
|
|
|