IIS 6.0 Keeps prompting for LoginID and Password

Hello,

If you use a working username and password, do you get the webpage?

This KB Article lists many scenarios when IE will prompt for a username and
password. See if anything of that helps:

"Internet Explorer May Prompt You for a Password"
<a style='text-decoration: underline;' href="http://support.microsoft.com/?id=258063" target="_blank">http://support.microsoft.com/?id=258063</a>

--
Regards,
Kristofer Gafvert - IIS MVP
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!


" Armin" < Armin.TakeThisOut@discussions.microsoft.com> wrote in message
news:BD112CB9-E235-4930-8A07-83AFA28A59FC@microsoft.com...
 > Hello all,
 >
 > I am new to this community and would like to ask for your assistance. I do
have the problem that every website hosted on a windows 2003 server IIS 6.0
prompts me for a LoginID and a Password.
 >
 > Let me make you familiar with my environment.
 >
 > Windows NT 4.0 Domain.
 >
 > Windows 2003 server IIS 6.0 (no other role or funktion but webserver)
 > Complete new installation.
 > Websites 3 ea
 > default Website. ( Stopped)
 > Intranet - Migrated via IIS6 migration tool from a IIS 5.0 server.
(Stopped)
 > IIS6tests - My test website which consists of just a static "Hallo World"
HTML file.
 >
 > IIS 6 Application pool mode - Identity is IWAM_xxx
 > Authentication Methods selected are Anonymous (IUSR_xxx) and Windows
Integrated.
 >
 > ACL Settings are
 > Read, Read and Execute, List.. = IUSR_xxx,IWAM_XXX, Network Service,
Users
 > Full Control = System, Admins
 >
 > User Right Policies
 > Allow local logon = IUSR_xxx,IWAM_XXX
 > Logon as a Batch = IUSR_xxx,IWAM_XXX
 > Logon as a Service = IUSR_xxx,IWAM_XXX
 >
 > Does someone please can give me a hint ?
 >
 > Thanks a lot !
 > Armin
 >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS 6.0 Keeps prompting for LoginID and Password 

Hello Doug, hello Kristofer,

thanks for your responses!

@Doug
I do not get a Eventlog Error with the current settings but I can force a

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 6/29/2004
Time: 9:04:16 AM
User: NT AUTHORITY\SYSTEM
Computer:
Description:
Logon Failure:
  Reason: The user has not been granted the requested
   logon type at this machine
  User Name: IUSR_xxxxx
  Domain:
  Logon Type: 8
  Logon Process: Advapi
  Authentication Package: Negotiate
  Workstation Name:
  Caller User Name: IWAM_xxx
  Caller Domain:
  Caller Logon ID: (0x0,0xF994)
  Caller Process ID: 4048
  Transited Services: -
  Source Network Address: -
  Source Port: -

by removing the check on windows integrated authentication and just allow anonymous access on the websites Directory Security settings for authentication and acces control.

@Kristofer
Yes I do get to the website if I use a valid loginID and password. I do also get to the website if I use the UNC (Computername) instead of a IP address or FQDN.

I read that there is a difference if you hit the IIS 6 from a intra or internet on how authentication is done but I can't find that website no more.

Thanks
Armin<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS 6.0 Keeps prompting for LoginID and Password 

Hello,

I'm almost sure that you are not in the Intranet Zone when browsing the
server by IP of FQDN. You can verify this by checking in the right down
corner in Internet Explorer.

If this is the case, add it to the Intranet Zone. This should solve your
problem. If you need to do this for the whole intranet, you should look into
having this in a policy. For more information about that, please ask in a
newsgroup for Internet Explorer.

--
Regards,
Kristofer Gafvert - IIS MVP
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!


