ISE authentication with windows hibernate

Similar Messages

• Machine authentication with Windows 7

  Version: ISE 1.2p12
  Hello,
  I'm doing user and machine authentication with ISE.
  I use a first authorization rule to authenticate the machine against the AD. If it's part computers of the domain.
  Then I use an authorization rule to check if the user's group in AD with the credential he used to open the session + "Network Access:WasMachineAuthenticated = True"
  Things seems to be working and I see my switch port is "Authz Success" but shortly after the Windows 7 machine is behaving like 802.1X authentication fails. The little computer on the bottom right has a cross on it.
  If I disable and enable again the network card of that windows machine it works.
  Does any one of you have an idea about this problem ? something to tweak on Windows 7 like timers...
  Thank you

  Hi Mika. My comments below:
  a) You told me that MAR ("Network Access:WasMachineAuthenticated = True") has some drawbacks. When hibernation is used it can cause problems since the MAC address could have been removed from the cache when the user un-hibernate its computer. Then why not increasing the MAR cache to a value of 7 days then ? Regarding the roaming between wire and wireless it's a problem indeed.
  NS: I don't believe that the MAR cache would be affected by a machine hibernating or going to sleep. There are some dot1x related bug fixes that Massimo outlined in his first pos that you should look into. But yes, you can increase the MAR timer to a value that fits your environent
  b) You suggest to use one authorization rule for the device which should be part of the AD and one authorization rule for the user with the extra result "IdentityAccessRestricted = False". By the was, are we really talking about authorization rules here ? I will try this but it's difficult for me to imagine how it would really work.
  NS: Perhaps there is some confusion here but let me try to explain this again. The "IdentityAccessRestricted" is a check that can be done against a machine or a user account in AD. It is an optional attribute and you don't have to have it. I use it so I can prevent terminated users from gaining access to the network by simply disabling their AD account. Again, that account can be either for a "user" or for a "machine"
  z) One question I was asking myself for a long time. All of us want to do machine+user authentication but Windows write Machine OR User Authentication. This "OR" is very confusing.
  NS: At the moment, the only way you can accomplish a true machine+user authentication is to use the Cisco AnyConnect supplicant. The process is also known as "EAP-Chaining" and/or "EAP-TEAP." In fact there is an official RFC (RFC 7170 - See link below). Now the question is when and if Microsoft, Apple, Linux, etc will start supporting it:
  https://tools.ietf.org/html/rfc7170
  Thank you for rating helpful posts!

• Authentication with Windows NT Server

  Hi guys!
  Our customer has a domain with Windows Server 2003 and Windows Server NT, only users in the Windows Server 2003 appears when we create a access policy for authenticated users. This domains has a trust relationship, WSA supports Windows NT?
  Regards,

  You will need 2 authentication realms if your not going to use the AD authentication connector for NT 4.0. The firts authentication realm will be NTLM and connect to the NT4.0 PDC server. Next you will need an AD auth realm which will be configured using LDAP. If by chance you have a 2 way transitive trust and the AD connector installed on the NT 4.0 PDC server as well as configured to talk to the 2003 AD server then you could actully just use one authentication realm. To answer your question we do not have a tutorial on configuring NT 4.0 fro authentication as this technology is not supported by Microsoft as it is EOL.
  Sincerely,
  Erik Kaiser
  Cisco WSA Forums Moderator

• Lync 2013 Authenticating with Windows Account Every Minute

  Seeing a strange issue with Lync 2013 client logging into my Windows Account about every 1-2 minutes. We are using Lync Server 2013 (on-premise) so it makes no sense that it is logging into and authenticating against Windows Account. This was causing major
  issues as my Windows Account password was different than my company domain login. This was causing Lync to use the "wrong" password to login into Windows Account. I changed the  passwords to match and now still seeing Lync logging in constantly
  into Windows Account.
  This is adding up to a LOT of data traffic. Lync should NOT be authenticating every 1-2 minutes into my Windows (Live) Account. Help please!

