You are not authorized to view this page

Hi

I have two IIS servers with similar setups,
When I logon to the server and use IE to view the website, everything works
as expected on both servers

When I use a different computer to view the same pages, then one works OK,
and the other gives me the error in the subject line.

Looking in the log for the IIS server that gives me the error, there are a
series of errors
302 0 0
301 0 0
401 1 0
402 2 2148074254

Where should I be looking to resolve the error and get the remote browser
sesssion working?

Thanks Heaps

Bob

Re: You are not authorized to view this page

302 = redirect
301 = redirect
Those are not "errors". Instead your browser is being told to make a new
request for a different page.

401.1 is an authentication challenge (you are being challenged to provide
allowed credentials)

402.2 - IIS does not implement this error code. Please verify what you have
in your logfile. If it's, instead, 401.2 then that may be part of a
legitimate NTLM authentication. What is the *next* request? Does it have a
200 OK status?

Can you post the entire logfile entries you have (including the one
following the entries above)?

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

"Bob" wrote in message
news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
> Hi
>
> I have two IIS servers with similar setups,
> When I logon to the server and use IE to view the website, everything
> works as expected on both servers
>
> When I use a different computer to view the same pages, then one works OK,
> and the other gives me the error in the subject line.
>
> Looking in the log for the IIS server that gives me the error, there are a
> series of errors
> 302 0 0
> 301 0 0
> 401 1 0
> 402 2 2148074254
>
> Where should I be looking to resolve the error and get the remote browser
> sesssion working?
>
> Thanks Heaps
>
> Bob
>

Re: You are not authorized to view this page

Here is the log of the latest attempt. I got prompted for credentials 3
times before being rejected. No, there was no status=200 record to indicate
sucess

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-04-29 21:55:00
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 2 2148074254
2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0
2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 - 172.17.150.136
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
401 1 0

"Ken Schaefer" wrote in message
news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
> 302 = redirect
> 301 = redirect
> Those are not "errors". Instead your browser is being told to make a new
> request for a different page.
>
> 401.1 is an authentication challenge (you are being challenged to provide
> allowed credentials)
>
> 402.2 - IIS does not implement this error code. Please verify what you
> have in your logfile. If it's, instead, 401.2 then that may be part of a
> legitimate NTLM authentication. What is the *next* request? Does it have a
> 200 OK status?
>
> Can you post the entire logfile entries you have (including the one
> following the entries above)?
>
> Cheers
> Ken
>
> --
> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>
> "Bob" wrote in message
> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>> Hi
>>
>> I have two IIS servers with similar setups,
>> When I logon to the server and use IE to view the website, everything
>> works as expected on both servers
>>
>> When I use a different computer to view the same pages, then one works
>> OK, and the other gives me the error in the subject line.
>>
>> Looking in the log for the IIS server that gives me the error, there are
>> a series of errors
>> 302 0 0
>> 301 0 0
>> 401 1 0
>> 402 2 2148074254
>>
>> Where should I be looking to resolve the error and get the remote browser
>> sesssion working?
>>
>> Thanks Heaps
>>
>> Bob
>>
>

Re: You are not authorized to view this page

Hi,

On your server, can you enable "Logon Failure" auditing please (Start ->
Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable
Failure auditing for Account Logon events, and Logon Events (by default only
a "Success" is logged).

Then, in your Windows Security event Logs, you should start getting some
more detailed information on why authentication is failing.

Lastly, there are no actual credentials in the log files below. It would
appear that perhaps your browser is not actually sending credentials, or IIS
isn't see them, or doesn't seem them as valid. What AuthN mechanisms have
you configured for the "Reports" directory in IIS? (Basic? IWA? Digest?)

