are the users all hitting the same URL? We saw some issues a while back where authentication failed for some users, when then accessing: http://server, but using http://server.my.internal.domain.net was fine. Granted, this was a 2k3 domain though.
________________________________ From: Kennedy, Jim [mailto:[email protected]] Sent: 03 December 2010 16:05 To: NT System Admin Issues Subject: Intermittant IIS logon issues. App on a 2003 IIS server that uses the IIS integrated authentication. The app does not do the authentication, the IIS website does. Authentication is back to 2008 R2 DC's. And I think that is the issue, this seems to have just started when I updated the DC's from 2008 to 2008 R2. It is very odd, some users can hit it with integrated authentication and others cannot. For a couple of days at a time those that cannot sometimes can. When the users fail I can see it in the security log, that the user is being checked against the local server account list...rather than the domain. If the user hits the popup with domain/user at that point it authenticates them just fine. Authentication methods on the website appear correct, and have not been changed since the app was setup. Anonymous is allowed and the IUSR account is valid and synced up correctly. Then only Integrated Windows Auth is checked. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: 85 Buckingham Gate, London SW1E 6PD http://www.qinetiq.com. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