" Armin" < Armin.RemoveThis@discussions.microsoft.com> wrote in message
news:330804D4-1A43-423D-A735-3A31C634B7EC@microsoft.com...
 > Hello Doug, hello Kristofer,
 >
 > thanks for your responses!
 >
 > @Doug
 > I do not get a Eventlog Error with the current settings but I can force a
 >
 > Event Type: Failure Audit
 > Event Source: Security
 > Event Category: Logon/Logoff
 > Event ID: 534
 > Date: 6/29/2004
 > Time: 9:04:16 AM
 > User: NT AUTHORITY\SYSTEM
 > Computer:
 > Description:
 > Logon Failure:
 > Reason: The user has not been granted the requested
 > logon type at this machine
 > User Name: IUSR_xxxxx
 > Domain:
 > Logon Type: 8
 > Logon Process: Advapi
 > Authentication Package: Negotiate
 > Workstation Name:
 > Caller User Name: IWAM_xxx
 > Caller Domain:
 > Caller Logon ID: (0x0,0xF994)
 > Caller Process ID: 4048
 > Transited Services: -
 > Source Network Address: -
 > Source Port: -
 >
 > by removing the check on windows integrated authentication and just allow
anonymous access on the websites Directory Security settings for
authentication and acces control.
 >
 > @Kristofer
 > Yes I do get to the website if I use a valid loginID and password. I do
also get to the website if I use the UNC (Computername) instead of a IP
address or FQDN.
 >
 > I read that there is a difference if you hit the IIS 6 from a intra or
internet on how authentication is done but I can't find that website no
more.
 >
 > Thanks
 > Armin
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS 6.0 Keeps prompting for LoginID and Password 

Hello Kristofer,

I checked IE shows internet in the right corner when I access the website by IP.
It shows local intranet if I use a UNC. I also do not get prompted to login.

This server is going to host our public website. Therfore I can not ensure that all clients will have the site in their intranet zones. Not even our own because applying a policy will not be to ease\y due to AD is not implemented yet.

I need to find out why anonymous login is not working. I tried sub authentication to allow IIS to handle the password for anonymous user without success.

Do you have some Anonymous Login troubleshooting tips I could try ?

Thanks
Armin



"Kristofer Gafvert" wrote:

 > Hello,
 >
 > I'm almost sure that you are not in the Intranet Zone when browsing the
 > server by IP of FQDN. You can verify this by checking in the right down
 > corner in Internet Explorer.
 >
 > If this is the case, add it to the Intranet Zone. This should solve your
 > problem. If you need to do this for the whole intranet, you should look into
 > having this in a policy. For more information about that, please ask in a
 > newsgroup for Internet Explorer.
 >
 > --
 > Regards,
 > Kristofer Gafvert - IIS MVP
 > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!
 >
 >
 > " Armin" < Armin.TakeThisOut@discussions.microsoft.com> wrote in message
 > news:330804D4-1A43-423D-A735-3A31C634B7EC@microsoft.com...
  > > Hello Doug, hello Kristofer,
  > >
  > > thanks for your responses!
  > >
  > > @Doug
  > > I do not get a Eventlog Error with the current settings but I can force a
  > >
  > > Event Type: Failure Audit
  > > Event Source: Security
  > > Event Category: Logon/Logoff
  > > Event ID: 534
  > > Date: 6/29/2004
  > > Time: 9:04:16 AM
  > > User: NT AUTHORITY\SYSTEM
  > > Computer:
  > > Description:
  > > Logon Failure:
  > > Reason: The user has not been granted the requested
  > > logon type at this machine
  > > User Name: IUSR_xxxxx
  > > Domain:
  > > Logon Type: 8
  > > Logon Process: Advapi
  > > Authentication Package: Negotiate
  > > Workstation Name:
  > > Caller User Name: IWAM_xxx
  > > Caller Domain:
  > > Caller Logon ID: (0x0,0xF994)
  > > Caller Process ID: 4048
  > > Transited Services: -
  > > Source Network Address: -
  > > Source Port: -
  > >
  > > by removing the check on windows integrated authentication and just allow
 > anonymous access on the websites Directory Security settings for
 > authentication and acces control.
  > >
  > > @Kristofer
  > > Yes I do get to the website if I use a valid loginID and password. I do
 > also get to the website if I use the UNC (Computername) instead of a IP
 > address or FQDN.
  > >
  > > I read that there is a difference if you hit the IIS 6 from a intra or
 > internet on how authentication is done but I can't find that website no
 > more.
  > >
  > > Thanks
  > > Armin
  > >
 >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS 6.0 Keeps prompting for LoginID and Password 

Have you checked the NTFS security on the file(s) that is accessed?