  Hi,
  Did the issue happen only for you or for multiple users?
  Please exist Lync client, delete user profile on local computer with the following path, then restart Lync client:
  %UserProfile%\AppData\Local\Microsoft\Office\15.0\Lync
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Long time wait for authentication with Windows 2003 AD

  Hello,
  We have a problem with authentication with 2003 AD. If it was no requests from VDI to Windows 2003 AD during some time (10-15 minutes), first request take a lot of time - 3-5 minutes and user need to wait after entering his username/password. Searching users in VDI GUI also take a lot of time in this situation.
  How to resolve this? Size of directory is very small.
  And with 2008 AD and Open LDAP there is no such problem.

  Same thing for 2003, it is called IAS (Internet Authentication Service).
  http://www.microsoft.com/technet/network/ias/default.mspx
  Basically you will set up IAS with a RADIUS Client which would be your wireless access point(s). Then you will set up a remote access policy which will define how connections are authorized or rejected (windows groups, protocols etc.). Don't forget to register IAS with active directory.

• ACS Server MAC Authentication with Windows Database

  Has anyone setup an ACS Server 3.2 for MAC authentication using Windows as the authentication. The documentation I found shows how to set it up using the CiscoSecure database. Any help would be appreciated.

  Here is the link for setting up MAC authentication using CisoSecure database. There may not be a solution for my setup, but maybe I'll keep hacking away at it and find a resolution.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00800b3d27.shtml

• 802.1x Authentication with Windows and MAC

  Hello Team;
                I have one SSID configured with 802.1x . The clients with Mac machines can directly join to the network by just entering the AD usrename and password. For the windows machines we need to do some configuration in the clients machines to work with the SSID.
  Could you please clarify ? Whether the windows machines will just work like the Mac or the preconfiguration is mandatory to work windows with 802.1x.

  Hello Sreejith,
  As per your query i can suggest you the following steps-
  No, the preconfiguration is not mandatory to work windows with 802.1x.To enable 802.1x authntication on wireless follow the steps-
  1.Open Manage Wireless Networks by clicking the Start button , clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, and then, in the left pane, clicking Manage wireless networks.
  2.Right-click the network that you want to enable 802.1X authentication for, and then click Properties.
  3.Click the Security tab, and then, in the Security Type list, click 802.1X.
  4.In the Encryption Type list, click the encryption type you want to use.
  On wireless networks, 802.1X can be used with Wired Equivalent Privacy (WEP) or Wi‑Fi Protected Access (WPA) encryption.
  5.In the Choose a network authentication method list, click the method you want to use.
  To configure additional settings, click Settings.
  Hope this will help you.

• Wireless Phone 7925 authentication with Windows NPS

  Hello,
  I try to enable Authentication on our Wireless phone 7925 that are connected on WLC.
  Can I use Windows NPS?
  I try to use it without success, phones are not able to authenticate.
  Someone can help me?
  Thanks a lot!
  Seb

  Same thing for 2003, it is called IAS (Internet Authentication Service).
  http://www.microsoft.com/technet/network/ias/default.mspx
  Basically you will set up IAS with a RADIUS Client which would be your wireless access point(s). Then you will set up a remote access policy which will define how connections are authorized or rejected (windows groups, protocols etc.). Don't forget to register IAS with active directory.

• Apache SSL Client Authentication with Windows Mobile

  The biggest question I have here is if anyone has actually made this work. I would think this would be pretty standard...
  On our HTTP server I have protected folders setup with Certificate Based Client Authentication. Each folder requires a unique client certificate.
  This works perfectly with IE & Firefox running on PCs.
  The problem I have is trying to authenticate a Windows Mobile Device.
  I can authenticate the CA certificate but nothing in the client certificate.
  In ssl.conf I have the following parameters for each folder:
  SSLRequire %{SSL_CLIENT_S_DN_O} eq "Our Organization"
  SSLRequire %{SSL_CLIENT_S_DN_CN} eq "User Division Level"
  SSLRequire %{SSL_CLIENT_S_DN_OU} eq "User Level"
  The only parameter that Apache is able to validate from the device is DN_O and that is coming from the CA certificate.
  DN_CN & DN_OU are contained in the user certificate but it is not able to validate those.
  Anyone have any ideas on this?
  Edited by: Alan3 on Nov 20, 2008 2:15 PM

  Bump.
  Is anyone out there using Win Mobile devices with Oracle HTTP server?

