AllGamer
03-02-2006, 07:41 PM
I need some help to figure this Authentication problem out.
I've got 2 servers properly setup (as far as i know) for NLB.
in the DC, both machines shows up properly in the NLB Manager, both green and each with their static IP, all logs and test shows good to go.
The actual machine itself are both set to point to the same NLB IP address, actually the NLB Manager does all that for you when you configure it.
each NLB machine has been setup with its priority level 1,2,etc...
Kerberos Delegation, has been configured properly for DC Server, NLB Server1, NLB Server2, and all users accounts.
Both servers of course are joined to the domain.
did the
cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders “Negotiate,NTLM”
(reference from http://support.microsoft.com/?id=832769)
and
setspn -A HTTP/ServerName Domain\UserName
to make sure Kerberos is good.
both servers has been restarted, and of course in DC both Computers has been enabled for Delegation as well as the users accounts.
IIS 6 (win2003) on each machine works fine if set to Anonymous.
if i remove Anomynous access for IIS, and enable only Windows Integrated Security, then BAM ! i get hit in the wall with the Pop Up for the annoying User Name \ Password screen.
it does not when set to be accessed via http://NLB.domain.com (however it does work if accessed via http://NetBIOSname.domain.com)
That's is not too much of a problem, since it was expected.
So set IE to trust the FQDN, even tried to add the FQDN to the Local Intranet in IE in security settings.
no good, still pops ups
tried the recomendations and settings in this Microsoft KB
You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6
http://support.microsoft.com/default.aspx?scid=kb;en-us;896861
restarted machines same problem, still ask me for user name and password
The problem is that IT DOES NOT accepts any user name and password.
and... well... i'm tired and kinda getting a bit :mad:
Anyone know what am i missing? :t
I've got 2 servers properly setup (as far as i know) for NLB.
in the DC, both machines shows up properly in the NLB Manager, both green and each with their static IP, all logs and test shows good to go.
The actual machine itself are both set to point to the same NLB IP address, actually the NLB Manager does all that for you when you configure it.
each NLB machine has been setup with its priority level 1,2,etc...
Kerberos Delegation, has been configured properly for DC Server, NLB Server1, NLB Server2, and all users accounts.
Both servers of course are joined to the domain.
did the
cscript adsutil.vbs set w3svc/1/NTAuthenticationProviders “Negotiate,NTLM”
(reference from http://support.microsoft.com/?id=832769)
and
setspn -A HTTP/ServerName Domain\UserName
to make sure Kerberos is good.
both servers has been restarted, and of course in DC both Computers has been enabled for Delegation as well as the users accounts.
IIS 6 (win2003) on each machine works fine if set to Anonymous.
if i remove Anomynous access for IIS, and enable only Windows Integrated Security, then BAM ! i get hit in the wall with the Pop Up for the annoying User Name \ Password screen.
it does not when set to be accessed via http://NLB.domain.com (however it does work if accessed via http://NetBIOSname.domain.com)
That's is not too much of a problem, since it was expected.
So set IE to trust the FQDN, even tried to add the FQDN to the Local Intranet in IE in security settings.
no good, still pops ups
tried the recomendations and settings in this Microsoft KB
You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6
http://support.microsoft.com/default.aspx?scid=kb;en-us;896861
restarted machines same problem, still ask me for user name and password
The problem is that IT DOES NOT accepts any user name and password.
and... well... i'm tired and kinda getting a bit :mad:
Anyone know what am i missing? :t