1

I assist with running a small AD domain with around 40 members. For just one of those members, every wednesday at 12pm exactly, authentication will fail when they try to browse to the company intranet or helpdesk sites. These sites are hosted locally with IIS v8.5

We have Trend Micro installed and set to scan at 12PM every wednesday, so I thought that must be it and removed the AV client entirely from the PC. The issue still persists however, and I'm running out of ideas!

I've used Fiddler to view the http requests being sent, the requests from the client look 100% the same whether authentication is succeeding or not.

At 12PM I'll get a 401 Unauthorized response. At 12:10PM I'll get a 200 OK.

Failed Authentication Fiddler capture: https://i.stack.imgur.com/9iuLW.jpg

Working Authentication Fiddler capture: https://i.stack.imgur.com/f0KBu.jpg

Any help or ideas would be greatly appreciated! I'm out of my depth when it comes to IIS and authentication to be quite honest :s

Mike Anthony
  • 111
  • 2
  • Do you get any error messages in the Event Logs (Server / Client) which could provide additional information? Do you get any error messages in the IIS Log files and/or the HTTP.sys Log files `%windir%\System32\LogFiles\HTTPERR`? – John K. N. Nov 10 '16 at 12:02
  • Thanks for the reply! I'm not at work atm but will follow up these suggestions on Monday, thanks again :) – Mike Anthony Nov 11 '16 at 08:16

0 Answers0