none
Automatic logon in intranet zone stopped working RRS feed

  • Question

  • So we have an ASP.NET application that requires authentication. All was working well until Friday, a week ago. Our desktop systems received the April patches the following weekend, and the servers were patched mid-week. The first complaint came after the servers were patched, but it may have existed before that. Now the situation is:

    • Using domain connected computer with IE, automatic logon results in a 401 (not authorized)
    • Using domain connected computer with any other browser, the user is prompted for credentials and system works
    • Using remote computer with any browser, including IE, and the user is prompted for credentials and the system works.

    My gut feel is that there is an issue with the credentials that the client is presenting. The application of the patches and the occurrence of the issue could be coincidental, but would seem to have something to do with it. I could not find anything in the documentation that indicated that the patches involved authentication or authorization.

    Since the issue does not occur on our SharePoint sites, which are in different subnets and running Server 2012, another alternative is that our central IT group messed about with the trust in various zones, but no one has indicated that has happened. Yet another option would be a change to the AD infrastructure. All servers exhibiting this issue are running Server 2008 R2.

    Any thoughts would be most appreciated.

    Thanks,

     John

    Monday, April 27, 2015 9:49 PM

Answers

  • Just so you know, the resolution to the problem is almost exactly opposite what you stated.

    In each security zone other than Local Intranet, set "Prompt for username and password". In Local Intranet zone security settings set it to "Automatic logon with current username and password".

    On Advanced Options, UNCHECK the box for "Enable Integrated Windows Authentication". Reboot the workstation to enable this setting.

    At that point it works again.

    • Marked as answer by oldamigauser Thursday, April 30, 2015 3:16 AM
    Thursday, April 30, 2015 3:16 AM

All replies

  • Hi John,

    Firstly, please make sure this user have proper permission.

    And then, please check if this address is added to local intranet site:

    Internet Options -> Security ->Sites -> Advanced, check if the intranet address listed as a Local Intranet site.

    If not, add it to the list and see if that works.

    Meanwhile, in Internet Explorer, please go to the Tools -> Internet Options -> Advanced tab and check the “Enable Integrated Windows Authentication” check-box.

    Next, switch to the security tab and click Local Intranet -> Custom Level and select “Automatic log-on with current user name and password” (under User Authentication, Log-on).

    Finally, click OK on all windows and restart Internet Explorer to check the result.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, April 29, 2015 6:01 AM
    Moderator
  • Yes, my id has permission to the site.

    Enable integrated windows authentication is enabled.

    Yes, the site is in the intranet zone. Changed automatic logon setting for this zone from "automatic login in intranet only" to "automatic logon with current username and password"

    Still get a 401 error.

    Wednesday, April 29, 2015 2:26 PM
  • Just so you know, the resolution to the problem is almost exactly opposite what you stated.

    In each security zone other than Local Intranet, set "Prompt for username and password". In Local Intranet zone security settings set it to "Automatic logon with current username and password".

    On Advanced Options, UNCHECK the box for "Enable Integrated Windows Authentication". Reboot the workstation to enable this setting.

    At that point it works again.

    • Marked as answer by oldamigauser Thursday, April 30, 2015 3:16 AM
    Thursday, April 30, 2015 3:16 AM