Cheers
Ken


"Bob" wrote in message
news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl...
> Here is the log of the latest attempt. I got prompted for credentials 3
> times before being rejected. No, there was no status=200 record to
> indicate sucess
>
> #Software: Microsoft Internet Information Services 6.0
> #Version: 1.0
> #Date: 2007-04-29 21:55:00
> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
> sc-win32-status
> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 2 2148074254
> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
> 172.17.150.136
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
> 401 1 0
>
> "Ken Schaefer" wrote in message
> news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
>> 302 = redirect
>> 301 = redirect
>> Those are not "errors". Instead your browser is being told to make a new
>> request for a different page.
>>
>> 401.1 is an authentication challenge (you are being challenged to provide
>> allowed credentials)
>>
>> 402.2 - IIS does not implement this error code. Please verify what you
>> have in your logfile. If it's, instead, 401.2 then that may be part of a
>> legitimate NTLM authentication. What is the *next* request? Does it have
>> a 200 OK status?
>>
>> Can you post the entire logfile entries you have (including the one
>> following the entries above)?
>>
>> Cheers
>> Ken
>>
>> --
>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>
>> "Bob" wrote in message
>> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>>> Hi
>>>
>>> I have two IIS servers with similar setups,
>>> When I logon to the server and use IE to view the website, everything
>>> works as expected on both servers
>>>
>>> When I use a different computer to view the same pages, then one works
>>> OK, and the other gives me the error in the subject line.
>>>
>>> Looking in the log for the IIS server that gives me the error, there are
>>> a series of errors
>>> 302 0 0
>>> 301 0 0
>>> 401 1 0
>>> 402 2 2148074254
>>>
>>> Where should I be looking to resolve the error and get the remote
>>> browser sesssion working?
>>>
>>> Thanks Heaps
>>>
>>> Bob
>>>
>>
>
>

Re: You are not authorized to view this page

Hi Ken,

The AuthN methods is "Windows Integrated", we are not using anonymous, or
basic or digest
Here is the event log for the failure. The computer is called BAY18, the
domain is called TAIPAN-DEV

Cheers

30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 172.17.150.183
Source Port: 2746
"
30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT
AUTHORITY\SYSTEM BAY18 "Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name: IUSR_BAY18
Domain: BAY18
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: BAY18
Caller User Name: kinosweb
Caller Domain: TAIPAN-DEV
Caller Logon ID: (0x0,0x65AD98)
Caller Process ID: 2240
Transited Services: -
Source Network Address: -
Source Port: -
"
30/04/2007 12:04:43 PM Security Success Audit Account Logon 680
BAY18\IUSR_BAY18 BAY18 "Logon attempt by:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: IUSR_BAY18
Source Workstation: BAY18
Error Code: 0x0

"Ken Schaefer" wrote in message
news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> On your server, can you enable "Logon Failure" auditing please (Start ->
> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable
> Failure auditing for Account Logon events, and Logon Events (by default
> only a "Success" is logged).
>
> Then, in your Windows Security event Logs, you should start getting some
> more detailed information on why authentication is failing.
>
> Lastly, there are no actual credentials in the log files below. It would
> appear that perhaps your browser is not actually sending credentials, or
> IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms
> have you configured for the "Reports" directory in IIS? (Basic? IWA?
> Digest?)
>
> Cheers
> Ken
>
>
> "Bob" wrote in message
> news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl...
>> Here is the log of the latest attempt. I got prompted for credentials 3
>> times before being rejected. No, there was no status=200 record to
>> indicate sucess
>>
>> #Software: Microsoft Internet Information Services 6.0
>> #Version: 1.0
>> #Date: 2007-04-29 21:55:00
>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
>> sc-win32-status
>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 2 2148074254
>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>> 172.17.150.136
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>> 401 1 0
>>
>> "Ken Schaefer" wrote in message
>> news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
>>> 302 = redirect
>>> 301 = redirect
>>> Those are not "errors". Instead your browser is being told to make a new
>>> request for a different page.
>>>
>>> 401.1 is an authentication challenge (you are being challenged to
>>> provide allowed credentials)
>>>
>>> 402.2 - IIS does not implement this error code. Please verify what you
>>> have in your logfile. If it's, instead, 401.2 then that may be part of a
>>> legitimate NTLM authentication. What is the *next* request? Does it have
>>> a 200 OK status?
>>>
>>> Can you post the entire logfile entries you have (including the one
>>> following the entries above)?
>>>
>>> Cheers
>>> Ken
>>>
>>> --
>>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>>
>>> "Bob" wrote in message
>>> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>>>> Hi
>>>>
>>>> I have two IIS servers with similar setups,
>>>> When I logon to the server and use IE to view the website, everything
>>>> works as expected on both servers
>>>>
>>>> When I use a different computer to view the same pages, then one works
>>>> OK, and the other gives me the error in the subject line.
>>>>
>>>> Looking in the log for the IIS server that gives me the error, there
>>>> are a series of errors
>>>> 302 0 0
>>>> 301 0 0
>>>> 401 1 0
>>>> 402 2 2148074254
>>>>
>>>> Where should I be looking to resolve the error and get the remote
>>>> browser sesssion working?
>>>>
>>>> Thanks Heaps
>>>>
>>>> Bob
>>>>
>>>
>>
>>
>

Re: You are not authorized to view this page

Are the two machines in the same Windows Active Directory Domain?

