authentication issue with an intranet website running under IIS6
I am experiencing the same problem. I believe it is something to do with Kerberos authentication mechanism. If it resorts to NTLM it will work (which it does when using an IP address). Kerberos requires an SPN registered on Active Directory for it to work. Kerberos also won't allow you to have application pools running under different accounts but with the same server name. In these situations you should have an alternate name for the site and register that with Kerberos. However, I haven't actually resolved the issue yet so these are just suggestions.
Related videos on Youtube
Comments
-
RKP almost 2 years
I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. Please let me know what I need to do to get the URL with server name working. for example http://servername:8080/default.aspx throws login prompt, but http://ip address:8080/default.aspx works fine
-
Shan Plourde over 13 yearsWhen you log in with servername:8080, are you specifying servername\username as your user name when trying to log in?
-
RKP over 13 yearsI am specifying the domain\username, not servername\username.
-
Menahem almost 12 yearsto anyone stumbling into this question, a very useful link that solved it for me, while explaining the reason for the problem link
-
-
RKP over 13 yearsthanks for the reply. the server name resolves to the IP correctly and the Host Header name is empty. are you saying I should include the server name in the "Host Header Name" field?
-
Eduardo Molteni over 13 yearsNo, empty means "catch all". Do you have other websites in IIS?
-
RKP over 13 yearsyes, I have another website using the default port with anonymous access enabled and windows authentication disabled and runs under default app pool configured with "network service" account. ideally I would like to be able to access the websites with DNS alias instead of server name and IP address without any login prompt.