Migrated an applicatoin from Window Server 2003 to Window Server 2008 x64. We have a simple VBS script that goes outside the domain and grabs a XML document using a post request. The script works perfect on Windows Server 2003, however on the new server, we keep getting a status code of 407 (proxy authentication failed). I did verify that I could pull in a file without setting any proxy information from the intranet. Was there any change to the proxy credential methods in Server 2008?
Code Simplified:
Dim o
Set o = CreateObject("Msxml2.ServerXMLHTTP.6.0")
o.open "POST", "https://somesite.com", false
o.setProxy 2, "myproxy:8080", ""
o.setProxyCredentials "user", "pass"
o.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
o.send "loginId=USER&password=1234"
While o.readyState <> 4
o.waitForResponse 1000
Wend
Wscript.echo o.status
It does seem the proxy is being contacted, because without it I get server name or address could not be resolved, however the proxy user/password are not being validated correctly, yet work on Window Server 2003.
Edit 20140303: It's been months and I still haven't figured this out. As we look to retire our Windows 2003 machines it's become increasingly important that I figure out what is going wrong.
I noticed if I changed my send data to incorrect UID/PWD I get a response back from the page (the incorrect login page). I don't understand why this works flawlessly on Server 2003 but seems impossible on Server 2008 R2.
If I open up IE on the same box, and use the same proxy information and access the same site with the same UID/PWD it also works. I did this to make sure there wasn't some sort of IP based block where the proxy or site UID/PWD only worked from the old machine.
Related
I have a web application with Windows Authentication enabled. It is working only with localhost though I have set Bindings. Ping to IP and hostname returns result.
Any help would be appreciated
Have set authentication to windows and impersonate to true. NTLM has been moved up.
Also tried adding the site to Intranet and Trusted Site list. Windows authentication is enabled in IE as well.
Both the server and client is on the same domain ... in fact it is not at all working in server itself.
Any help would be appreciated.
With the detail you've given it is a bit hard to give concrete advice so I'll give you a method I've used over the years to try and track down where the issues is.
With the current setup put an image on your webserver and try to retrieve it in the browser using the exact address. Do this on the server itself first and if that works then do it on a client machine.
If it works on server but not on client then there could be a client browser issue/a network issue/a dns issue.
If it doesn't work on the server then change the file level and IIS permissions to anonymous for just that image and the folder / website it is in. Then test the URL on the server in a browser and on a client in a browser.
If it works you've got a permissions issue with NTLM.
Hope this helps you narrow things down.
Dorje
I have an old laptop running WinXPpro and both IE8 and CoolNovo which can download an applet just fine from our Win2008 Server R2 SP1 x64 IIS 7.5.7600.16385. I have a new laptop (same hardware) with a x64 Windows7 and IE9 and CoolNovo which can't download the applet (.jar file) from the same server. I can download this .jar file directly as a url and I can download and run the applet over the internet from the .jar product provider on both laptops just fine. So it has something to do with my new laptop. If we add anonymous authentication to the web server, our app works on both too.
Using fiddler, I can see the NTLM authentication conversation on both laptops. On the old one, it works just fine:
A 401 with the WWW-Authenticat Header is present: Negotiate and one for NTLM
Then a 401 (challenge - NTLM type 2),
Followed by a 200 with the client sending the NTLM type 3 header
On the new laptop, I get the first two 401s, but no 200. It simply tries again with the 401s 2 more times.
Any ideas why the new Windows7 laptop would not be sending a 200 NTLM type3 response to the server or what the issue here might be?
Old Laptop: jre6: 1.6.0_30 checked as the user java runtime env. No System java runtime versions checked.
new Laptop: jre6: 1.6.0_31 checked as the user AND system java runtime env.
TVMIA.