If so, I think your options are:
a) enable Kerberos logging on all machines, and see what errors are being
reported. Kerberos authN is failing for some reason, but we don't know why.
http://support.microsoft.com/?id=262177

b) edit the metabase to remove Kerberos as an available AuthN option (i.e.
so that only "NTLM" is offered and not "Negotiate")

Cheers
Ken



"Bob" wrote in message
news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl...
> Hi Ken,
>
> The AuthN methods is "Windows Integrated", we are not using anonymous, or
> basic or digest
> Here is the event log for the failure. The computer is called BAY18, the
> domain is called TAIPAN-DEV
>
> Cheers
>
> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 172.17.150.183
> Source Port: 2746
> "
> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT
> AUTHORITY\SYSTEM BAY18 "Logon Failure:
> Reason: The user has not been granted the requested
> logon type at this machine
> User Name: IUSR_BAY18
> Domain: BAY18
> Logon Type: 8
> Logon Process: Advapi
> Authentication Package: Negotiate
> Workstation Name: BAY18
> Caller User Name: kinosweb
> Caller Domain: TAIPAN-DEV
> Caller Logon ID: (0x0,0x65AD98)
> Caller Process ID: 2240
> Transited Services: -
> Source Network Address: -
> Source Port: -
> "
> 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680
> BAY18\IUSR_BAY18 BAY18 "Logon attempt by:
> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Logon account: IUSR_BAY18
> Source Workstation: BAY18
> Error Code: 0x0
>
> "Ken Schaefer" wrote in message
> news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl...
>> Hi,
>>
>> On your server, can you enable "Logon Failure" auditing please (Start ->
>> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can enable
>> Failure auditing for Account Logon events, and Logon Events (by default
>> only a "Success" is logged).
>>
>> Then, in your Windows Security event Logs, you should start getting some
>> more detailed information on why authentication is failing.
>>
>> Lastly, there are no actual credentials in the log files below. It would
>> appear that perhaps your browser is not actually sending credentials, or
>> IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms
>> have you configured for the "Reports" directory in IIS? (Basic? IWA?
>> Digest?)
>>
>> Cheers
>> Ken
>>
>>
>> "Bob" wrote in message
>> news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl...
>>> Here is the log of the latest attempt. I got prompted for credentials 3
>>> times before being rejected. No, there was no status=200 record to
>>> indicate sucess
>>>
>>> #Software: Microsoft Internet Information Services 6.0
>>> #Version: 1.0
>>> #Date: 2007-04-29 21:55:00
>>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
>>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
>>> sc-win32-status
>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 2 2148074254
>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>> 172.17.150.136
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>> 401 1 0
>>>
>>> "Ken Schaefer" wrote in message
>>> news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
>>>> 302 = redirect
>>>> 301 = redirect
>>>> Those are not "errors". Instead your browser is being told to make a
>>>> new request for a different page.
>>>>
>>>> 401.1 is an authentication challenge (you are being challenged to
>>>> provide allowed credentials)
>>>>
>>>> 402.2 - IIS does not implement this error code. Please verify what you
>>>> have in your logfile. If it's, instead, 401.2 then that may be part of
>>>> a legitimate NTLM authentication. What is the *next* request? Does it
>>>> have a 200 OK status?
>>>>
>>>> Can you post the entire logfile entries you have (including the one
>>>> following the entries above)?
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>> --
>>>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>>>
>>>> "Bob" wrote in message
>>>> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>>>>> Hi
>>>>>
>>>>> I have two IIS servers with similar setups,
>>>>> When I logon to the server and use IE to view the website, everything
>>>>> works as expected on both servers
>>>>>
>>>>> When I use a different computer to view the same pages, then one works
>>>>> OK, and the other gives me the error in the subject line.
>>>>>
>>>>> Looking in the log for the IIS server that gives me the error, there
>>>>> are a series of errors
>>>>> 302 0 0
>>>>> 301 0 0
>>>>> 401 1 0
>>>>> 402 2 2148074254
>>>>>
>>>>> Where should I be looking to resolve the error and get the remote
>>>>> browser sesssion working?
>>>>>
>>>>> Thanks Heaps
>>>>>
>>>>> Bob
>>>>>
>>>>
>>>
>>>
>>
>
>

Re: You are not authorized to view this page

Ken,

Here is the record from the Sytem Log for Kerberos
30/04/2007 1:36:04 PM Kerberos Error None 3 N/A BAY18 A Kerberos Error
Message was received:
on logon session
Client Time:
Server Time: 3:36:4.0000 4/30/2007 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: TAIPAN-DEV.MY.GOV.AU
Server Name: host/bay18.taipan-dev.my.gov.au
Target Name: host/bay18.taipan-dev.my.gov.au@TAIPAN-DEV.MY.GOV.AU
Error Text:
File: 9
Line: ae0
Error Data is in record data.

