none
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' message between website on IIS on windows server 2019 and SQL Server 2019 CU1. RRS feed

  • Question

  • I don't know if this is the right forum so apologies in advance if it's not, but we're

    trying to deploy a new internal website and having got the site working fine with Windows Authentication in Test, we're trying to do the same thing in production but we're getting the old 'NT AUTHORITY\ANONYMOUS LOGON' logon failure messages. The only difference between Test and Prod is that the IIS parts on a separate App server for Prod, whereas test has everything on the same server.

    Here's some of the things I've tried so far but still getting the same error:
    On the web.config file on the app server, the following code is already present to get the app to work with windows auth in the first place:
        <identity impersonate="true"/>
        <authentication mode="Windows" />
        <authorization>
            <allow roles="domain\ADGroupName "/>
            <Deny users="*"/>
        </authorization>



    Windows Authentication is enabled in IIS and the app pool has been configured to use the correct service account. We've also set up delegation to the SQL box for the respective service account. We are not currently using TLS1.2 to SQL until we can get this issue resolved.

    From browser on my laptop:


    Impersonation is coming through as True in the exception found in event viewer on the app server, along with the correct user and service account (I can't paste images for some reason so here's an extract of the exception stating that impersonation is happening- values in bold have been masked).

    Request information: 
        Request URL: http://masked/diagnostics 
        Request path: /diagnostics 
        User host address: masked
        User: domain\correctuser
        Is authenticated: True 
        Authentication Type: Negotiate 
        Thread account name: domain\correctserviceaccountname
     
    Thread information: 
        Thread ID: 8 
        Thread account name: domain\correctserviceaccountname
        Is impersonating: True 


    I've spoken to the external developer about the line of code it mentions but he assures me it's nothing to do with the application (below).

    Line 83:         @{
    Line 84:         IEnumerable<SelectListItem> UsersViewModel;
    Line 85:         UsersViewModel = UserRepository.Get(HMTech.Common.ParameterProvider.Combos.eComboOption.Select);
    Line 86:         }
    Line 87: 


    I've been all through the infrastructure on our side and am stumped. Does anyone have any ideas of what else I can check?
    Wednesday, September 30, 2020 9:19 AM