IIS windows authentication on leopard

Similar Messages

• The kerberos PAC verification failure when all users of only one RODC Site, trying to get access iis webpage of different site using Integrated Windows Authentication

  The kerberos PAC verification failure when all users of only one Site which having only one RODC server(A), trying to get access iis webpage of different site which having WDC server(B) using Integrated Windows Authentication. But when they accessing the
  website using IP address, it is not asking for credentials as I think it is using NTLM Authentication at that time which is less secure than Kerberos.
  Note that:- All user accounts and Computers of the RODC has been allowed cache password on the RODC. Nearest WDC for the RODC (A) is the WDC (B).
  The website is hosted on a windows server 2003 R2 and generating below system event log for those users of the RODC site :-
  Event Type: Error
  Event Source: Kerberos
  Event Category: None
  Event ID: 7
  Date:
  <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">date</var>
  Time:
  <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">time</var>
  User: N/A
  Computer:
  <var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name (the 2003 server)</var>
  Description: The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client<var style="color:#333333;font-family:'Segoe
  UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name</var> in realm <var
  style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">realm_name</var> had
  a PAC which failed to verify or was modified. Contact your system administrator.
  This issue has been raised for last one week. Before that everything was fine. No Group Policy changed, Time also same.
  In this situation do I need to do Demotion of the RODC and re-promote it as RODC again  or is there any other troubleshooting to resolve it.
  Thanks in Advanced
  Souvik

   Hi Amy,
  Thanks for your response
  I noticed that Logon server could become incorrect again after user re-login or restart of a workstation.
  It seems root cause is different.  Need a permanent solution.
  The Workstations of the RODC site are getting IP from a DHCP server by automatic distribution of IP from a specific subnet for the site only.  The RODC is
  the Primary DNS server for the site.
  I have checked the subnet and it is properly bound with only with that AD site. The group of users and workstations are in the same site AD organisational Unit.
  Sometime I restarted the NET LOGON service and DNS server service on ther RODC server and sometime rebooted the server. But the Logon server issue has not fixed permanently.
  The internal network bandwidth of the site is better than the bandwidth to communicate with other site.  
  The server is Windows server 2008 R2 standard and hosting the below roles
  RODC
  DNS
  File server
  The server performance is Healthy in core times when maximum users usually logins. 
  Any further support would be much appreciated Amy
  Thanks
  Souvik

• Safari for Windows will not log into IIS sites with Windows Authentication

  Safari for Windows will not log into IIS sites with Windows Authentication enabled. The IIS log has thousands of login attempts from Safari that result in 401 errors.
  I disable Windows Authentication on IIS and it works fine. The problem with that is that my Windows clients stop working properly with seemless logins when I disable this.
  The expected behavior is that Safari will work with basic authentication when NTLM does not work. That would result in a password prompt followed by a successful login instead of Safari stopping at "Loading" while hammering the IIS logs.
  It does this on all machines that I have tried.
  Any ideas or is this a bug?

  I noticed that as well. I have to wonder if it's due to not making note of the the different end of line characters between Mac OS X and Windows in code.

• Has some problems when configuring windows authentication in IIS 7

  Recently I'm working on a project. This project is deployed on Windows server 2008 R2 and using IIS7.
  It's using classic ASP, not ASP.NET. 
  In this project we want to use Windows Authentication for application login and SQL connection. 
  The problem is when we enable Windows Authentication, the application can't connect to the SQL server. The error message said " Login
  failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.". If we enable Basic Authentication the application will use the current logon user to connect the SQL server.
  The expected result is after the Windows Authentication is enabled, when somebody logon to the application, the application will use the application pool account to connect to the SQL server not the current logon user or anonymous user.
  Does anybody has any idea about this?
  Jacob.Gu

  Hello Jacob.Gu,
  This forum supports .NET installation not IIS setting, please reopen a new post on the following forum:
  http://forums.iis.net/
  Regards,
  Barry
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Windows Authentication on a Coldfusion Application

  Hi community!
  I am working on a coldfusion application and I had a meeting
  today to show my client my progress. The IT director asked if they
  could use Windows Authentication in the new program because the
  doctors and therapists forget everything. My answer was kind of
  defensive but they asked me to figure that out.
  I have no idea as where to start! Can somebody put some light
  in my head?
  Any thoughts? Any ideas? Any resources?
  I work full time in a software development company, this
  project is part of the jobs I do on the side so I can afford gas!
  he,he In my primary job we have never created a coldfusion app that
  works like that. So that's why I am confused.
  Thanks fellows!