Bob
"Ken Schaefer" wrote in message
news:%23JYZPEtiHHA.5052@TK2MSFTNGP05.phx.gbl...
> Are the two machines in the same Windows Active Directory Domain?
>
> If so, I think your options are:
> a) enable Kerberos logging on all machines, and see what errors are being
> reported. Kerberos authN is failing for some reason, but we don't know
> why. http://support.microsoft.com/?id=262177
>
> b) edit the metabase to remove Kerberos as an available AuthN option (i.e.
> so that only "NTLM" is offered and not "Negotiate")
>
> Cheers
> Ken
>
>
>
> "Bob" wrote in message
> news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl...
>> Hi Ken,
>>
>> The AuthN methods is "Windows Integrated", we are not using anonymous, or
>> basic or digest
>> Here is the event log for the failure. The computer is called BAY18, the
>> domain is called TAIPAN-DEV
>>
>> Cheers
>>
>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: 172.17.150.183
>> Source Port: 2746
>> "
>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT
>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>> Reason: The user has not been granted the requested
>> logon type at this machine
>> User Name: IUSR_BAY18
>> Domain: BAY18
>> Logon Type: 8
>> Logon Process: Advapi
>> Authentication Package: Negotiate
>> Workstation Name: BAY18
>> Caller User Name: kinosweb
>> Caller Domain: TAIPAN-DEV
>> Caller Logon ID: (0x0,0x65AD98)
>> Caller Process ID: 2240
>> Transited Services: -
>> Source Network Address: -
>> Source Port: -
>> "
>> 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680
>> BAY18\IUSR_BAY18 BAY18 "Logon attempt by:
>> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>> Logon account: IUSR_BAY18
>> Source Workstation: BAY18
>> Error Code: 0x0
>>
>> "Ken Schaefer" wrote in message
>> news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl...
>>> Hi,
>>>
>>> On your server, can you enable "Logon Failure" auditing please (Start ->
>>> Run -> Secpol.msc). Under Local Policies -> Audit Policies you can
>>> enable Failure auditing for Account Logon events, and Logon Events (by
>>> default only a "Success" is logged).
>>>
>>> Then, in your Windows Security event Logs, you should start getting some
>>> more detailed information on why authentication is failing.
>>>
>>> Lastly, there are no actual credentials in the log files below. It would
>>> appear that perhaps your browser is not actually sending credentials, or
>>> IIS isn't see them, or doesn't seem them as valid. What AuthN mechanisms
>>> have you configured for the "Reports" directory in IIS? (Basic? IWA?
>>> Digest?)
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>> "Bob" wrote in message
>>> news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl...
>>>> Here is the log of the latest attempt. I got prompted for credentials 3
>>>> times before being rejected. No, there was no status=200 record to
>>>> indicate sucess
>>>>
>>>> #Software: Microsoft Internet Information Services 6.0
>>>> #Version: 1.0
>>>> #Date: 2007-04-29 21:55:00
>>>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
>>>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
>>>> sc-win32-status
>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 2 2148074254
>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>> 172.17.150.136
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>> 401 1 0
>>>>
>>>> "Ken Schaefer" wrote in message
>>>> news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
>>>>> 302 = redirect
>>>>> 301 = redirect
>>>>> Those are not "errors". Instead your browser is being told to make a
>>>>> new request for a different page.
>>>>>
>>>>> 401.1 is an authentication challenge (you are being challenged to
>>>>> provide allowed credentials)
>>>>>
>>>>> 402.2 - IIS does not implement this error code. Please verify what you
>>>>> have in your logfile. If it's, instead, 401.2 then that may be part of
>>>>> a legitimate NTLM authentication. What is the *next* request? Does it
>>>>> have a 200 OK status?
>>>>>
>>>>> Can you post the entire logfile entries you have (including the one
>>>>> following the entries above)?
>>>>>
>>>>> Cheers
>>>>> Ken
>>>>>
>>>>> --
>>>>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>>>>
>>>>> "Bob" wrote in message
>>>>> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>>>>>> Hi
>>>>>>
>>>>>> I have two IIS servers with similar setups,
>>>>>> When I logon to the server and use IE to view the website, everything
>>>>>> works as expected on both servers
>>>>>>
>>>>>> When I use a different computer to view the same pages, then one
>>>>>> works OK, and the other gives me the error in the subject line.
>>>>>>
>>>>>> Looking in the log for the IIS server that gives me the error, there
>>>>>> are a series of errors
>>>>>> 302 0 0
>>>>>> 301 0 0
>>>>>> 401 1 0
>>>>>> 402 2 2148074254
>>>>>>
>>>>>> Where should I be looking to resolve the error and get the remote
>>>>>> browser sesssion working?
>>>>>>
>>>>>> Thanks Heaps
>>>>>>
>>>>>> Bob
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>

Re: You are not authorized to view this page

Ken,

Some good news. I have solved the problem.
It seems that by using a different user account in the AppPool, then that
user and the server need to ahve their "servicePrincipalName" attribute
populated in AD.
The commands to acheive this are


setspn -a http/bay18 taipan-dev\kinosweb

setspn -a http/bay18.taipan-dev.my.gov.au taipan-dev\kinosweb


By running these two commands on the domain controller, everything now works
as expected

Thanks for your help

"Bob" wrote in message
news:OejwXutiHHA.3472@TK2MSFTNGP04.phx.gbl...
> Ken,
>
> Here is the record from the Sytem Log for Kerberos
> 30/04/2007 1:36:04 PM Kerberos Error None 3 N/A BAY18 A Kerberos Error
> Message was received:
> on logon session
> Client Time:
> Server Time: 3:36:4.0000 4/30/2007 Z
> Error Code: 0xd KDC_ERR_BADOPTION
> Extended Error: 0xc00000bb KLIN(0)
> Client Realm:
> Client Name:
> Server Realm: TAIPAN-DEV.MY.GOV.AU
> Server Name: host/bay18.taipan-dev.my.gov.au
> Target Name: host/bay18.taipan-dev.my.gov.au@TAIPAN-DEV.MY.GOV.AU
> Error Text:
> File: 9
> Line: ae0
> Error Data is in record data.
>
> Bob
> "Ken Schaefer" wrote in message
> news:%23JYZPEtiHHA.5052@TK2MSFTNGP05.phx.gbl...
>> Are the two machines in the same Windows Active Directory Domain?
>>
>> If so, I think your options are:
>> a) enable Kerberos logging on all machines, and see what errors are being
>> reported. Kerberos authN is failing for some reason, but we don't know
>> why. http://support.microsoft.com/?id=262177
>>
>> b) edit the metabase to remove Kerberos as an available AuthN option
>> (i.e. so that only "NTLM" is offered and not "Negotiate")
>>
>> Cheers
>> Ken
>>
>>
>>
>> "Bob" wrote in message
>> news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl...
>>> Hi Ken,
>>>
>>> The AuthN methods is "Windows Integrated", we are not using anonymous,
>>> or basic or digest
>>> Here is the event log for the failure. The computer is called BAY18,
>>> the domain is called TAIPAN-DEV
>>>
>>> Cheers
>>>
>>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: 172.17.150.183
>>> Source Port: 2746
>>> "
>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT
>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>> Reason: The user has not been granted the requested
>>> logon type at this machine
>>> User Name: IUSR_BAY18
>>> Domain: BAY18
>>> Logon Type: 8
>>> Logon Process: Advapi
>>> Authentication Package: Negotiate
>>> Workstation Name: BAY18
>>> Caller User Name: kinosweb
>>> Caller Domain: TAIPAN-DEV
>>> Caller Logon ID: (0x0,0x65AD98)
>>> Caller Process ID: 2240
>>> Transited Services: -
>>> Source Network Address: -
>>> Source Port: -
>>> "
>>> 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680
>>> BAY18\IUSR_BAY18 BAY18 "Logon attempt by:
>>> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>>> Logon account: IUSR_BAY18
>>> Source Workstation: BAY18
>>> Error Code: 0x0
>>>
>>> "Ken Schaefer" wrote in message
>>> news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl...
>>>> Hi,
>>>>
>>>> On your server, can you enable "Logon Failure" auditing please
>>>> (Start -> Run -> Secpol.msc). Under Local Policies -> Audit Policies
>>>> you can enable Failure auditing for Account Logon events, and Logon
>>>> Events (by default only a "Success" is logged).
>>>>
>>>> Then, in your Windows Security event Logs, you should start getting
>>>> some more detailed information on why authentication is failing.
>>>>
>>>> Lastly, there are no actual credentials in the log files below. It
>>>> would appear that perhaps your browser is not actually sending
>>>> credentials, or IIS isn't see them, or doesn't seem them as valid. What
>>>> AuthN mechanisms have you configured for the "Reports" directory in
>>>> IIS? (Basic? IWA? Digest?)
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>>
>>>> "Bob" wrote in message
>>>> news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl...
>>>>> Here is the log of the latest attempt. I got prompted for credentials
>>>>> 3 times before being rejected. No, there was no status=200 record to
>>>>> indicate sucess
>>>>>
>>>>> #Software: Microsoft Internet Information Services 6.0
>>>>> #Version: 1.0
>>>>> #Date: 2007-04-29 21:55:00
>>>>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
>>>>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
>>>>> sc-win32-status
>>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 2 2148074254
>>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>> 172.17.150.136
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>> 401 1 0
>>>>>
>>>>> "Ken Schaefer" wrote in message
>>>>> news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
>>>>>> 302 = redirect
>>>>>> 301 = redirect
>>>>>> Those are not "errors". Instead your browser is being told to make a
>>>>>> new request for a different page.
>>>>>>
>>>>>> 401.1 is an authentication challenge (you are being challenged to
>>>>>> provide allowed credentials)
>>>>>>
>>>>>> 402.2 - IIS does not implement this error code. Please verify what
>>>>>> you have in your logfile. If it's, instead, 401.2 then that may be
>>>>>> part of a legitimate NTLM authentication. What is the *next* request?
>>>>>> Does it have a 200 OK status?
>>>>>>
>>>>>> Can you post the entire logfile entries you have (including the one
>>>>>> following the entries above)?
>>>>>>
>>>>>> Cheers
>>>>>> Ken
>>>>>>
>>>>>> --
>>>>>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>>>>>
>>>>>> "Bob" wrote in message
>>>>>> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>>>>>>> Hi
>>>>>>>
>>>>>>> I have two IIS servers with similar setups,
>>>>>>> When I logon to the server and use IE to view the website,
>>>>>>> everything works as expected on both servers
>>>>>>>
>>>>>>> When I use a different computer to view the same pages, then one
>>>>>>> works OK, and the other gives me the error in the subject line.
>>>>>>>
>>>>>>> Looking in the log for the IIS server that gives me the error, there
>>>>>>> are a series of errors
>>>>>>> 302 0 0
>>>>>>> 301 0 0
>>>>>>> 401 1 0
>>>>>>> 402 2 2148074254
>>>>>>>
>>>>>>> Where should I be looking to resolve the error and get the remote
>>>>>>> browser sesssion working?
>>>>>>>
>>>>>>> Thanks Heaps
>>>>>>>
>>>>>>> Bob
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>

