Look at the IIS metabase first by executing
cscript.exe adsutil.vbs GET W3SVC\Site ID\NTAuthenticationProvider
and making sure it read "NTLM" only. If not, set it by executing
cscript.exe SET W3SVC\Site ID\NTAuthenticationProvider "Negotiate,NTLM"
Note: SiteID is the ID of your virtual site as visible in the IIS console
Then if your client still get prompt and after 3 attempts get a 401 error,
carefully look at:
The exact error: 401 is generic, look if there somtheing after the 401.x. It
may simply be an ACL set on the file
The IIS log files, procol status and W32 status fields in particular
Windows Security event log
KR,
Marc
"John Everyman" <prankmonkey RemoveThis @gmail.com> wrote in message
news:24584684-2f58-4067-a873-ae2b14ac9e33@i29g2000prf.googlegroups.com...
> We currently have an issue whereby certain people can't authenticate
> to a website (hosted by IIS obviously) via kerberos, in fact they
> can't authenticate at all. Most people just open IE and browse to the
> site, some people however get prompted with entering their credentials
> which doesn't accept it. EnableNegotiate is set in the registry and
> traces with NM reveal that it may be trying to use NTLMSSP for
> authentication which fails with a 401. Where should I start looking?
FAQ
Search
Profile
Private Messages
Log in
