|
Home > Archive > IIS Server Security > November 2006 > NTLM Authentication on IIS 6.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
NTLM Authentication on IIS 6.0
|
|
| kaverorzi@gmail.com 2006-11-07, 7:21 pm |
| I have an Intranet site set up on IIS 6.0 and have an intermitten
problem. A couple of areas on the Intranet are restricted. We have
Windows Intergrated Authentication enabled on the couple of pages that
require access. I have a security group set up with only the users who
require access and the group has full control. No other account has
access. The problem happens to everyone in the security group.
Sometimes a user can go for two weeks without being prompted for
username/password and sometimes it happens two or three times a day.
When I click the link and am prompted, I use my userid/password and
authentacation fails. I use the administrator un/pw and that fails.
Other users use their logons and fails also. Now everytime I am
prompted and use the local administrator username/password for that
server, it works everytime. I know that NtAuthenticationProviders is
set to Negotiate,NTLM since that is supposed to be the default, and I
never changed it. The following is logged to the security log when
unable to access the intranet page:
11/7/2006 4:32:35 PM Security Failure Audit Account Logon 680 NT
AUTHORITY\SYSTEM FEC-2KNT4 "Logon attempt
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_
0
Logon account: administrator
Source Workstation: IT_OPERATOR
Error Code: 0xC000006A
The 529 event it also will show up but that is the usual logon failure
I often see returned for all kinds of authentacition problems.
I can't seem to be able to figure out what I have configured wrong and
why it is intermitten. If it failed every single time this wouldn't
seem as strange to me. Any suggestions would be greatly appreciated.
Thanks!
Rick
| |
| Ken Schaefer 2006-11-13, 8:59 am |
| 0xC000006A = STATUS_WRONG_PASSWORD
You may wish to check that you don't have any issues with the webserver
connecting to the Domain Controller to verify usernames/passwords
Cheers
Ken
<kaverorzi@gmail.com> wrote in message
news:1162939554.082625.192970@m7g2000cwm.googlegroups.com...
>I have an Intranet site set up on IIS 6.0 and have an intermitten
> problem. A couple of areas on the Intranet are restricted. We have
> Windows Intergrated Authentication enabled on the couple of pages that
> require access. I have a security group set up with only the users who
> require access and the group has full control. No other account has
> access. The problem happens to everyone in the security group.
> Sometimes a user can go for two weeks without being prompted for
> username/password and sometimes it happens two or three times a day.
> When I click the link and am prompted, I use my userid/password and
> authentacation fails. I use the administrator un/pw and that fails.
> Other users use their logons and fails also. Now everytime I am
> prompted and use the local administrator username/password for that
> server, it works everytime. I know that NtAuthenticationProviders is
> set to Negotiate,NTLM since that is supposed to be the default, and I
> never changed it. The following is logged to the security log when
> unable to access the intranet page:
> 11/7/2006 4:32:35 PM Security Failure Audit Account Logon 680 NT
> AUTHORITY\SYSTEM FEC-2KNT4 "Logon attempt
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Logon account: administrator
> Source Workstation: IT_OPERATOR
> Error Code: 0xC000006A
>
> The 529 event it also will show up but that is the usual logon failure
> I often see returned for all kinds of authentacition problems.
>
> I can't seem to be able to figure out what I have configured wrong and
> why it is intermitten. If it failed every single time this wouldn't
> seem as strange to me. Any suggestions would be greatly appreciated.
>
> Thanks!
>
> Rick
>
| |
| kaverorzi@gmail.com 2006-11-13, 8:59 am |
| kaverorzi@gmail.com wrote:
> I have an Intranet site set up on IIS 6.0 and have an intermitten
> problem. A couple of areas on the Intranet are restricted. We have
> Windows Intergrated Authentication enabled on the couple of pages that
> require access. I have a security group set up with only the users who
> require access and the group has full control. No other account has
> access. The problem happens to everyone in the security group.
> Sometimes a user can go for two weeks without being prompted for
> username/password and sometimes it happens two or three times a day.
> When I click the link and am prompted, I use my userid/password and
> authentacation fails. I use the administrator un/pw and that fails.
> Other users use their logons and fails also. Now everytime I am
> prompted and use the local administrator username/password for that
> server, it works everytime. I know that NtAuthenticationProviders is
> set to Negotiate,NTLM since that is supposed to be the default, and I
> never changed it. The following is logged to the security log when
> unable to access the intranet page:
> 11/7/2006 4:32:35 PM Security Failure Audit Account Logon 680 NT
> AUTHORITY\SYSTEM FEC-2KNT4 "Logon attempt
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_
0
> Logon account: administrator
> Source Workstation: IT_OPERATOR
> Error Code: 0xC000006A
>
> The 529 event it also will show up but that is the usual logon failure
> I often see returned for all kinds of authentacition problems.
>
> I can't seem to be able to figure out what I have configured wrong and
> why it is intermitten. If it failed every single time this wouldn't
> seem as strange to me. Any suggestions would be greatly appreciated.
>
> Thanks!
>
> Rick
I think I left out something that may be important. The web server is
running under a local account. That hasn't been a problem so far. I can
access the shared folders on that server no problem from the other
servers and workstations. Normal Intranet pages work fine also. Of
course when I am on the web server and want to access another server I
must supply some credentials. Could not having that server run under a
domain account be causing the problem intermittently? From my
understanding it shouldn't matter but I have been wrong before.
Thanks!
Rick
|
|
|
|
|