  I use integrated Windows Authntication on my intranet. There
  is a checkbox for it under IIS.
  This allows the uername to be visible to CF using the
  #cgi.auth_user# variable.
  As for security, I maintain a data table with each username
  and appropriate permissions. In my application, I merely confirm
  that the currently logged in user is authorized for given areas of
  my site.
  Works great. The only real caveat is that some places might
  aruge that you are not verifying that the person behind the
  keyboard is really the person currently logged into that particular
  machine on the network. My defense is that this scenario is the
  responsibility of the currently logged in user, rather than the web
  developer. Your environment may dictate more stringent criteria or
  verification.
  BTW: My implementation has passed muster with our security
  audits in the medical field for the last eight or nine
  years.

• Windows Authentication option not available in Windows 8.1

  Hi,
  I am using Windows 8.1 OS. "Windows Authentication" option is not available in my laptop. I navigated to below path.
  Windows Features --> Internet Information Services --> World wide web services --> Security --> in this I am not able to see windows authentication. Please let me know.
  Thanks in Advance!
  Krishna.

  Hi Meipo,
  Thank you for the information and reply.
  I ran command in my laptop. I got below error.
  Image version : 6.3.9600.17031
  Error: 0x800f080c
  Feature name IIS-WindowsAuthentication is unknown.
  Is this problem with OS version? Please suggest me how can I get windows authentication in my laptop.
  Thanks in Advance!
  Krishna.