--
Regards,
Kristofer Gafvert - IIS MVP
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!


" Armin" < Armin DeleteThis @discussions.microsoft.com> wrote in message
news:872F9DB2-4E6A-4FFE-A0E3-F49ABBF7BF21@microsoft.com...
 > Hello Kristofer,
 >
 > I checked IE shows internet in the right corner when I access the website
by IP.
 > It shows local intranet if I use a UNC. I also do not get prompted to
login.
 >
 > This server is going to host our public website. Therfore I can not ensure
that all clients will have the site in their intranet zones. Not even our
own because applying a policy will not be to ease\y due to AD is not
implemented yet.
 >
 > I need to find out why anonymous login is not working. I tried sub
authentication to allow IIS to handle the password for anonymous user
without success.
 >
 > Do you have some Anonymous Login troubleshooting tips I could try ?
 >
 > Thanks
 > Armin
 >
 >
 >
 > "Kristofer Gafvert" wrote:
 >
  > > Hello,
  > >
  > > I'm almost sure that you are not in the Intranet Zone when browsing the
  > > server by IP of FQDN. You can verify this by checking in the right down
  > > corner in Internet Explorer.
  > >
  > > If this is the case, add it to the Intranet Zone. This should solve your
  > > problem. If you need to do this for the whole intranet, you should look
into
  > > having this in a policy. For more information about that, please ask in
a
  > > newsgroup for Internet Explorer.
  > >
  > > --
  > > Regards,
  > > Kristofer Gafvert - IIS MVP
  > > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!
  > >
  > >
  > > " Armin" < Armin DeleteThis @discussions.microsoft.com> wrote in message
  > > news:330804D4-1A43-423D-A735-3A31C634B7EC@microsoft.com...
   > > > Hello Doug, hello Kristofer,
   > > >
   > > > thanks for your responses!
   > > >
   > > > @Doug
   > > > I do not get a Eventlog Error with the current settings but I can
force a
   > > >
   > > > Event Type: Failure Audit
   > > > Event Source: Security
   > > > Event Category: Logon/Logoff
   > > > Event ID: 534
   > > > Date: 6/29/2004
   > > > Time: 9:04:16 AM
   > > > User: NT AUTHORITY\SYSTEM
   > > > Computer:
   > > > Description:
   > > > Logon Failure:
   > > > Reason: The user has not been granted the requested
   > > > logon type at this machine
   > > > User Name: IUSR_xxxxx
   > > > Domain:
   > > > Logon Type: 8
   > > > Logon Process: Advapi
   > > > Authentication Package: Negotiate
   > > > Workstation Name:
   > > > Caller User Name: IWAM_xxx
   > > > Caller Domain:
   > > > Caller Logon ID: (0x0,0xF994)
   > > > Caller Process ID: 4048
   > > > Transited Services: -
   > > > Source Network Address: -
   > > > Source Port: -
   > > >
   > > > by removing the check on windows integrated authentication and just
allow
  > > anonymous access on the websites Directory Security settings for
  > > authentication and acces control.
   > > >
   > > > @Kristofer
   > > > Yes I do get to the website if I use a valid loginID and password. I
do
  > > also get to the website if I use the UNC (Computername) instead of a IP
  > > address or FQDN.
   > > >
   > > > I read that there is a difference if you hit the IIS 6 from a intra or
  > > internet on how authentication is done but I can't find that website no
  > > more.
   > > >
   > > > Thanks
   > > > Armin
   > > >
  > >
  > >
  > ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS 6.0 Keeps prompting for LoginID and Password 

Hello Kristofer,

please excuse me for replying so late to your post! I had to go on leave and was not able to touch a computer for a while.

Yes I checked the NTFS security on the files. I created a test website with just one file.

But I found out that a security policiy baseline was applied by the guy who installed the server. It was the wrong one.

I now will reload the server and start from scratch.

thanks for your help !

