Re: IIS6, Integrated Windows Auth, and IE6 Integrated Windows Auth
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 06/29/04
- Next message: David Wang [Msft]: "Re: Port 443 not listening"
- Previous message: David Wang [Msft]: "Re: IIS does not start"
- In reply to: dwenwa_at_companyabc.com: "Re: IIS6, Integrated Windows Auth, and IE6 Integrated Windows Auth"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 29 Jun 2004 16:47:21 -0700
That only removes your application's pages from being the issue. Now we
have to look at whether NTLM itself is not working, or something is running
on your server, modifying its behavior, and causing the issue.
Do you have ANY custom ISAPI Filters or ISAPI Extensions installed, either
globally or per-website. Please either list all products installed on this
server, or look in the IIS UI for Filters and Application Extensions that
are installed.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "dwenwa@companyabc.com" <dwenwacompanyabccom@discussions.microsoft.com> wrote in message news:B6DD6490-EE68-442B-B460-644777BB80A6@microsoft.com... David, I created a new virtual directory configured with only "integrated authentication". The home directory contains only a file called "default.htm". This HTML file contains only a text string. This still results in the error "The function requested is not supported". So it doesn't work with static files either. Based on your assessment, do you feel that there is an issue with NTLM Authentication on my IIS6 servers? Dave "David Wang [Msft]" wrote: > Ok, it is not clear to me whether: > 1. NTLM Authentication is not working on your IIS6 servers > 2. Your custom Application has issues on IIS6. > > To distinguish between the two, can you set up a new vdir with just > Integrated authentication enabled, and try to load up a static file like > "Hello.htm". If it succeeds, then I think the 500 error is returned by your > application -- after IIS has successfully authenticated with NTLM -- so it > is an application issue and not with IIS6, Integrated Authentication, nor > IE6. > > Are you running any custom ISAPI Filters or Extensions on this server that > may be altering server behavior incorrectly? > > -- > //David > IIS > This posting is provided "AS IS" with no warranties, and confers no rights. > // > "dwenwa@companyabc.com" <dwenwacompanyabccom@discussions.microsoft.com> > wrote in message news:D1088B74-CBA6-4CCC-9154-6AEA280A11FA@microsoft.com... > David, > > My mistake. I sent you log snippets from my Anonymous accessible website. > It too has the same problem. But let me be consistent in my request. The > following is the log snippet from the Integrated Authentication websites: > > IIS 5: > ---------------------------- > 2004-06-28 12:56:32 139.72.117.151 - 139.72.4.36 80 GET /intranetsecurity - > 401 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > LR+1.1.4322) > 2004-06-28 12:56:32 139.72.117.151 NWA_NT\c08293 139.72.4.36 80 GET > /intranetsecurity/ - 302 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > LR+1.1.4322) > 2004-06-28 12:56:33 139.72.117.151 NWA_NT\c08293 139.72.4.36 80 GET > /intranetsecurity/groupsearch.aspx - 200 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > LR+1.1.4322) > > IIS6: > ------------- > #Software: Microsoft Internet Information Services 6.0 > #Version: 1.0 > #Date: 2004-06-28 12:55:12 > #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status > 2004-06-28 12:55:12 139.72.109.63 GET /intranetsecurity/groupsearch.aspx - > 80 - 139.72.117.151 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > LR+1.1.4322) 401 2 2148074254 > 2004-06-28 12:55:12 139.72.109.63 GET /intranetsecurity/groupsearch.aspx - > 80 - 139.72.117.151 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > LR+1.1.4322) 500 0 2148074242 > > > Also, I ran the script you suggested in your reply with the same results. I > didn't reboot after executing the script, but I did do an IISRESET command. > > As I said, I still receive the error. > > Dave > > > > "David Wang [Msft]" wrote: > > > Your log entry snippets suggests that on IIS5, you were not using > Integrated > > Authentication -- I'd expect to see a 401.2 followed by a 200 , but you > show > > a successful 200 -- this may be due to how you are repro'ing the issue > (i.e. > > you've already made a successful request), but I want to make sure that > you > > only had Integrated authentication enabled on IIS5 and NOTHING else (like > > anonymous). > > > > What happens if you do: > > CSCRIPT %systemdrive%\inetpub\adminscripts\adsutil.vbs SET > > W3SVC/NTAuthenticationProviders "NTLM" > > > > -- > > //David > > IIS > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > // > > "dwenwa@companyabc.com" <dwenwa@companyabc.com@discussions.microsoft.com> > > wrote in message > news:C55CC980-3985-413B-B39B-AB1BCF72A788@microsoft.com... > > Thank you for responding, David. > > > > Both servers are in the same domain. The IIS6 server is the first of a > > group of servers that I am upgrading from Win2K to Win2K3/IIS6. The > > function requested is not supported" appears to be returned by Internet > > Explorer stating that the function in IE is not supported. > > > > This is the web log entry from the IIS 5 website (successful): > > 2004-06-25 12:24:54 139.72.117.151 - 139.72.11.88 80 GET > > /searchadsvc/searchad.asmx - 200 > > > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > > LR+1.1.4322) > > > > This is the web log entry from the IIS6 website (unsuccessful): > > 2004-06-25 12:25:57 139.72.109.63 GET /searchadsvc/searchad.asmx - 80 - > > 139.72.117.151 > > > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > > LR+1.1.4322) 401 2 2148074254 > > 2004-06-25 12:25:57 139.72.109.63 GET /searchadsvc/searchad.asmx - 80 - > > 139.72.117.151 > > > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+1.0.3705;+.NET+C > > LR+1.1.4322) 500 0 2148074242 > > > > Does this help? > > > > Dave > > > > > > "David Wang [Msft]" wrote: > > > > > Were both IIS5 and IIS6 servers joined to a domain or not? > > > > > > Is "The function requested is not supported" the actual error text that > > > comes back, or ??? Because IIS doesn't send such an custom error, > meaning > > > that your problem may be related to something ELSE running on the > > webserver > > > and not necessarily IIS6. > > > > > > -- > > > //David > > > IIS > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > // > > > "dwenwa@companyabc.com" > <dwenwa@companyabc.com@discussions.microsoft.com> > > > wrote in message > > news:5DA714C4-B08C-4E6B-AA71-5F6D437E77F2@microsoft.com... > > > My application returns an HTTP 500 error when the application is > > configured > > > for Integrated Windows Authentication on IIS 6. The application works > > okay > > > under IIS5 under Integrated Windows Authentication. When I disable > "Show > > > friendly HTTP error messages" in IE6, then I get the following error > > message > > > in my browser "The function requested is not supported". After further > > > investigation, I found an IE6 setting called, "Enable Integrated Windows > > > Authentication (requires restart)". By default, this setting is > disabled. > > > When enabled, my application works properly on the Windows 2003 server > > > running IIS6. > > > > > > Why is this setting in IE6 required under Win2K3/IIS6 and not required > > under > > > Win2K/IIS5? > > > > > > I have not found this setting under lower versions of IE. So changing > > this > > > setting on thousands of PCs at my company is not an option. I prefer a > > > configuration change on my server. Configuring all of my websites with > > > Basic only is not an acceptable alternative. > > > > > > Your suggestions will be greatly appreciated. Thanks. > > > > > > Dave > > > > > > > > > > > > > > > > > >
- Next message: David Wang [Msft]: "Re: Port 443 not listening"
- Previous message: David Wang [Msft]: "Re: IIS does not start"
- In reply to: dwenwa_at_companyabc.com: "Re: IIS6, Integrated Windows Auth, and IE6 Integrated Windows Auth"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