• Windows authentication failure on SharePoint 2013 zone

  I am attempting to set up a Windows authentication zone in a SharePoint 2013 installation for use by the search crawler.  The zone has been configured to use NTLM in order to eliminate Kerberos from the equation.  The result of my
  attempts to access the Windows authentication zone is a 403 error.  Central Administration is working on the same server, and of course is using Windows authentication.
  I know about the issue of using Windows authentication to localhost, and have configured the backconnectionhostnames entry in the registry.  To prove that I can use Windows authentication using the intended host name for the SharePoint zone, I have
  set up a test IIS site that binds to the host name used by the zone, and successfully authenticated using Windows authentication.
  From monitoring the ULS logs it's obvious that I'm actually successfully completing Windows authentication, and getting a SharePoint claim, but from that point I'm being denied by SharePoint.  I do know that my Windows credentials has site collection
  administrator privileges.  The most interesting failure in the ULS log appears to be:
  SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
  Another odd thing is that after the ULS indicates I have failed authentication, I'm redirected to /_layouts/AccessDenied.aspx instead of the login page defined in web.config.  I have tried many things, including enabling Kernel-mode authentication. 
  Below is an excerpt from my ULS logs:
  SPApplicationAuthenticationModule: There is no Authorization header, can't try to perform application authentication.
  Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.53, Original Level: Verbose] Value for isAnonymousAllowed is : {0}
  [Forced due to logging gap, Original Level: Verbose] Value for checkAuthenticationCookie is : {0}
  Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.56, Original Level: VerboseEx] Sending HTTP response {0} - {1}:{2}.
  [Forced due to logging gap, Original Level: Verbose] SPRequestModule.PreSendRequestHeaders
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5320.19544383434
  Name=Timer Job SchedulingApproval
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=16.4101862108173
  Name=Timer Job SchedulingApproval
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=14.9021733209109
  Name=Timer Job SchedulingApproval
  [Forced due to logging gap, cached @ 12/01/2014 15:48:32.95, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnEndRequest: Start
  SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
  Leaving Monitored Scope (Timer Job SchedulingApproval). Execution Time=17.2175513927049
  Claims Windows Sign-In: Sending 401 for request 'https://crawler.my.host/' because the user is not authenticated and resource requires authentication.
  Name=Request (GET:https://crawler.my.host:443/)
  Micro Trace Tags: 0 nasq
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=9.54646470431298
  Name=Request (GET:https://crawler.my.host:443/)
  SPTokenCache.ReadTokenXml: Successfully read token XML 'mydomain\myuser'.
  Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
  Token Cache: Entry missing for user 'mydomain\myuser'.
  Token Cache: Failed to get token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to get the token for '0).w|s-0-0-0-0-0-0-1234'.
  Claims Windows Sign-In: User 'mydomain\myuser' for request url 'https://crawler.my.host/' does not have a cached SessionSecurityToken.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:33.24, Original Level: VerboseEx] We are in claims windows only mode for for request url '{0}'.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:33.71, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  SPSecurityContext: Added JsonWebSecurityTokenHandler to trust channel factory
  SPSecurityContext: Replaced WSTrustRequestSerializer with SPTrust13RequestSerializer
  SPSecurityContext: The SecurityTokenServiceBehavior is attached to the TrustChannel.
  SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'
  MessageId: 'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
  SecurityTokenServiceReceiveRequest: LocalAddress: 'http://servername:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId:
  'urn:uuid:f175f6ef-a93d-4efe-9173-1fba74b1eed2'
  Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No
  STS Call: Issuing new security token.
  SPSecurityTokenServiceManager!EnsureSharePointLogonRequestClaims: Found primary sid claim. Value: 's-0-0-0-0-0-0-1234'.
  Using claim provider 'System' for operation because it is default and it is visible.
  Excluding claim provider 'AD' for operation because it is not default and .
  Using claim provider 'AllUsers' for operation because it is default and it is visible.
  Excluding claim provider 'Forms' for operation because it is not default and .
  Using claim provider 'User Profile Claim Provider' for operation because it is default and it is visible.
  STS Call Claims Windows: Setting cookie lifetime to: Microsoft.IdentityModel.Protocols.WSTrust.Lifetime
  STS Call Claims Windows: Successfully requested sign-in claim identity for user 'mydomain\myuser'.
  STS Call: Successfully issued new security token.
  Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=13.187150880908
  [Forced due to logging gap, cached @ 12/01/2014 15:48:34.87, Original Level: Verbose] The SecurityTokenServiceHeaderInfo including the correlation ID was added.
  Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=719.713539011243
  [Forced due to logging gap, cached @ 12/01/2014 15:48:35.60, Original Level: Verbose] ____{0}={1}
  Claims Windows Sign-In: Siginging in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
  Updating X.509 certificate validation policy
  [Forced due to logging gap, cached @ 12/01/2014 15:48:36.26, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  Adding X.509 certificate thumbprint '493E6806F4178EDD685BE5EA0AAF79ED30FB4A90' to root authority trust
  SPLocalLoginProvider: Initializing and creating S2S Claim Mappings
  SPLocalLoginProvider: Initialized S2S Claim Mappings.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:36.37, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:37.17, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: Verbose] Deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:37.96, Original Level: Verbose] Completed deserializing the type named {0} and with id {1}.
  [Forced due to logging gap, Original Level: VerboseEx] SPFederationAuthenticationModule.OnSessionSecurityTokenCreated: Start
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.10, Original Level: VerboseEx] SPSam.SetPrincipalFromSessionToken: End
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2}
  Token Cache: Failed to add token from distributed cache for '0).w|s-0-0-0-0-0-0-1234'.(This is expected during the process warm up or if data cache Initialization is getting done by some other thread).
  Token Cache: Reverting to local cache to Add the token for '0).w|s-0-0-0-0-0-0-1234'.
  Token Cache: Successfully added token to cache for '0).w|s-0-0-0-0-0-0-1234'.
  SPTokenCache.ReadTokenXml: Successfully read token XML '0).w|s-0-0-0-0-0-0-1234,0#.w|mydomain\myuser,123456789012345,True,dpoRtB/hPcjVrEaJtqVWxhY8Pbfm++oHwWQ5TCB9jBlLx5n2Ky5OqGXM7ntfLB0kqIJNDUkeQrl4wL7xW2m4r0rV1TiOUf+e2mpHq8WOgN67puRViZbCxCkwmmxUpE/1OVNcDFXRCh26tvVFieK99LKZn8BJUtmP8RqxtwtwqBolNjCyZ3rfSSmtFyM3pdWjphdj312R9Lcp9/EhTpvvV1J2lFCig901ZGaPo7zOw3pFyXl1eDs+gF2Bcbc7/mMZw67/gEccsFaekBVH1TK0d9qqr6P/ISeEgzhlK4DChV94ntsw8m8Pb255yTL8WrbTykMFV3jC7R2MvqCmiKGK+g==,https://crawler.my.host/'.
  Claims Windows Sign-In: Not writing a cookie for request 'https://crawler.my.host/'.
  Claims Windows Sign-In: Successfully signed-in the the user 'mydomain\myuser' for request url 'https://crawler.my.host/'.
  Updating header 'LOGON_USER' with value '0#.w|mydomain\myuser' for the request url 'https://crawler.my.host/'.
  Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=4957.74267399907
  SPApplicationAuthenticationModule: Authorization header doesn't contain Bearer, can't try to perform application authentication.
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|mydomain\myuser, ClaimsCount=27
  Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=31.2877754016223
  Micro Trace Tags: 0 nasq,69 air4a,1 air4b,22 air4a,0 air4b,1641 aeayb,732 b4ly,654 erv2,58 erv3,1814 air36,0 air37,42 b4ly,5 agb9s,39 b4ly
  Leaving Monitored Scope (Request (GET:https://crawler.my.host:443/)). Execution Time=5101.04328902137
  SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.24, Original Level: Verbose] {0}
  [Forced due to logging gap, Original Level: VerboseEx] SPRequestParameters: AppPrincipal={0}, UserName={1}, UserKye={2}, RoleCount={3}, Roles={4}
  Site=/
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.37, Original Level: Verbose] {0}
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.40, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  [Forced due to logging gap, cached @ 12/01/2014 15:48:38.48, Original Level: VerboseEx] No SPAggregateResourceTally associated with thread.
  [Forced due to logging gap, Original Level: VerboseEx] Reverting to process identity
  Access Denied for /. StackTrace:    at Microsoft.SharePoint.Utilities.SPUtility.HandleAccessDenied(HttpContext context)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnEndRequest(Object sender,
  EventArgs eventArgs)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)    
  at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)     at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)     at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
  wr, HttpContext context)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr
  rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr
  nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  Leaving Monitored Scope (SPFederationAuthenticationModule.OnEndRequest). Execution Time=351.625416079418
  Entering monitored scope (Request (GET:https://crawler.my.host:443/_layouts/AccessDenied.aspx?Source=https%3A%2F%2Fcrawler%2Emy%2Ehost)). Parent No
   