Re: You are not authorized to view this page

Hi,

Yes, if you are running the Web App Pool under an account under the inbuilt
default principals (LocalSystem, Local Service, Network Service) you will
need to register the SPN properly:

IIS and Kerberos Part 2 - What are Service Principal Names?
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/11/19/ 606.aspx

Cheers
Ken


"Bob" wrote in message
news:%23f8TCguiHHA.4976@TK2MSFTNGP03.phx.gbl...
> Ken,
>
> Some good news. I have solved the problem.
> It seems that by using a different user account in the AppPool, then that
> user and the server need to ahve their "servicePrincipalName" attribute
> populated in AD.
> The commands to acheive this are
>
>
> setspn -a http/bay18 taipan-dev\kinosweb
>
> setspn -a http/bay18.taipan-dev.my.gov.au taipan-dev\kinosweb
>
>
> By running these two commands on the domain controller, everything now
> works as expected
>
> Thanks for your help
>
> "Bob" wrote in message
> news:OejwXutiHHA.3472@TK2MSFTNGP04.phx.gbl...
>> Ken,
>>
>> Here is the record from the Sytem Log for Kerberos
>> 30/04/2007 1:36:04 PM Kerberos Error None 3 N/A BAY18 A Kerberos Error
>> Message was received:
>> on logon session
>> Client Time:
>> Server Time: 3:36:4.0000 4/30/2007 Z
>> Error Code: 0xd KDC_ERR_BADOPTION
>> Extended Error: 0xc00000bb KLIN(0)
>> Client Realm:
>> Client Name:
>> Server Realm: TAIPAN-DEV.MY.GOV.AU
>> Server Name: host/bay18.taipan-dev.my.gov.au
>> Target Name: host/bay18.taipan-dev.my.gov.au@TAIPAN-DEV.MY.GOV.AU
>> Error Text:
>> File: 9
>> Line: ae0
>> Error Data is in record data.
>>
>> Bob
>> "Ken Schaefer" wrote in message
>> news:%23JYZPEtiHHA.5052@TK2MSFTNGP05.phx.gbl...
>>> Are the two machines in the same Windows Active Directory Domain?
>>>
>>> If so, I think your options are:
>>> a) enable Kerberos logging on all machines, and see what errors are
>>> being reported. Kerberos authN is failing for some reason, but we don't
>>> know why. http://support.microsoft.com/?id=262177
>>>
>>> b) edit the metabase to remove Kerberos as an available AuthN option
>>> (i.e. so that only "NTLM" is offered and not "Negotiate")
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>>
>>> "Bob" wrote in message
>>> news:uN%23D31siHHA.4516@TK2MSFTNGP03.phx.gbl...
>>>> Hi Ken,
>>>>
>>>> The AuthN methods is "Windows Integrated", we are not using anonymous,
>>>> or basic or digest
>>>> Here is the event log for the failure. The computer is called BAY18,
>>>> the domain is called TAIPAN-DEV
>>>>
>>>> Cheers
>>>>
>>>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:47 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:46 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:45 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 529 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: 172.17.150.183
>>>> Source Port: 2746
>>>> "
>>>> 30/04/2007 12:04:43 PM Security Failure Audit Logon/Logoff 534 NT
>>>> AUTHORITY\SYSTEM BAY18 "Logon Failure:
>>>> Reason: The user has not been granted the requested
>>>> logon type at this machine
>>>> User Name: IUSR_BAY18
>>>> Domain: BAY18
>>>> Logon Type: 8
>>>> Logon Process: Advapi
>>>> Authentication Package: Negotiate
>>>> Workstation Name: BAY18
>>>> Caller User Name: kinosweb
>>>> Caller Domain: TAIPAN-DEV
>>>> Caller Logon ID: (0x0,0x65AD98)
>>>> Caller Process ID: 2240
>>>> Transited Services: -
>>>> Source Network Address: -
>>>> Source Port: -
>>>> "
>>>> 30/04/2007 12:04:43 PM Security Success Audit Account Logon 680
>>>> BAY18\IUSR_BAY18 BAY18 "Logon attempt by:
>>>> MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>>>> Logon account: IUSR_BAY18
>>>> Source Workstation: BAY18
>>>> Error Code: 0x0