• Authentication with Windows 2003 server

  Hi there,
  I am looking for achieve this task. I would like to know How I could authenticate users accesing by my wireless network? I mean in windows 2003 server. They must type their username and password. I want to restricted users which are not on the list to access by my wireless network. I know that in windows 2000 I could use radius server. Could I use it here?.
  Also, I guess that I have to allow these "new users" in AD.
  I am looking forward to read helpfull information here and of course I will give it a rate (points)
  Any ideas are welcome.
  Thanks
  Wladimir

  Same thing for 2003, it is called IAS (Internet Authentication Service).
  http://www.microsoft.com/technet/network/ias/default.mspx
  Basically you will set up IAS with a RADIUS Client which would be your wireless access point(s). Then you will set up a remote access policy which will define how connections are authorized or rejected (windows groups, protocols etc.). Don't forget to register IAS with active directory.

• Cisco AAA authentication with windows radius server

  Cisco - Windows Radius problems
  I need to created a limited access group through radius that I can have new network analysts log into
  and not be able to commit changes or get into global config.
  Here are my current radius settings
  aaa new-model
  aaa group server radius IAS
   server name something.corp
  aaa authentication login USERS local group IAS
  aaa authorization exec USERS local group IAS
  radius server something.corp
   address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
   key mypassword
  line vty 0 4
   access-class 1 in
   exec-timeout 0 0
   authorization exec USERS
   logging synchronous
   login authentication USERS
   transport input ssh
  When I log in to the switch, the radius server is passing the corrrect attriubute
  ***Jan 21 13:59:51.897: RADIUS:   Cisco AVpair       [1]   18  "shell:priv-lvl=7"
  The switch is accepting it and putting you in the correct priv level.
  ***Radius-Test#sh priv
     Current privilege level is 7
  I am not sure why it logs you in with the prompt for  privileged EXEC mode when
  you are in priv level 7. This shows that even though it looks like your in priv exec
  mode, you are not.
  ***Radius-Test#sh run
                  ^
     % Invalid input detected at '^' marker.
     Radius-Test#
  Now this is where I am very lost.
  I am in priv level 7, but as soon as I use the enable command It moves me up to 15, and that gives me access to
  global config mode.
  ***Radius-Test#enable
     Radius-Test#
  Debug log -
  Jan 21 14:06:28.689: AAA/MEMORY: free_user (0x2B46E268) user='reynni10'
  ruser='NULL' port='tty390' rem_addr='10.100.158.83' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
  Now it doesnt matter that I was given priv level 7 by radius because 'enable' put me into priv 15
  ***Radius-Test#sh priv
     Current privilege level is 15
     Radius-Test#
  I have tried to set
  ***privilege exec level 15 enable
  It works and I am no longer able to use 'enable' when I am at prv level 7, but I also cannot get the commands they will need to work.
  Even if I try to do
  ***privilege exec level 7 show running-config (or other variations)
  It will allow you to type sh run without errors, but it doest actually run the command.
  What am I doing wrong?
  I also want to get PKI working with radius.

  I can run a test on my radius system, will report back accordingly, as it's a different server than where I am currently located.
  Troubleshooting, have you deleted the certificate/network profile on the devices and started from scratch?

• ITunes Authentication with Windows Vista

  I've recently upgraded to Windows Vista. It would seem the computer authorization then becomes broken - my complete purchased library became unplayable without having to authorize another computer for each song (even though it's the same machine), and, that doesn't work either. iTunes connects to the store, says that it sucessfully authorized the song, but then - the song will still not play. iTunes keeps on complaining that the song is still not authorized.
  At this point I'm getting pretty annoyed/frustrated. Any suggestions would be greatly appreciated.

  perhaps try the workaround from the following post:
  Duds: Re: Unable to load/play purchased music in iTunes