  I'm extending an existing claims based web application.  The way I'm testing authentication is by attempting to log in to the Windows authentication zone using the browser and an account with site collection administrator privileges.  I've also
  tried using the intended crawler service account, but that also fails authentication.
  With regard to the default zone issue, I've already experimented with using both the default zone and another zone, but neither works.
  BTW, I already have this working in a SharePoint 2013 development environment, and a similar configuration has been in a SharePoint 2010 production environment for over a year, which makes this a particularly maddening problem.
  I have enabled Failed Request Tracing, and get a 401.1, 401.2, then a 403 (which says it was caused by the 401.2).  I'm not sure of the significance, but the 403 trace shows the module for the 401.2 to be UrlAuthorizationModule, while the module for
  the 403 error is FederatedAuthentication.
  Per my ULS trace included in my original post, it appears that I'm actually getting a SharePoint claim.

• HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008

  I had an error while executing asp.net appcation from IIS as follows
  Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  Description:
  An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  [SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
  Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
  'IIS APPPOOL\ASP.NET v4.0'  ?
  If yes, how to create the login?
  If no,what is the best possible solution?
  Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.

  Hi Praveen,
  To fix this issue, you need to change the Identity of your website's Application Pool to use the
  NetworkService account (or the less secure LocalSystem account).  By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
  Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, drill down into Default Web Site and click on your website.
  3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
  4.Click Cancel...  If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
  Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, click on Application Pools.
  3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
  4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
  5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
  Hope this helps.
  Best Regards,
  Peja
  Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Windows Authentation missing with Windows 7 Home premium.

  Hi,
  I am unable to find windows authentication feature in windows 7 home premium.
  Can anyone help to add this feature in my windows features list.
  Thanks,
  Kishore

  To enable windows authentication on IIS 7  follow the steps :
  1. Go to control panel –> Add remove Programs
  2. Click on enable disable windows features
  3. Enable Windows Authentication
  4. Now you get it 
  love is rock!!!

• "Windows Authentication Mode" when SQL Server 200 and CF on different machines?

