|
Home > Archive > IIS Server Security > August 2005 > Login Prompt for a domain user on IIS 6.0 Business Portal Site
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Login Prompt for a domain user on IIS 6.0 Business Portal Site
|
|
| jhmphl 2005-08-25, 6:04 pm |
| We have a server running IIS 6.0/ Solomon Business Portal/ Windows Server 2003.
A particular domain user receives a prompt for username and password when
entering an intranet site from her PC. User enters credentials, but username
and password are rejected.
User tries this from another PC, and is not prompted for credentials. Other
users are able to log on to this users PC (Windows XP SP 2) and enter the
intranet site without being prompted for credentials.
From the security log in the IIS server:
08/25/2005 12:11:40 PM Security Failure Audit Logon/Logoff 537 NT
AUTHORITY\SYSTEM VIKING "Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: VIKING
Status code: 0xC000040A
Substatus code: 0x0
Caller User Name: VIKING$
Caller Domain: TCD1
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1576
Transited Services: -
Source Network Address: -
Source Port:
I have also enabled kerberos logging, but am unable to make sense of these
entries in lsass.log:
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x24441cf9, accepting 0:0x3e7
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x24481e9b, accepting 0:0x3e7
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x244b9f21, accepting 0:0x3e7
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x244d0ed1, accepting 0:0x3e7
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x244f4291, accepting 0:0x3e7
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x24530b10, accepting 0:0x3e7
1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
logon session for 0:0x2456ba2f, accepting 0:0x3e7
1080.1220> Kerb-Trace: KerbCreateTokenFromTicket for
Any help would be greatly appreciated.
| |
| jhmphl 2005-08-26, 5:59 pm |
| I solved the issue by deleting and re-creating the users profile on their
workstation.
"jhmphl" wrote:
> We have a server running IIS 6.0/ Solomon Business Portal/ Windows Server 2003.
> A particular domain user receives a prompt for username and password when
> entering an intranet site from her PC. User enters credentials, but username
> and password are rejected.
>
> User tries this from another PC, and is not prompted for credentials. Other
> users are able to log on to this users PC (Windows XP SP 2) and enter the
> intranet site without being prompted for credentials.
>
> From the security log in the IIS server:
>
> 08/25/2005 12:11:40 PM Security Failure Audit Logon/Logoff 537 NT
> AUTHORITY\SYSTEM VIKING "Logon Failure:
> Reason: An error occurred during logon
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Authz
> Authentication Package: Kerberos
> Workstation Name: VIKING
> Status code: 0xC000040A
> Substatus code: 0x0
> Caller User Name: VIKING$
> Caller Domain: TCD1
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1576
> Transited Services: -
> Source Network Address: -
> Source Port:
>
> I have also enabled kerberos logging, but am unable to make sense of these
> entries in lsass.log:
>
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x24441cf9, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x24481e9b, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x244b9f21, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x244d0ed1, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x244f4291, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x24530b10, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x2456ba2f, accepting 0:0x3e7
> 1080.1220> Kerb-Trace: KerbCreateTokenFromTicket for
>
> Any help would be greatly appreciated.
>
>
>
|
|
|
|
|