>>>>
>>>> "Ken Schaefer" wrote in message
>>>> news:%23uV7fZsiHHA.1244@TK2MSFTNGP04.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> On your server, can you enable "Logon Failure" auditing please
>>>>> (Start -> Run -> Secpol.msc). Under Local Policies -> Audit Policies
>>>>> you can enable Failure auditing for Account Logon events, and Logon
>>>>> Events (by default only a "Success" is logged).
>>>>>
>>>>> Then, in your Windows Security event Logs, you should start getting
>>>>> some more detailed information on why authentication is failing.
>>>>>
>>>>> Lastly, there are no actual credentials in the log files below. It
>>>>> would appear that perhaps your browser is not actually sending
>>>>> credentials, or IIS isn't see them, or doesn't seem them as valid.
>>>>> What AuthN mechanisms have you configured for the "Reports" directory
>>>>> in IIS? (Basic? IWA? Digest?)
>>>>>
>>>>> Cheers
>>>>> Ken
>>>>>
>>>>>
>>>>> "Bob" wrote in message
>>>>> news:e$oEUlqiHHA.4976@TK2MSFTNGP03.phx.gbl...
>>>>>> Here is the log of the latest attempt. I got prompted for credentials
>>>>>> 3 times before being rejected. No, there was no status=200 record to
>>>>>> indicate sucess
>>>>>>
>>>>>> #Software: Microsoft Internet Information Services 6.0
>>>>>> #Version: 1.0
>>>>>> #Date: 2007-04-29 21:55:00
>>>>>> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
>>>>>> s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus
>>>>>> sc-win32-status
>>>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 2 2148074254
>>>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:00 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:03 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>> 2007-04-29 21:55:04 W3SVC1 172.17.150.228 GET /reports - 80 -
>>>>>> 172.17.150.136
>>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET +CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+In foPath.2)
>>>>>> 401 1 0
>>>>>>
>>>>>> "Ken Schaefer" wrote in message
>>>>>> news:u2XjyMjiHHA.4668@TK2MSFTNGP04.phx.gbl...
>>>>>>> 302 = redirect
>>>>>>> 301 = redirect
>>>>>>> Those are not "errors". Instead your browser is being told to make a
>>>>>>> new request for a different page.
>>>>>>>
>>>>>>> 401.1 is an authentication challenge (you are being challenged to
>>>>>>> provide allowed credentials)
>>>>>>>
>>>>>>> 402.2 - IIS does not implement this error code. Please verify what
>>>>>>> you have in your logfile. If it's, instead, 401.2 then that may be
>>>>>>> part of a legitimate NTLM authentication. What is the *next*
>>>>>>> request? Does it have a 200 OK status?
>>>>>>>
>>>>>>> Can you post the entire logfile entries you have (including the one
>>>>>>> following the entries above)?
>>>>>>>
>>>>>>> Cheers
>>>>>>> Ken
>>>>>>>
>>>>>>> --
>>>>>>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>>>>>>
>>>>>>> "Bob" wrote in message
>>>>>>> news:uHYXtCUiHHA.5008@TK2MSFTNGP02.phx.gbl...
>>>>>>>> Hi
>>>>>>>>
>>>>>>>> I have two IIS servers with similar setups,
>>>>>>>> When I logon to the server and use IE to view the website,
>>>>>>>> everything works as expected on both servers
>>>>>>>>
>>>>>>>> When I use a different computer to view the same pages, then one
>>>>>>>> works OK, and the other gives me the error in the subject line.
>>>>>>>>
>>>>>>>> Looking in the log for the IIS server that gives me the error,
>>>>>>>> there are a series of errors
>>>>>>>> 302 0 0
>>>>>>>> 301 0 0
>>>>>>>> 401 1 0
>>>>>>>> 402 2 2148074254
>>>>>>>>
>>>>>>>> Where should I be looking to resolve the error and get the remote
>>>>>>>> browser sesssion working?
>>>>>>>>
>>>>>>>> Thanks Heaps
>>>>>>>>
>>>>>>>> Bob
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>
>

