Windows authentication breaks after configuring application pool identity

Discussion in 'ASP .Net Security' started by Igor Dombrovan, Feb 28, 2005.

  1. Hi group

    I run IIS 6.0 on W2k3 being an Active Directory Controller in a test lab.
    Create a virtual directory 'test' with Windows authentication on and
    anonymous access off.
    Create a static test.html file in the directory.
    Open it in a browser and it's ok.
    Now I configure a separate application pool for this virtual directory (ASP
    1.1) with the default Netwok Service identity. It's ok, too.
    Now I create a domain account, add it to IIS_WPG group and configure it to
    be the application pool identity. This breaks Windows authentication and I
    keep getting 401.1 errors from IIS.

    The same works fine on another W2k3 not a domain member.

    Any ideas where I can be wrong ?

    Thanks
     
    Igor Dombrovan, Feb 28, 2005
    #1
    1. Advertising

  2. Igor Dombrovan

    Ken Schaefer Guest

    I used to have a list of things to check, but don't seem to have it handy on
    my current laptop.

    Check this list here:
    http://support.microsoft.com/?kbid=812614

    Cheers
    Ken


    "Igor Dombrovan" <> wrote in message
    news:%...
    : Hi group
    :
    : I run IIS 6.0 on W2k3 being an Active Directory Controller in a test lab.
    : Create a virtual directory 'test' with Windows authentication on and
    : anonymous access off.
    : Create a static test.html file in the directory.
    : Open it in a browser and it's ok.
    : Now I configure a separate application pool for this virtual directory
    (ASP
    : 1.1) with the default Netwok Service identity. It's ok, too.
    : Now I create a domain account, add it to IIS_WPG group and configure it to
    : be the application pool identity. This breaks Windows authentication and I
    : keep getting 401.1 errors from IIS.
    :
    : The same works fine on another W2k3 not a domain member.
    :
    : Any ideas where I can be wrong ?
    :
    : Thanks
    :
    :
     
    Ken Schaefer, Feb 28, 2005
    #2
    1. Advertising

  3. Hi

    I cross-posted the question to IIS Security because it seems to be an IIS
    authentication problem although everything breaks after I configure the
    application pool's identity to a custom domain account. I check if it works
    with a static html file.

    Again,

    Windows auth with app pool identity being Netwok Service authenticates
    domain users ok.
    Windows auth with app pool identity being a custom domain account included
    in IIS_WPG doesn't authenticate domain users with event id 529 user name or
    password unknown from Kerberos.
    Anonymous works fine with any config.
    Not that I'm stuck, just trying to understand how it works. Or to be
    correct, doesn't work.

    Thanks,
    Igor

    "Ken Schaefer" <> ÓÏÏÂÝÉÌ/ÓÏÏÂÝÉÌÁ × ÎÏ×ÏÓÔÑÈ
    ÓÌÅÄÕÀÝÅÅ: news:...
    I used to have a list of things to check, but don't seem to have it handy on
    my current laptop.

    Check this list here:
    http://support.microsoft.com/?kbid=812614

    Cheers
    Ken


    "Igor Dombrovan" <> wrote in message
    news:%...
    : Hi group
    :
    : I run IIS 6.0 on W2k3 being an Active Directory Controller in a test lab.
    : Create a virtual directory 'test' with Windows authentication on and
    : anonymous access off.
    : Create a static test.html file in the directory.
    : Open it in a browser and it's ok.
    : Now I configure a separate application pool for this virtual directory
    (ASP
    : 1.1) with the default Netwok Service identity. It's ok, too.
    : Now I create a domain account, add it to IIS_WPG group and configure it to
    : be the application pool identity. This breaks Windows authentication and I
    : keep getting 401.1 errors from IIS.
    :
    : The same works fine on another W2k3 not a domain member.
    :
    : Any ideas where I can be wrong ?
    :
    : Thanks
    :
    :
     
    Igor Dombrovan, Mar 1, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt
    Replies:
    1
    Views:
    10,304
    Natty Gur
    Oct 15, 2003
  2. Replies:
    4
    Views:
    7,336
  3. =?Utf-8?B?QW50aG9ueSBZb3R0?=

    Creating an Application Pool with a Domain Account identity

    =?Utf-8?B?QW50aG9ueSBZb3R0?=, Aug 22, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    477
    =?Utf-8?B?UmF5bW9uZCBZdWVu?=
    Aug 22, 2006
  4. Howard Hoffman
    Replies:
    1
    Views:
    127
    richlm
    Feb 25, 2004
  5. Popezilla
    Replies:
    2
    Views:
    931
    Popezilla
    Mar 18, 2007
Loading...

Share This Page