FIM R2 Pssword Registration Portal Prompts for Login RRS feed

  • Question

  • All, I have probably been looking at this too long and I am sure that I am missing something simple. I have a dev password registration portal that constantly prompts for credentials even though windows auth is turned on for the site in IIS and it is in the local intranet zone in IE.   It ultimately fails with a 401 error. This dev password portal is on one box with the standard portal and registration and no separate DNS entry has been setup.

    1. I can logged into both the registration and password reset portals from all machines.  This works fine so I **believe** that I have app.config, service accounts, and spns set correctly
    2. I can only log in to the password registration portal if I RDC into the local portal box and access it from there.  The registration portal does not work if I try to access it from any other machines except the local box, it constantly prompts for credentials and even though they are correct it ultimately fails with a 401 error.

    Any thoughts would be appreciated.

    Friday, March 18, 2016 3:32 PM

All replies

  • Do you have a CNAME defined for the DNS record fro the password registration portal? Are you sure there isn't a missing or duplicate Kerberos SPN?

    I'd suggest getting a network trace and a Fiddler trace from the client as a place to start.


    Consulting | Blog | AD Book

    Friday, March 18, 2016 5:38 PM
  • I agree with Brian, but one little thing - even if in IE problem about Kerberos and CNAME was resolved couple of years ago  (Internet Explorer 7 and 8 included), I still prefer using "A" record "in case of something like Kerberos problems."

    Kerberos authentication and DNS CNAMEs don't work as we expect sometimes.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Monday, March 21, 2016 7:58 AM