  Hi All,
  I am playing for two days with following problem. And still I
  did not able to get rid of it.
  I have installed SQL Server 2000 on machine which is my
  server (windows 2003 server) and this machine is my domain
  controller. I have user “ABC” user and I have added
  this user in administrator group.
  I have another machine where OS is Windows XP and CF 7 is
  installed. I create an ODBC Connection from Administrative Tool to
  my Database (windows 2003 server) successfully.
  Now when I create Data Socket in Coldfusion Administrator and
  when I select the my ODBC that I had created and when I Submit it
  then CF admin throughs the following message.
  Connection verification failed for data source: myTest
  java.sql.SQLException: [Macromedia][SequeLink JDBC
  Driver][ODBC Socket][Microsoft][ODBC SQL Server Driver][SQL
  Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
  Please Brother, I don’t have any Clue to solve it,
  Please help.
  One Important thing, All this working fine if my CF, and SQL
  Server are on same machine.
  Best regards,
  Shahid

  Hi Phil Thanks,
  Finally i able to configure it out..... following are the
  steps...
  I assume domain controller is properly configure.
  Following are the steps for the machine where SQL SERVER 2000
  is installed
  1- We need to create Login account for your domain account in
  SQL Server 2000 using Enterprise Manager.
  • Right Click -> New Login
  • Click to load the domain users, select any user from
  your domain that will connect to your SQL Server from LAN.
  Following are the steps for the machine where ColdFusion and
  IIS are installed.
  Step No. 1
  Stop ColdFusion MX.
  Backup your existing macromedia_drivers.jar file.
  Unzip macromedia_drivers.zip into the same directory,
  overwriting the previous
  macromedia_drivers.jar.
  You can download “macromedia_drivers.zip” from
  following URL
  http://kb.adobe.com/support/coldfusion/ts/documents/1a3c2ad0/macromedia_drivers.zip
  A new file, DDJDBCAuth03.dll, which is required for Windows
  Authentication, is also included in the zip file replacing the
  older DDJDBCAuth.DLL.
  Restart ColdFusion MX.
  ColdFusion MX loads the JDBC drivers inmacromedia_drivers.jar
  in the directory cf_root/lib. For example, with ColdFusion MX 7
  Server Configuration on Windows installed on drive C:, this would
  beC:\CFusionMX7\lib\macromedia_drivers.jar.
  Then restart Machine
  Step No. 2
  Configure all the ColdFusion Services to “Log On
  As” using the Domain User Account configured in SQL Server in
  the above mentioned step.
  Change the “Log On As” similar for the all other
  Cold fusion services (ColdFusion MX 7 ODBC Agent, ColdFusion MX 7
  ODBC Server, ColdFusion MX 7 Search Server).
  Step No. 3
  Restart the services; for the safe side reboot the system.
  Step No. 4
  Create ODBC (Control Panel -> Administrative Tool ->
  Data Sources (ODBC)) using the windows NT Authentication option to
  connect to database.
  Step No. 5
  Create Data Socket and Select the created ODBC connection in
  the Drop down (ColdFusion-> Admin)
  Thanks to all who participated in this discussion...
  With lots of Thanks to All particular to Phil who guided me
  in right direction,
  Shahid

• Query on Integrated Windows Authentication....

  Hi All,
  I have a scenario to implement Integrated Windows Authentication using SPNego. But the initial page has to be loaded as anonymous portal onclick of the Logon button/Link, it has to validate the user against Integrated windows authentication and display the contents based on the user role.
  I have successfully implemented Integrated Windows Authentication, but if I type the anonymous URL, it is not loading the anonymous contents, it is directly displaying based on user role?
  Any suggestions on this??
  Thanks & Regards,
  Santhosh.C

  Hi Santhosh,
  We are planning to implement Windows integrated authentication using SPNego in EP7 with Microsoft Active Directory.
  Can you please share your experience and documents, in implementing the same. I have implemented Windows integrated authentication in EP6 with IIS proxy, but that is no longer supported.
  I appreciate your help in this regard.
  Regards
  Chandu

• Problem when consuming web service on WIndows authentication applcation

  Hi,
  I am having a tough time in consuming web services on a
  Windows authentication IIS server.
  In one of my application I have created web services and
  consuming those web services from my another application.
  If I turned off the Windows authentication everything works
  fine, but If I turned on the Windows authentication web services
  stop working.
  Has anyone encountered such error while working with web
  services on Windows authentication server.
  Attach Code
  Could not perform web service invocation "funGetCustomer".
  Here is the fault returned when invoking the web service
  operation:
  AxisFault
  faultCode: {
  http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (401)Unauthorized
  faultActor:
  faultNode:
  faultDetail:
  {}:return code: 401
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "
  http://www.w3.org/TR/html4/strict.dtd">
  <HTML><HEAD><TITLE>You are not authorized
  to view this page</TITLE>
  <META HTTP-EQUIV="Content-Type" Content="text/html;
  charset=Windows-1252">
  <STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
  </STYLE>
  </HEAD><BODY><TABLE width=500 border=0
  cellspacing=10><TR><TD>
  <h1>You are not authorized to view this page</h1>
  You do not have permission to view this directory or page
  using the credentials that you supplied because your Web browser is
  sending a WWW-Authenticate header fi...