Armin

"Kristofer Gafvert" wrote:

 > Have you checked the NTFS security on the file(s) that is accessed?
 >
 > --
 > Regards,
 > Kristofer Gafvert - IIS MVP
 > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!
 >
 >
 > " Armin" < Armin.TakeThisOut@discussions.microsoft.com> wrote in message
 > news:872F9DB2-4E6A-4FFE-A0E3-F49ABBF7BF21@microsoft.com...
  > > Hello Kristofer,
  > >
  > > I checked IE shows internet in the right corner when I access the website
 > by IP.
  > > It shows local intranet if I use a UNC. I also do not get prompted to
 > login.
  > >
  > > This server is going to host our public website. Therfore I can not ensure
 > that all clients will have the site in their intranet zones. Not even our
 > own because applying a policy will not be to ease\y due to AD is not
 > implemented yet.
  > >
  > > I need to find out why anonymous login is not working. I tried sub
 > authentication to allow IIS to handle the password for anonymous user
 > without success.
  > >
  > > Do you have some Anonymous Login troubleshooting tips I could try ?
  > >
  > > Thanks
  > > Armin
  > >
  > >
  > >
  > > "Kristofer Gafvert" wrote:
  > >
   > > > Hello,
   > > >
   > > > I'm almost sure that you are not in the Intranet Zone when browsing the
   > > > server by IP of FQDN. You can verify this by checking in the right down
   > > > corner in Internet Explorer.
   > > >
   > > > If this is the case, add it to the Intranet Zone. This should solve your
   > > > problem. If you need to do this for the whole intranet, you should look
 > into
   > > > having this in a policy. For more information about that, please ask in
 > a
   > > > newsgroup for Internet Explorer.
   > > >
   > > > --
   > > > Regards,
   > > > Kristofer Gafvert - IIS MVP
   > > > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">http://www.ilopia.com</a> - When you need help!
   > > >
   > > >
   > > > " Armin" < Armin.TakeThisOut@discussions.microsoft.com> wrote in message
   > > > news:330804D4-1A43-423D-A735-3A31C634B7EC@microsoft.com...
   > > > > Hello Doug, hello Kristofer,
   > > > >
   > > > > thanks for your responses!
   > > > >
   > > > > @Doug
   > > > > I do not get a Eventlog Error with the current settings but I can
 > force a
   > > > >
   > > > > Event Type: Failure Audit
   > > > > Event Source: Security
   > > > > Event Category: Logon/Logoff
   > > > > Event ID: 534
   > > > > Date: 6/29/2004
   > > > > Time: 9:04:16 AM
   > > > > User: NT AUTHORITY\SYSTEM
   > > > > Computer:
   > > > > Description:
   > > > > Logon Failure:
   > > > > Reason: The user has not been granted the requested
   > > > > logon type at this machine
   > > > > User Name: IUSR_xxxxx
   > > > > Domain:
   > > > > Logon Type: 8
   > > > > Logon Process: Advapi
   > > > > Authentication Package: Negotiate
   > > > > Workstation Name:
   > > > > Caller User Name: IWAM_xxx
   > > > > Caller Domain:
   > > > > Caller Logon ID: (0x0,0xF994)
   > > > > Caller Process ID: 4048
   > > > > Transited Services: -
   > > > > Source Network Address: -
   > > > > Source Port: -
   > > > >
   > > > > by removing the check on windows integrated authentication and just
 > allow
   > > > anonymous access on the websites Directory Security settings for
   > > > authentication and acces control.
   > > > >
   > > > > @Kristofer
   > > > > Yes I do get to the website if I use a valid loginID and password. I
 > do
   > > > also get to the website if I use the UNC (Computername) instead of a IP
   > > > address or FQDN.
   > > > >
   > > > > I read that there is a difference if you hit the IIS 6 from a intra or
   > > > internet on how authentication is done but I can't find that website no
   > > > more.
   > > > >
   > > > > Thanks
   > > > > Armin
   > > > >
   > > >
   > > >
   > > >
 >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS 6.0 Keeps prompting for LoginID and Password