2

I have a problem IIS 6 server that prompts domain users for login credentials by both machine name and IP address. If the user tries to login by machine name (http://machineName/Application) then IIS prompts the user but rejects the login credentials no matter what is entered. If the user tries to log in by ip address then they are prompted but if the credentials are correct then the login succeeds and the application is loaded.

I recently had to demote the master domain controller and re-promote it (don't ask...) and so I dropped all the servers from the old domain and re-added then to the new domain (of the same name) and they all work fine but this one IIS 6 web server.

I re-imaged the IIS 6.0 server from bare metal just to get past this problem but the new image is demonstrating the exact same issue!

Even when logged in locally to webserver1 I can't even get past the login prompts when trying to connect to http://webserver1/app

What am I missing?

Neal Bailey
  • 75
  • 1
  • 5

1 Answers1

0

Ok... as I was starting to loose hope (18 hours in) I found this (very) similar question which led me down the path to the resolution here.

"

When you switch from using a machine account, such as Network Service, to a domain account and if your application uses Kerberos authentication to authenticate its clients, Kerberos authentication will stop working unless you have a service principal name for the domain account registered in Microsoft® Active Directory® directory service.

To create an SPN for a domain account

1.Install the Windows Server 2003 tools from the Windows Server 2003 CD.
2.From a command prompt, run the Setspn tool as follows:

setspn -A HTTP/webservername domain\customAccountName

setspn -A HTTP/webservername.fullyqualified.com domain\customAccountName

"

Community
  • 1
Neal Bailey
  • 75
  • 1
  • 5