Re: IIS6, Integrated Windows Auth, and IE6 Integrated Windows Auth

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 15:19:19 -0700

Ok, it is not clear to me whether:
1. NTLM Authentication is not working on your IIS6 servers
2. Your custom Application has issues on IIS6.

To distinguish between the two, can you set up a new vdir with just
Integrated authentication enabled, and try to load up a static file like
"Hello.htm". If it succeeds, then I think the 500 error is returned by your
application -- after IIS has successfully authenticated with NTLM -- so it
is an application issue and not with IIS6, Integrated Authentication, nor
IE6.

Are you running any custom ISAPI Filters or Extensions on this server that
may be altering server behavior incorrectly? 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"dwenwa@companyabc.com" <dwenwacompanyabccom@discussions.microsoft.com>
wrote in message news:D1088B74-CBA6-4CCC-9154-6AEA280A11FA@microsoft.com...
David,
My mistake.  I sent you log snippets from my Anonymous accessible website.
It too has the same problem.  But let me be consistent in my request.  The
following is the log snippet from the Integrated Authentication websites:
IIS 5:
----------------------------
2004-06-28 12:56:32 139.72.117.151 - 139.72.4.36 80 GET /intranetsecurity -
401
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
LR+1.1.4322)
2004-06-28 12:56:32 139.72.117.151 NWA_NT\c08293 139.72.4.36 80 GET
/intranetsecurity/ - 302
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
LR+1.1.4322)
2004-06-28 12:56:33 139.72.117.151 NWA_NT\c08293 139.72.4.36 80 GET
/intranetsecurity/groupsearch.aspx - 200
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
LR+1.1.4322)
IIS6:
-------------
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2004-06-28 12:55:12
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2004-06-28 12:55:12 139.72.109.63 GET /intranetsecurity/groupsearch.aspx -
80 - 139.72.117.151
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
LR+1.1.4322) 401 2 2148074254
2004-06-28 12:55:12 139.72.109.63 GET /intranetsecurity/groupsearch.aspx -
80 - 139.72.117.151
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
LR+1.1.4322) 500 0 2148074242
Also, I ran the script you suggested in your reply with the same results.  I
didn't reboot after executing the script, but I did do an IISRESET command.
As I said, I still receive the error.
Dave
"David Wang [Msft]" wrote:
> Your log entry snippets suggests that on IIS5, you were not using
Integrated
> Authentication -- I'd expect to see a 401.2 followed by a 200 , but you
show
> a successful 200 -- this may be due to how you are repro'ing the issue
(i.e.
> you've already made a successful request), but I want to make sure that
you
> only had Integrated authentication enabled on IIS5 and NOTHING else (like
> anonymous).
>
> What happens if you do:
> CSCRIPT %systemdrive%\inetpub\adminscripts\adsutil.vbs SET
> W3SVC/NTAuthenticationProviders "NTLM"
>
> -- 
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "dwenwa@companyabc.com" <dwenwa@companyabc.com@discussions.microsoft.com>
> wrote in message
news:C55CC980-3985-413B-B39B-AB1BCF72A788@microsoft.com...
> Thank you for responding, David.
>
> Both servers are in the same domain.  The IIS6 server is the first of a
> group of servers that I am upgrading from Win2K to Win2K3/IIS6.  The
> function requested is not supported" appears to be returned by Internet
> Explorer stating that the function in IE is not supported.
>
> This is the web log entry from the IIS 5 website (successful):
> 2004-06-25 12:24:54 139.72.117.151 - 139.72.11.88 80 GET
> /searchadsvc/searchad.asmx - 200
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
> LR+1.1.4322)
>
> This is the web log entry from the IIS6 website (unsuccessful):
> 2004-06-25 12:25:57 139.72.109.63 GET /searchadsvc/searchad.asmx - 80 -
> 139.72.117.151
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
> LR+1.1.4322) 401 2 2148074254
> 2004-06-25 12:25:57 139.72.109.63 GET /searchadsvc/searchad.asmx - 80 -
> 139.72.117.151
>
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C
> LR+1.1.4322) 500 0 2148074242
>
> Does this help?
>
> Dave
>
>
> "David Wang [Msft]" wrote:
>
> > Were both IIS5 and IIS6 servers joined to a domain or not?
> >
> > Is "The function requested is not supported" the actual error text that
> > comes back, or ???  Because IIS doesn't send such an custom error,
meaning
> > that your problem may be related to something ELSE running on the
> webserver
> > and not necessarily IIS6.
> >
> > -- 
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > //
> > "dwenwa@companyabc.com"
<dwenwa@companyabc.com@discussions.microsoft.com>
> > wrote in message
> news:5DA714C4-B08C-4E6B-AA71-5F6D437E77F2@microsoft.com...
> > My application returns an HTTP 500 error when the application is
> configured
> > for Integrated Windows Authentication on IIS 6.  The application works
> okay
> > under IIS5 under Integrated Windows Authentication.  When I disable
"Show
> > friendly HTTP error messages" in IE6, then I get the following error
> message
> > in my browser "The function requested is not supported".  After further
> > investigation, I found an IE6 setting called, "Enable Integrated Windows
> > Authentication (requires restart)".  By default, this setting is
disabled.
> > When enabled, my application works properly on the Windows 2003 server
> > running IIS6.
> >
> > Why is this setting in IE6 required under Win2K3/IIS6 and not required
> under
> > Win2K/IIS5?
> >
> > I have not found this setting under lower versions of IE.  So changing
> this
> > setting on thousands of PCs at my company is not an option.  I prefer a
> > configuration change on my server.  Configuring all of my websites with
> > Basic only is not an acceptable alternative.
> >
> > Your suggestions will be greatly appreciated. Thanks.
> >
> > Dave
> >
> >
> >
>
>
>

Relevant Pages

  • Re: WM5 can not sync to exchange
    ... I checked all the authentication settings and they are as you requested. ... After running the internet connection wizard I had to uncheck the Require ... On the SBS 2003 Server open the Server Management console. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • RE: WM5 can not sync to exchange
    ... code 85010014 during ActiveSync with SBS. ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • Re: WM5 can not sync to exchange
    ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... Collect the IIS metabase on Exchange Server and send to me: ...
    (microsoft.public.windows.server.sbs)
  • Re: Nokia E50 ActiveSync problem with SBS2003 SP2
    ... Open IIS Manager ... Open properties of virtual directory OMA ... Click Start on your SBS server, ... And then please verify Authentication settings by the following steps. ...
    (microsoft.public.windows.server.sbs)
  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)