HTTP 401.2 Error resolving FQDN

Have you verified the directory where your files are located has the
IUSER_[machinename] user granted access?



"stephen" <anonymous.TakeThisOut@discussions.microsoft.com> wrote in message
news:09382B30-CC56-406F-91D1-349411753065@microsoft.com...
 > Also just before the 401.2 message comes up, the user is prompted for the
domain credentials (username, password and domain).<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: HTTP 401.2 Error resolving FQDN 

The web app at the URL uses NTLM authentication.
 >> Stay informed about: HTTP 401.2 Error resolving FQDN 

Hello,

You say in the other message that the user is prompted to logon. Have the
user tried to logon? Are you sure the correct username (including domain)
was used?

Have you tried to add the website to the intranet zone in Internet Explorer?
I want to see if this has anything to do with that the user is not
authenticated properly.

--
Regards,
Kristofer Gafvert - IIS MVP
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!


"stephen" <stephenhines.TakeThisOut@yahoo.com> wrote in message
news:20F40B2B-59BB-42F1-A174-47A7FBD52D63@microsoft.com...
 > There is an internal web site I manage that users within my company have
access to for training purposes. Most users can access the URL of the site
via the FQDN with no problems, but some users cannot. If these particular
users attempt to access the site via the FQDN, they receive this HTTP error:
 >
 > HTTP 401.2 - Unauthorized: Logon failed due to server configuration
 >
 > The users having a problem getting to the URL are not using a proxy server
and in their TCP/IP settings they have the DNS suffix listed in which the
web site exists in. If they access the site without the FQDN (just the host
name) it works fine.
 >
 > Any ideas?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: HTTP 401.2 Error resolving FQDN 

The web application strictly uses NTLM authentication. It is completely seamless. The user should never be prompted for any credentials. The database that the application uses stores a record that has an entry for each user accessing the web site along with their respective NT credentials. So when the users hits the web site, it compares their NT credentials with an entry in the database to verify that the user is valid. If the user's NT account doesn't exist in the database then they get a different message specific to the application itself that the user account could not be found. Otherwise they are automatically able to access the web site.

If the user manually enter the credentials the dialog box they are able to access the site. Based on your recommendation I was able to duplicate the error if the web site was not in the Trusted Sites list. From what I can tell there is a Windows 2000 Group Policy Setting that could add this site to the Trusted Sites list in Internet Explorer for all PCs in the domain:
Group Policy -> User Configuration -> Windows Settings -> Internet Explorer Maintenance -> Security -> Security Zones and Content Ratings

But the strange thing is that since most people can hit this URL, either practically everyone has a low security setting for Local Intranet sites to allow them to hit the site or it's already in their Trusted Sites (which is somewhat doubtful since i've never instructed anyone to do this).
 >> Stay informed about: HTTP 401.2 Error resolving FQDN 

Does the users belong to different domains?

It sounds like the problem is not with IIS (since it is working if you
manually login via the logon box), so i think that you might get better
support from one of the Internet Explorer groups.

Here's a list of reasons why you are asked for credentials, maybe something
of that helps you:

[258063] Internet Explorer May Prompt You for a Password
<a style='text-decoration: underline;' href="http://support.microsoft.com/?id=258063" target="_blank">http://support.microsoft.com/?id=258063</a>

--
Regards,
Kristofer Gafvert - IIS MVP
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!


"stephen" <anonymous DeleteThis @discussions.microsoft.com> wrote in message
news:B12914C6-A9FD-4CC6-9F48-05B82147D6F1@microsoft.com...
 > The web application strictly uses NTLM authentication. It is completely
seamless. The user should never be prompted for any credentials. The
database that the application uses stores a record that has an entry for
each user accessing the web site along with their respective NT credentials.
So when the users hits the web site, it compares their NT credentials with
an entry in the database to verify that the user is valid. If the user's NT
account doesn't exist in the database then they get a different message
specific to the application itself that the user account could not be found.
Otherwise they are automatically able to access the web site.
 >
 > If the user manually enter the credentials the dialog box they are able to
access the site. Based on your recommendation I was able to duplicate the
error if the web site was not in the Trusted Sites list. From what I can
tell there is a Windows 2000 Group Policy Setting that could add this site
to the Trusted Sites list in Internet Explorer for all PCs in the domain:
 > Group Policy -> User Configuration -> Windows Settings -> Internet
Explorer Maintenance -> Security -> Security Zones and Content Ratings
 >
 > But the strange thing is that since most people can hit this URL, either
practically everyone has a low security setting for Local Intranet sites to
allow them to hit the site or it's already in their Trusted Sites (which is
somewhat doubtful since i've never instructed anyone to do this).
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: HTTP 401.2 Error resolving FQDN