  You could try switching the HTTP transport provided in the
  Apache Axis embedded in ColdFusion to "CommonsHTTPSender".
  See this blog post:
  http://tjordahl.blogspot.com/2007/03/apache-axis-and-commons-httpclient.html

• Database access using windows authentication

  We are updating our Applications to use single sign on and are running into a problem with database access. We are using CF11 Enterprise and SQL Server 2008 on IIS 7.5.
  We have set up the ColdFusion Application Service to run under an AD service account and have created the data sources in CFAdmin leaving the username and password blank. The data sources verify and all seems good. The problem comes when running a query. The credential passed to the database is the service account and not the windows authenticated user. As such the query fails. What are we missing to get CF to pass the Windows Authenticated user credential instead of the service account?
  Thanks
  Tim

  ColdFusion does not pass user's credentials to the database connections by default, and cannot pass Windows Authentication credentials that way.  It only sends the service account's credentials (if you leave username/password blank as you have done).  The only way to pass user credentials is to put them into the individual query calls themselves, and even then you can't pass Windows Authentication credentials.  You would have to use SQL Server Logins, and create accounts for each user.
  I think most people are using either a dedicated SQL Server login for ColdFusion and run all queries under that account, or they do as you have already done and use Windows Authentication along with the ColdFusion service account.  If you need an audit trail, then pass usernames into the insert/update queries and store them manually along with the other data you are inserting/updating.
  -Carl V.

• IIsProxy version for windows authentication

  We are in the process of installing windows authentication to our EP 6.0 portal. We are running on SP 11 J2EE with portal SP 11 patch 3. 
  The first question I have in document “Using Header variables or Integrated Windows Authentication” section “Installing the IIsProxy module” says for security reasons we need to install version 1.7.0.0. Was this version released, we cannot find it on the service market place?
  My second question, when we use version IISPROXY16_2-10001433.SAR the authentication mechanism works fine to the portal but I cannot navigate within the portal, it looks like the screen get stuck on the first Iview no matter what role you choose. When we use version IISPROXY15_0-10001969.SAR things work fine. I increased the trace while using IISProxy 16.2 but there were no errors in the logs. We would like to be on the latest version. Any idea what might be the problem?
  Thanks for your help,
  Mike Fasheh

  Hi folks !
  I have made this configuration a couple of times without problems (other iisproxy version), but for some reason this time is not working and Im totally desesperated =(
  Scenario:
  - 1st server, win 2003, iis 6.0: Iisproxy 1.6.2 installed, it forwards the requests correctly
  - 2st. server, ibm with aix, sap ep 6.0 sp12. Configurations made for NT authentication.
  The problem:
  For some reason the virtual directories defined in IisProxy.xml file are not taking the IIS Security Settings (Integrated Windows Authenticated). The iisproxy is just forwarding the request, but the IIS is not making the NT authentication.
  If I change the name of the virtual directory in the IisProxy.xml file (put any name). In this case, IIS applies the security settings correctly.
  Any clue about this ?
  Thanks a lot for your help !!!!!!
  Regards from Mexico,
  Diego

• IOS 8 Safari not working with sites using Windows Authentication (again)

  A testbed of iPhones and iPads were updated to iOS 8 today. When trying to access intranet sites in our company that use Windows (IIS) Authentication, it challenges for the login and password 2 or 3 times, then nothing - just hangs.  These sites work fine on iOS 7 devices - and worked on the same devices that were upgraded.
  Windows Authentication was broken in iOS 7.0 also and not fixed until a later update. Why does this keep getting broken?

  This was a thread that discussed this when it was broken in iOS 7.0...
  https://discussions.apple.com/thread/5327078?start=0&tstart=0    
  I just tested with Chrome on the iPhone upgraded to iOS 8 and it works fine. It is Safari that is broken again.
  Of course, Apple won't give us a way to make Chrome the default browser when links are clicked in emails, so it's not exactly a solution.