I've encountered the same issue and after looking in server security log a have found two strange record just after each unsuccessful logon:
1. 4624 - successful logon. and just after that:
2. 4634 - successful logoff
Very strange... I've googled for these event codes and found this thread:
SCCM reporting not working on W2K8 R2 64-bit
And the solution to this problem is:
1. Open the IIS Manager and go to your site
2. Double click Authentication under IIS
3. Click on Windows Authentication and then choose "Providers..." under Actions
4. Add NTLM if it isn't there and move it to the top.
5. Click OK
It worked for me!
In my environment, my SharePoint 2010 is running on Windows Server 2008 R2 with IIS7. The expected behavior after adding SPNs was that the user was prompted 3 times by default. How to configure the prompt times? maybe 2 or 5 times?
It is decided in the browser, not in the server. Server returns HTTP401 status code in all of these requests, browser decides if the user should retry or not.
Anyway, when you have SPNs set up, passwords should work from the first time. It is worth rebooting the server after SPN setup.
What configuration change do I need to make?
Hello, recently upgraded my laptop to windows7, I pulled down our site from subversion to make some updates. I always test the changes on localhost before I move them to our beta site. Now, I was able to set up IIS on windows 7 to run our site, but it seems only the non-dynamic asp pages are working. Any page that tries to connect to the DB returns an error message.
Microsoft OLE DB Provider for ODBC
Drivers error '80040e4d'
[Microsoft][SQL Native Client][SQL
Server]Login failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
/include/chooseyear.inc, line 15
Here is the Global.asa file
'Added Lock to Session Onstart to
protect Current Year variable ' from
becoming corrupted
If isEmpty(Application("CURRENT_YEAR"))
then
Application.lock Application("CURRENT_YEAR") =
Year(now()) Application.Unlock END
IF 'Doug Chamberlain 'continue to use ODBC connection to access data
Session("DBConnection")= "DSN=WITHHELD;UID=USER_NAME_WITHHELD;PWD=PASSWORD_WITHHELD;DATABASE=master;APP=www"
Session("ConnectionTimeout") = 120
Session("CommandTimeout") = 102 'Doug Chamberlain '09/10/2010
Update:
Here is the line of code that fails. but worked prior to upgrading to windows 7 and IIS7.5
PropConnection.Open Session("SCPAASPConnection")
I did a debug on the website when it failed, and the value of that variable is
"DSN=WITHHELD;UID=USER_NAME_WITHHELD;PWD=PASSWORD_WITHHELD;DATABASE=master;APP=www"
but the error message is the same as below, it seems to just ignore the user/pass in the connection string variable. I did get the site to work slightly better by turning on windows auth & anonymous auth. However, other things break when I do that. Like the link scanner I use.
This isn't anything to do with ASP, as all ASP pages are dynamic (in that they will be parsed through by IIS), from what you're saying (and from the error message), it's only the ones with a database connection in that are failing.
This is because the user account the IIS application pool process runs under by default would not have access on the SQL box. You could add a SQL login for that account, or if it's only a local machine you're running it on then just change the app pool identity to run as NetworkService.
In IIS, select the app pool for the site, click Edit Application Pool > Advanced Settings and change Process Model > Identity from ApplicationPoolIdentity to NetworkService.
I have http connection code that does the typical
InternetOpen -> InternetConnect -> HttpOpenRequest -> HttpSendRequest using wininet,
which worked just fine on all the prior versions of windows , but win server r2 x64 what is happening is that everything else works just fine but the cookies aren't being accepted and returned on subsequent calls( I love wireshark) ( causing things to fail). So I've been starting at the various flags and options available to the 4 different calls, as well as InternetSetOption and InternetSetPerSiteCookieDecision. And I just haven't seemed to find a way to make 2008 server accept the cookies yet. The only catch is that I'm using a straight ip (say 192.0.0.1(not real ip) )and not something like www.foo.com.
http://msdn.microsoft.com/en-us/library/aa918417.aspx
please check: "Privacy settings" and "Per site cookie handling"