We are using pass-through authentication on our intranet.
The clients are running Google Chrome Frame in IE and the server is running IIS 7.
In the IIS logs, for every request we are seeing a 401.5 response, followed by another request for the same resource with a 200 response. E.g.
2013-02-12 13:01:17 10.1.0.35 POST /image.gif - 80 - 10.1.0.59 Mozilla/5.0+(Windows+NT+5.2;+chromeframe/12.0.742.112)+AppleWebKit/534.30+(KHTML,+like+Gecko)+Chrome/12.0.742.112+Safari/534.30 401 5 0 0
2013-02-12 13:01:17 10.1.0.35 POST /image.gif - 80 DOMAIN\user.name 10.1.0.59 Mozilla/5.0+(Windows+NT+5.2;+chromeframe/12.0.742.112)+AppleWebKit/534.30+(KHTML,+like+Gecko)+Chrome/12.0.742.112+Safari/534.30 200 0 0 280
Now, I understand that under NTLM Authentication we should be seeing something like along these lines.
However, from what I've read, we should be seeing two 401s before the 200. Also, the 401s should have substatus code 1 or 2, not 5.
I am curious what aspect of our configuration is different. Why do we have only one 401, and why is it a 401.5 not a 401.2?
BTW., I'm a programmer without a in-depth understanding of this sort of stuff.
