authentication issue with an intranet website running under IIS6

asp.net iis security windows-authentication application-pool

11,075

I am experiencing the same problem. I believe it is something to do with Kerberos authentication mechanism. If it resorts to NTLM it will work (which it does when using an IP address). Kerberos requires an SPN registered on Active Directory for it to work. Kerberos also won't allow you to have application pools running under different accounts but with the same server name. In these situations you should have an alternate name for the site and register that with Kerberos. However, I haven't actually resolved the issue yet so these are just suggestions.

11,075

RKP

Senior Application developer on Microsoft Technology stack

Updated on June 04, 2022

Comments

RKP almost 2 years

I have an an intranet website running under IIS6 (under a specific port, not the default one) with a integrated windows authentication enabled and uses an application pool configured with a service account. the issue is, if I access the website using the server name with a fully qualified domain in the URL, it throws a login prompt (doesn't work even if enter my windows login credentials), but if I use the IP address of the server then it works fine. Please let me know what I need to do to get the URL with server name working. for example http://servername:8080/default.aspx throws login prompt, but http://ip address:8080/default.aspx works fine
- Shan Plourde over 13 years
  
  When you log in with servername:8080, are you specifying servername\username as your user name when trying to log in?
- RKP over 13 years
  
  I am specifying the domain\username, not servername\username.
- Menahem almost 12 years
  
  to anyone stumbling into this question, a very useful link that solved it for me, while explaining the reason for the problem link
RKP over 13 years

thanks for the reply. the server name resolves to the IP correctly and the Host Header name is empty. are you saying I should include the server name in the "Host Header Name" field?
Eduardo Molteni over 13 years

No, empty means "catch all". Do you have other websites in IIS?
RKP over 13 years

yes, I have another website using the default port with anonymous access enabled and windows authentication disabled and runs under default app pool configured with "network service" account. ideally I would like to be able to access the websites with DNS alias instead of server name and IP address without any login prompt.