Re: You are not authorized to view this page

Hi.

Nobody will help you.
Becouse Micorosft are bad.
I have installed iis6 and when i try to open php it give

HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the
requested resource.
Internet Information Services (IIS)

HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI
application.
Internet Information Services (IIS)
did you see Microsoft,are bad.
This problems are from 2004 and again are coming.

They only can give you information what is that,but they can't give you
answers.
SHAME MICROSOFT.

That is it for now.

Goodbye.

Re: You are not authorized to view this page

OP has no problems running PHP - he has a Kerberos issue.

There are many tutorials on how to install/configure PHP on IIS on the web
(I even have one on my blog for running PHP on IIS 7). PHP is not a
MIcrosoft product - you should get support from the PHP team if you wish to
install/configure their product.

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken


"Plamen" wrote in message
news:O8$q9l3jHHA.4188@TK2MSFTNGP02.phx.gbl...
> Hi.
>
> Nobody will help you.
> Becouse Micorosft are bad.
> I have installed iis6 and when i try to open php it give
>
> HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the
> requested resource.
> Internet Information Services (IIS)
>
> HTTP Error 401.5 - Unauthorized: Authorization failed by an ISAPI/CGI
> application.
> Internet Information Services (IIS)
> did you see Microsoft,are bad.
> This problems are from 2004 and again are coming.
>
> They only can give you information what is that,but they can't give you
> answers.
> SHAME MICROSOFT.
>
> That is it for now.
>
> Goodbye.
>

RE: You are not authorized to view this page

Hi.

Ops.Man you are on error.

Microsoft don't say nothing for this error.
I don't have installed kerberos,so this is Micorosft problems,bastard.

That is it for now.

Goodbye.

From http://www.developmentnow.com/g/91_2007_5_0_0_963689/You-are -not-authorized-to-view-this-page.htm

Posted via DevelopmentNow.com Groups
http://www.developmentnow.com

Re: You are not authorized to view this page

Hi,

Kerberos is in-built into Windows. You have a PHP problem - this thread is
about Kerberos configuration. You seem to be completely confused as to what
is being discussed here. If you have a PHP problem, please start a new
thread about your configuration.

Cheers
Ken


"Plamen" wrote in message
news:21766d76-bf79-4108-9f5c-ae9c18304790@developmentnow.com ...
> Hi.
>
> Ops.Man you are on error.
>
> Microsoft don't say nothing for this error.
> I don't have installed kerberos,so this is Micorosft problems,bastard.
>
> That is it for now.
>
> Goodbye.
>
> From
> http://www.developmentnow.com/g/91_2007_5_0_0_963689/You-are -not-authorized-to-view-this-page.htm
>
> Posted via DevelopmentNow.com Groups
> http://www.developmentnow.com