• Web Dispatcher with Windows Intgrated Authentication

  Hello,
  We are setting up the relay of Browser ==> IISProxy ==> Web Dispatcher ==> Cluster.  We plan to use Windows Integrated Authentication and terminate the SSL connection at the IIS.  We are wondering how smoothly this will go as we have read differences in the order between IISProxy and WebDispatcher (in these forums) and have found nothing on the combination with SSL.  I assume that the IISProxy will encrypt, authenticate, provide the cookie and then forward the request to the Web Dispatcher for further routing to the cluster.
  Needless to say, has anyone done this successfully?  Can anyone provide information, warnings, caveats, etc... so that we can decide to use the Web Dispatcher or another software-based NLB solution.  We understand the technical benefits - especially in an SAP shop, but if there are richer features for authentication in latter releases we may consider putting it on hold and going with a known solution.
  We have seen some appliances that can perform the SSL termination, 3rd party authentication, etc, etc,... are there any plans for the Web Dispatcher to be able to perform the authentication with windows (NTLM or Kerberos)?
  All of the other features are grat and a breeze to work with however authentication on the MS domain is a must here and it may be the missing functionality.
  Thanks and kind regards,
  Judson

  Hi Judson,
  currently there is no plan to enhance web dispatcher into that direction. Instead we started to work together with network technology providers to offer the funtcionality of web dispatcher together with additional security and authentication stuff.
  network is not our business, so there are no plans to boldly go into that direction. Because of that such combinations like authentication with wd are sometimes hard to do.
  If you want a tip for the future I'd say, what you will see is boxes that have everything in there and two plugs for the internet and the sap network -everything else (firewalls, authentication, load balancing with automatic recognition of the sap cluster) would be in the box.
  Regards,
  Benny

• Apple macosx machine authentication with ISE using EAP-TLS

  Hello,
  On a ongoing setup we are using eap-tls authentication with account validation against AD. We have our own CA (microsoft based). ISE version 1.2.1 patch 1.
  With windows machines all is working well. We are using computer authentication only.
  Now the problem is that we wish to do the same with MAC OSX machines.
  We are using casper software suite and are able to push certificates into macosx, and are doing machine authentication.
  in ISE the certificate authentication profile is being set to look at the subject alternative name - DNS name of the machines. Whenever we set it to the UPN (hostname$) windows accounts are not found in ad.
  When MAC OSX authenticate as machines (they have a computer account in AD) they present themselves with RADIUS-Username = hostname$ instead of host/hostname.
  The consequence is that by lacking the host/, ISE considers that this is a user authentication, instead of a computer one, and when it sets off to find the account, it searches in User class instead of Computer - which obviously returns no results.
  Is anybody aware of any way to force MAC OSX to present a host/hostname RADIUS-Username when authenticating?
  Any similar experiences of authenticating MAC OSX with ISE and machine/computer authentication are welcome.
  Thanks
  Gustavo Novais

  Additional information from the above question.
  I have the following setup;
  ACS 3.2(3) built 11 appliance
  -Cisco AP1200 wireless access point
  -Novell NDS to be used as an external database
  -Windows 2003 enterprise with standalone Certificate Authorithy Services Installed
  -Windows XP SP2 Client
  My Goal is to use Windows XP Native Wlan Utility to connect to AP using EAP-TLS authentication against Novell NDS.
  Tried to connect using Cisco compatible wlaN utility and authenticate using EAP-GTC against Novell NDS for for users, it works fine and perfectly.
  When connecting using EAP-TLS, I am getting an error from ACS failed attempt "Auth type Not supported by External DB". But in the ACS documentation says that it supports EAP-TLS. How true is this? Is there anybody have the same problem? Do I need to upgrade my ACS? What should I do? What other authentication type could be used to utilize native WinXP Wlan Utility?
  Please help...
  Thanks

• Getting SPWeb.CurrentUser as null with Windows Authentication (AD), when configured for Claims Authentication

