Automatic FixIt: You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version
- I asked the FixIt team for this a while back and they have delivered. Now if you ever run into the symptoms below the chances are good we can automatically fix it with just a few clicks of the mouse:
The Symptoms: When you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running Microsoft Internet Information Services (IIS) 5.1 or a later version, you may receive an error message that resembles the following:
HTTP 401.1 – Unauthorized: Logon Failed
Note You only receive this error message if you try to browse the Web site directly on the server. If you browse the Web site from a client computer, the Web site works as expected.
Additionally, an event message that resembles the following event message is logged in the Security Event log. This event message includes some strange characters in the value for the Logon Process entry:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_NumberThe Cause: This issue occurs when the web site uses Integrated Authentication and has a name that is mapped to the local loopback address.
http://blogs.technet.com/configurationmgr/archive/2009/11/05/automatic-fixit-you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrated-authentication-and-is-hosted-on-iis-5-1-or-a-later-version.aspx
J.C. Hornbeck | Microsoft- Changed TypeJ.C. Hornbeck Thursday, November 05, 2009 9:23 PMnot a question
All Replies
- JC,
How do you request Fix-It Items? We have an issue from 975544 that is easily fixed with a registry entry, it would be great if there was a fix-it for that. Of course Windows 7 has the same issue as xp and vista after 974455 is installed on those and the registry key doesn't fix Windows 7, we are waiting on a fix from Microsoft on that but so far no dice.
I was at a conference and met a guy on the Fix-It team and I asked if there was going to ever been a way to run Fix-it internally and that seemed to puzzle him. If would be great if we could have an iternal "Fix-It Server" that would sync with Micrsoft's fixes somehow but also let us install our own custom fixes. MAybe that could be a feature in SCSM. Sorry for the OT post just thought I would throw this out there.
BTW.... This link in the blog you point too is broken but the Fix-It link works,
896861 - You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version
John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum
