All geek questions in one place

Authentication Issue with an IIS6 Intranet Website

I have an intranet site running under IIS6 (under a specific port, not the default), with Windows Integrated Authentication enabled, and using an application pool configured with a service account. the problem is that if I access the website using the server name with the full domain in the URL, it gives a login prompt (it doesnโ€™t work even when entering the credentials for logging into Windows), but if I use IP server address, then it works fine. Please let me know what I need to do to get the URL with the server name. for example http: // servername: 8080 / default.aspx issues a login request, but http: // ip address: 8080 / default.aspx works fine

+3
source share
4 answers

I have the same problem. I believe this has something to do with the Kerberos authentication mechanism. If he resorts to NTLM, it will work (what he does when using the IP address). Kerberos requires the SPN to register with Active Directory in order for it to work. Kerberos will also not allow you to have application pools running under different accounts, but with the same server name. In these situations, you must have an alternate name for the site and register it with Kerberos. However, I have not solved the problem yet, so these are just suggestions.

+1
source

Two possible problems come to my mind:

  • DNS server on your network does not allow servernameIP

    • Ping servername , , IP
    • C:\Windows\System32\drivers\etc\hosts IP-

  • Bindings IIS6 servername

    • , servername Host Header Name alt text
0

, - IP- - IP-. , -, . , URL-, IE , , IP- URL-, IE , . , IP-, , .

0

. , ( )

AuthenticationProvider - "NTLM, Negotiate"

Following these instructions: http://support.microsoft.com/kb/215383

With a slight change in their instructions, install the provider of course

I have:

cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "**NTLM, Negotiate**"

You can get the website ID by clicking on the โ€œWebsitesโ€ folder on the left in IIS. This should display your entire site with their id

Thanks Nick to answer that will lead me to him

0
source

Source: https://habr.com/ru/post/1785972/

More articles:


All Articles