  Hi All,
  We recently migrated to SP 2013 from SP 2010. We are using most of the OOB features, with a few custom code. We have implemented a custom ASP.NET Membership Provider that authenticates against a web service. This was working fine on SP 2010.
  The entire code base was migrated to SP 2013 (with .net fw 4.5, etc) and any issues Compile / Runtime were fixed. However, we are stuck at one bug, which seems to be occuring only while trying to login with Windows Authentication. When a user tries to login
  with Forms Authentication, the error is never noticed.
  Scenrio: Login as Windows Authentiction.
  Result: The user is signed into the system and is authenticated against the AD. For random page loads - it throws access denied (even though he is a site collection admin). While attaching a debugger, we found that, at times the SPWeb.CurrentUser is null (weird).
  At the same time, the HttpContext.Current.Request.IsAuthenticated returns true. Which means the User is Authenticated, but not available in the SPWeb.CurrentUser object. 
  Attached are couple of ULS Logs that we found. The line which says IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 is a little disturbing. Can you please let me know what is happening here? I am not able to access the root site (http://win2012d2:1234/)
  however, i am able to access (http://win2012d2:1234/SitePages/Home.aspx) just fine, without any issues.
  Please note, this error is only when the user is logged into sharepoint as a windows user. The forms user faces no such issues.
  ULS Logs:
  Name=Request (GET:http://win2012d2:1234/)
  Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0
  Application error when access /, Error=Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue  
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Getting Error Message for Exception System.ArgumentException: Exception of type 'System.ArgumentException' was thrown.  Parameter name: encodedValue    
   at Microsoft.SharePoint.Administration.Claims.SPClaimEncodingManager.DecodeClaimFromFormsSuffix(String encodedValue)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)    
   at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromLoginName(String loginName)    
   at Microsoft.SharePoint.ApplicationRuntime.SPHeaderManager.AddIsapiHeaders(HttpContext context, String encodedUrl, NameValueCollection headers)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PreRequestExecuteAppHandler(Object oSender, EventArgs ea)    
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  [Forced due to logging gap, Original Level: Verbose] Looking up {0} site {1} in the farm {2} 
  Unknown SPRequest error occurred. More information: 0x80070005
  SPRequest.GetPageListId: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPContext.get_ListId()    
   at Microsoft.SharePoint.SPContext.get_List()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  SPRequest.OpenWeb: UserPrincipalName=, AppPrincipalName= ,bstrUrl=http://win2012d2:1234/
  System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace:   
   at Microsoft.SharePoint.SPWeb.InitWeb()    
   at Microsoft.SharePoint.SPWeb.get_WebTemplateConfiguration()    
   at Microsoft.SharePoint.WebControls.ScriptLink.InitJs_Register(Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(String uiVersion, Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer)    
   at Microsoft.SharePoint.WebControls.ScriptLink.GetOnDemandScriptKey(String strKey, String strFile, Boolean registerDependencies, Control ctrl, Page page)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Page page, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterForControl(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, Boolean injectNoDefer, Boolean controlRegistration, Boolean loadInlineLast,
  Boolean ignoreFileNotFound)    
   at Microsoft.SharePoint.WebControls.ScriptLink.Register(Control ctrl, Page page, String name, Boolean localizable, Boolean defer, Boolean loadAfterUI, String language, String uiVersion, String ctag)    
   at Microsoft.SharePoint.WebControls.ScriptLink.RegisterOnDemand(Control ctrl, Page page, String strKey, String strFile, Boolean localizable)    
   at Microsoft.SharePoint.WebControls.ScriptLink.OnLoad(EventArgs e)    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Control.LoadRecursive()    
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
   at System.Web.UI.Page.ProcessRequest()    
   at System.Web.UI.Page.ProcessRequest(HttpContext context)    
   at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)    
   at System.Web.HttpServerUtility.Execute(String path, TextWriter writer, Boolean preserveForm)    
   at System.Web.HttpServerUtility.Transfer(String path)    
   at Microsoft.SharePoint.Utilities.SPUtility.TransferToErrorPage(String message, String linkText, String linkUrl)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorHandler(HttpApplication app, Boolean errorIsOnErrorPage)    
   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.ErrorAppHandler(Object oSender, EventArgs ea)    
   at System.EventHandler.Invoke(Object sender, EventArgs e)    
   at System.Web.HttpApplication.RaiseOnError()    
   at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)    
   at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)    
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)    
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

  Hi Mohamed,
  According to your description, my understanding is that the error occurred when users login with Windows Authentication.
  From the error message, I recommend to check if the anonymous access is enabled for the web application.
  And please also make sure that the users all are available and have permission to access the site.
  Here is a similar thread for you to take a look:
  http://social.technet.microsoft.com/Forums/en-US/28623bdc-a2f0-4876-9be4-9a764f106366/getting-spwebcurrentuser-as-null-with-windows-authentication-ad-when-configured-for-claims?forum=sharepointdevelopment
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support