Hi

I have two IIS Servers that are exhibiting the same behaviour
one is IIS 5.0 (exchange) the other is IIS 6.0 (Sharepoint Services 2.0)

My issues is that if I connect to either of these servers using anything
other than the Netbios server name I get prompted for authentication.

e.g.

If I connect internally on the lan to http://servername/
it goes straight in (no prompt)

If I connect internally on the lan to http://ipaddress/
I get prompted for authentication.

I also get prompted if I go to http://otherhostname/
where otherhostname is a new A record I create in DNS that points to the
same IP.

I've seen the following articles.....
http://support.microsoft.com/default.aspx?kbid=294382
http://support.microsoft.com/kb/215383/

but am unsure what I need to do...

When I use the adsutil get NTAuthenticationProviders command I can see that
.....
the IIS 5.0 server is showing...
NTAuthenticationProviders       : (STRING) "Negotiate,NTLM"

the IIS 6.0 server is showing...
The parameter "NTAuthenticationProviders" is not set at this node.

I've tried setting the NTAuthenticationProviders value on the IIS 5.0 server
to
NTAuthenticationProviders       : (STRING) "NTLM"

but this has not helped.

I also tried the setspn -A command on the IIS 6.0 server and added the FQDN
name of the server as both a HTTP/ and a HOST/ reference but again no effect
.

any ideas?

Regards
Simon

[ Post a follow-up to this message ]

On Wed, 11 Jan 2006 10:56:02 -0800, "Simon Jackson" <Simon
Jackson@discussions.microsoft.com> wrote:

>Hi
>
>I have two IIS Servers that are exhibiting the same behaviour
>one is IIS 5.0 (exchange) the other is IIS 6.0 (Sharepoint Services 2.0)
>
>My issues is that if I connect to either of these servers using anything
>other than the Netbios server name I get prompted for authentication.

Add the domain to the intranet zone in Internet Explorer's security
tab.

Jeff


>e.g.
>
>If I connect internally on the lan to http://servername/
>it goes straight in (no prompt)
>
>If I connect internally on the lan to http://ipaddress/
>I get prompted for authentication.
>
>I also get prompted if I go to http://otherhostname/
>where otherhostname is a new A record I create in DNS that points to the
>same IP.
>
>I've seen the following articles.....
>http://support.microsoft.com/default.aspx?kbid=294382
>http://support.microsoft.com/kb/215383/
>
>but am unsure what I need to do...
>
>When I use the adsutil get NTAuthenticationProviders command I can see that
>.....
>the IIS 5.0 server is showing...
>NTAuthenticationProviders       : (STRING) "Negotiate,NTLM"
>
>the IIS 6.0 server is showing...
>The parameter "NTAuthenticationProviders" is not set at this node.
>
>I've tried setting the NTAuthenticationProviders value on the IIS 5.0 serve
r
>to
>NTAuthenticationProviders       : (STRING) "NTLM"
>
>but this has not helped.
>
>I also tried the setspn -A command on the IIS 6.0 server and added the FQDN
>name of the server as both a HTTP/ and a HOST/ reference but again no effec
t.
>
>any ideas?
>
>Regards
>Simon

[ Post a follow-up to this message ]

Thank You !

:-)

Just out of interest, should I put the various setspn and adsutil settings
back the way they were or did I need to do those as well.

"Jeff Cochran" wrote:
> Add the domain to the intranet zone in Internet Explorer's security
> tab.

[ Post a follow-up to this message ]

You merely wish to avoid the prompt from Internet Explorer? To do that you
need to follow the advice in the following article:
http://support.microsoft.com/?id=258063

That is separate to the Kerberos issue. Kerberos is not strictly required to
avoid IE prompt, as NTLM authentication is also sufficient (see the KB
article above). You should return the system back to it's default settings
unless you have a reason not to.

Hope that helps.

Cheers
Ken

"Simon Jackson" <SimonJackson@discussions.microsoft.com> wrote in message
news:58FC83CD-9AE3-48CE-9595-852DCAC05FA2@microsoft.com...
:
: Thank You !
:
::-)
:
: Just out of interest, should I put the various setspn and adsutil settings
: back the way they were or did I need to do those as well.
:
: "Jeff Cochran" wrote:
: > Add the domain to the intranet zone in Internet Explorer's security
: > tab.
:

[ Post a follow-up to this message ]