Re: WebDAV problem with digest authentication behind firewall

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 07/28/04 

Date: Wed, 28 Jul 2004 17:49:19 +0800

Anything in event log ? I'm out of ideas :(
also try authdiag, see if it help. get it at www.iisfaq.com. 

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Remco" <Remco@discussions.microsoft.com> wrote in message
news:3B0DDBC6-E48D-401F-8CFD-0762A314D602@microsoft.com...
> Yes, I'm using IIS 6.0 on a windows 2003 enterprise server which is member
of a windows 2000 ads.
>
> It doesn't matter what I use a host name or IP-adres. The result is the
same, both internal and external.
>
> I only use digest authentication.
>
>
> "Bernard" wrote:
>
> > So you are using IIS 6.0, the order of log field is different from 5.0
to
> > 6.0.
> > Now, to look further win-status = 2148074254, which stands for
> > "No credentials are available in the security package"
> >
> > How do you access the webdav site ? IP ? Hostname ? same for
> > internal and external ?
> >
> > Digest, it just like basic. except credential is hashed so it should
work :)
> > do you enable any other method other than digest auth ?
> >
> > it could be NAT ? but no idea...
> >
> > -- 
> > Regards,
> > Bernard Cheah
> > http://www.tryiis.com/
> > http://support.microsoft.com/
> > http://www.msmvps.com/bernard/
> >
> >
> >
> > "Remco" <Remco@discussions.microsoft.com> wrote in message
> > news:BCF47800-16A3-410B-8890-83ABD302ED95@microsoft.com...
> > > 129.125.159.175 is the workstation I use to test the website form
outside
> > the firewall. 192.168.40.101 is the one from inside the firewall. They
both
> > attempt to make a connection to server 192.168.40.19. Only exception is
that
> > the 129.125.159.175 makes a connection using NAT to the server behind
the
> > firewall.
> > >
> > > The tests form the 2 machines were the same. They both tried making a
> > connection and they both got a logon box. Only it were 2 different logon
> > boxes. The machine behind the firewall got the right digest
authentication
> > logon box, but the other outside the firewall got a logon box similar to
a
> > windows integrated login. In the last box I also entered the username
wees3,
> > but the result in the log is similar to an anonymous user. Anonymous
user
> > logon is disabled so then it isn't strange that you get a 401 error. The
> > only thing is why the right logonbox insn't showing and why it doesn't
pass
> > the logon credentials through the firewall (tcp port 80 is open).
> > > When I use basic authentication it works fine form both workstations.
> > >
> > >
> > >
> > > "Bernard" wrote:
> > >
> > > > I'm confuse too :)
> > > > there's 2 servers IP involved. 129.125.159.175 and 192.168.40.101 ?
> > > > You have 401.2 when during first try for anonymous user - Logon
failed
> > due
> > > > to server configuration. This might caused by default anonymous
access,
> > > > before it login as 'wees3'.. after that you get a 207 response
> > > > (multi-status) ?
> > > >
> > > > what does the log file looks like if you are using webdav internally
?
> > > >
> > > > IE should has the user credential + the realm and send it to server
via
> > port
> > > > 80. just like basic...
> > > >
> > > >
> > > > -- 
> > > > Regards,
> > > > Bernard Cheah
> > > > http://www.tryiis.com/
> > > > http://support.microsoft.com/
> > > > http://www.msmvps.com/bernard/
> > > >
> > > >
> > > >
> > > > "Remco" <Remco@discussions.microsoft.com> wrote in message
> > > > news:1CED75AA-6AB7-4D3E-965C-005818A12D8C@microsoft.com...
> > > > > Hi bernard,
> > > > > Only a confirmation of what I see (except of the WebDAV
Miniredir?)
> > > > >
> > > > > 2004-07-26 08:13:55 192.168.40.19 PROPFIND /upload - 80 -
> > 129.125.159.175
> > > > Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
> > > > > 2004-07-26 08:13:55 192.168.40.19 PROPFIND /upload - 80 -
> > 129.125.159.175
> > > > Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
> > > > > 2004-07-26 08:13:55 192.168.40.19 PROPFIND /upload - 80 -
> > 129.125.159.175
> > > > Microsoft-WebDAV-MiniRedir/5.1.2600 401 2 2148074254
> > > > > 2004-07-26 08:36:10 192.168.40.19 PROPFIND /upload - 80 -
> > 192.168.40.101
> > > > Microsoft+Data+Access+Internet+Publishing+Provider+DAV 401 2
2148074254
> > > > > 2004-07-26 08:36:34 192.168.40.19 PROPFIND /upload - 80 wees3
> > > > 192.168.40.101
Microsoft+Data+Access+Internet+Publishing+Provider+DAV
> > 207 0
> > > > 0
> > > > > 2004-07-26 08:36:34 192.168.40.19 PROPFIND /upload - 80 wees3
> > > > 192.168.40.101
Microsoft+Data+Access+Internet+Publishing+Provider+DAV
> > 207 0
> > > > 0
> > > > >
> > > > >
> > > > > I don't know excactly what the diference is between de WebDAV
> > Miniredir
> > > > and the Microsoft+Data+Access+Internet+Publishing+Provider+DAV .
Maybe
> > you?
> > > > >
> > > > > Regards,
> > > > > Remco
> > > > > University of Groningen
> > > > >
> > > > >
> > > > >
> > > > > "Bernard" wrote:
> > > > >
> > > > > > Weird indeed. Anything special in IIS log file ?
> > > > > >
> > > > > > -- 
> > > > > > Regards,
> > > > > > Bernard Cheah
> > > > > > http://www.tryiis.com/
> > > > > > http://support.microsoft.com/
> > > > > > http://www.msmvps.com/bernard/
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Remco" <Remco@discussions.microsoft.com> wrote in message
> > > > > > news:2EBB1445-1946-416A-AFAB-988A26302492@microsoft.com...
> > > > > > > I'm having a strange problem while using WebDAV with digest
> > > > > > authentication.
> > > > > > > On my website I only use digest authentication, all other
> > > > auhentication
> > > > > > methods are disabled and it's working good now. The only problem
is
> > when
> > > > > > logging in to a WebDAV upload directory through a firewall. Then
I
> > can't
> > > > > > authenticate and I also get a authentication box similar to
basic
> > > > > > authentication and not the digest authentication login box. When
I
> > try
> > > > it
> > > > > > form within the firewall it's working fine for this WebDAV
upload
> > > > directory.
> > > > > > Other digest authentication (just normal websites) are working
fine,
> > > > both in
> > > > > > and outside the firewall.
> > > > > > > On the firewall I've got a rule that allows tcp port 80. That
> > should
> > > > be
> > > > > > enough for webDAV...
> > > > > > >
> > > > > > > Can anyone help me?
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >

Relevant Pages

  • Re: WebDAV problem with digest authentication behind firewall
    ... is the one from inside the firewall. ... attempt to make a connection to server 192.168.40.19. ... connection and they both got a logon box. ... >> Bernard Cheah ...
    (microsoft.public.inetserver.iis)
  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... Bernard Cheah ... FTP service is listed, it should be bi-directional. ... I'm confuse as well:) between the advanced tab and exception tab. ... I decided to try adding a port 21 in the firewall exception list ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... Bernard Cheah ... FTP service is listed, it should be bi-directional. ... I'm confuse as well:) between the advanced tab and exception tab. ... I decided to try adding a port 21 in the firewall exception list ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... What you can do is is disable windows firewall and get a more decent ... Bernard Cheah ... I'm confuse as well:) between the advanced tab and exception tab. ...
    (microsoft.public.inetserver.iis.ftp)
Quantcast