|
Home > Archive > IIS Server Security > August 2006 > Getting 401.1 when using DNS, okay using NETBIOS and Localhost
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Getting 401.1 when using DNS, okay using NETBIOS and Localhost
|
|
|
|
| David Wang [Msft] 2006-05-11, 7:17 am |
| Some routers do not correctly route requests from intranet machines to an
external IP that happens to come back to the same intranet.
In other words, the working cases are all internal IP address of some sort.
our.dns.com resolves to an external IP address which happens to map back to
the same router, and some routers have problems with that.
Also, Integrated Windows Authentication may not work over the Internet -
depends on the behavior of intervening proxy servers.
In other words, your issue does not look to be an IIS nor Sharepoint issue.
It looks like a Networking 101 issue and understanding authentication
protocols.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Shon Miles" <ShonMiles@discussions.microsoft.com> wrote in message
news:193F7056-DC6E-4CC0-BD25-EC94C8D51DB4@microsoft.com...
>I posted this in Share Point group as well, but not getting anywhere.
>
> When browsing to http://localhost/default.aspx , or http://netbios/, or
> http://ipadress the WSS page loads fine
>
> when browsing to http://our.dns.com/ I am challenged for login
> and it is not accepted and result is a 401.1
>
> IIS default website is configured for Integrated Windows Authentication.
>
| |
| Shon Miles 2006-05-11, 1:16 pm |
| Sorry if I misrepresented, but our.dns.com is internal, not external. Simple
host A-Record in AD pointing to the IP address, and it does resolve
correctly, from the server and the clients.
"David Wang [Msft]" wrote:
> Some routers do not correctly route requests from intranet machines to an
> external IP that happens to come back to the same intranet.
>
> In other words, the working cases are all internal IP address of some sort.
> our.dns.com resolves to an external IP address which happens to map back to
> the same router, and some routers have problems with that.
>
> Also, Integrated Windows Authentication may not work over the Internet -
> depends on the behavior of intervening proxy servers.
>
> In other words, your issue does not look to be an IIS nor Sharepoint issue.
> It looks like a Networking 101 issue and understanding authentication
> protocols.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "Shon Miles" <ShonMiles@discussions.microsoft.com> wrote in message
> news:193F7056-DC6E-4CC0-BD25-EC94C8D51DB4@microsoft.com...
>
>
>
| |
| Funkadyleik Spynwhanker 2006-05-11, 1:16 pm |
| Well, didja stick the DNS name in the virtual web bound to the IP address
you are using?
If you didn't it won't work.
"Shon Miles" <ShonMiles@discussions.microsoft.com> wrote in message
news:AE67F6B8-7E92-4497-973D-7333E83C5740@microsoft.com...[vbcol=seagreen]
> Sorry if I misrepresented, but our.dns.com is internal, not external.
> Simple
> host A-Record in AD pointing to the IP address, and it does resolve
> correctly, from the server and the clients.
>
> "David Wang [Msft]" wrote:
>
| |
| Shon Miles 2006-05-11, 1:16 pm |
| If you are refering to the Host Header, yes I did configure it.
"Funkadyleik Spynwhanker" wrote:
> Well, didja stick the DNS name in the virtual web bound to the IP address
> you are using?
>
> If you didn't it won't work.
>
> "Shon Miles" <ShonMiles@discussions.microsoft.com> wrote in message
> news:AE67F6B8-7E92-4497-973D-7333E83C5740@microsoft.com...
>
>
>
| |
| Paul Walsh 2006-05-12, 7:15 pm |
| Does your DNS name has a . in it? If it does IE probably thinks this is an
Internet address, hence why you recieve a prompt for login box.
If you do have a . make sure your DNS name is included within your Intranet
zone in IE. You should then find it all works correctly.
Paul Walsh
"Shon Miles" wrote:
[vbcol=seagreen]
> If you are refering to the Host Header, yes I did configure it.
>
> "Funkadyleik Spynwhanker" wrote:
>
| |
| Shon Miles 2006-05-16, 1:16 pm |
| It does not think it is in the intranet zone, and I have tried forcing it in
the trusted zones.
Keep in mind I said not only is it challenging for login but it is NOT
accepting the credentials of any account domain or local.
"Paul Walsh" wrote:
[vbcol=seagreen]
> Does your DNS name has a . in it? If it does IE probably thinks this is an
> Internet address, hence why you recieve a prompt for login box.
>
> If you do have a . make sure your DNS name is included within your Intranet
> zone in IE. You should then find it all works correctly.
>
> Paul Walsh
>
> "Shon Miles" wrote:
>
| |
| jigs4u4ever 2006-08-09, 1:27 pm |
| Hi,
I suggest you to put an entry of the sitename and IP in the hosts file at
C:\WINDOWS\system32\drivers\etc
like
our.dns.com 111.111.111.111
If this works and you can open the site our.dns.com successfully, its an
issue with DNS resolution. If you can say that what authentication mechanisum
you are using (digest, basic, integrated) its been easy to help u furhter..
or you can give anyonums access to your site temporary to check the
availabilty of your site from client machine.
Regards
Jigs4u_4ever
"Shon Miles" wrote:
> I posted this in Share Point group as well, but not getting anywhere.
>
> When browsing to http://localhost/default.aspx , or http://netbios/, or
> http://ipadress the WSS page loads fine
>
> when browsing to http://our.dns.com/ I am challenged for login
> and it is not accepted and result is a 401.1
>
> IIS default website is configured for Integrated Windows Authentication.
>
| |
| Space Junk 2006-08-09, 1:27 pm |
| It was not a DNS issue, and as an update, this issue was resolved with a
ticket from MS. We found that proxycfg was not run with the correct
parameters. Fixed that with
Proxycfg –d –p * “<Local>;servername;ipaddress;fqdn”
"jigs4u4ever" wrote:
[vbcol=seagreen]
> Hi,
>
> I suggest you to put an entry of the sitename and IP in the hosts file at
> C:\WINDOWS\system32\drivers\etc
> like
>
> our.dns.com 111.111.111.111
>
> If this works and you can open the site our.dns.com successfully, its an
> issue with DNS resolution. If you can say that what authentication mechanisum
> you are using (digest, basic, integrated) its been easy to help u furhter..
> or you can give anyonums access to your site temporary to check the
> availabilty of your site from client machine.
>
> Regards
> Jigs4u_4ever
>
> "Shon Miles" wrote:
>
|
|
|
|
|