Installation and deployment Questions on installation, system configuration and deployment to the live server.
Version 4.x > Installation and deployment > Configuring Windows Authentication View modes: 
User avatar
Member
Member
chris.hayles-fshc.co - 10/7/2009 9:20:09 AM
   
Configuring Windows Authentication
Virtual server running Windows Server 2008 & IIS 7.

I'm attempting to configure Windows Authentication and have followed the instructions here:

http://devnet.kentico.com/docs/devguide/index.html?configuring_windows_authentication.htm

When testing this I get the following error:

"Access is denied.

Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

Version Information: Microsoft .NET Framework Version:2.0.50727.4016; ASP.NET Version:2.0.50727.4016"


This occurs while logged in as a domain admin account. Kentico site works perfectly fine under standard SQL authentication.

I realise this is to do with the server config but could someone point me in the right direction as to what is likely to be the cause?

Thank you.

User avatar
Member
Member
chris.hayles-fshc.co - 10/7/2009 10:40:10 AM
   
RE:Configuring Windows Authentication
Relevant IIS service had been disabled.

Thanks.

User avatar
Kentico Developer
Kentico Developer
kentico_ondrejv - 10/7/2009 12:58:25 PM
   
RE:Configuring Windows Authentication
Hello,

Thank you for your update. Can I consider this issue as closed?

Best Regards
Ondrej Vasil

User avatar
Member
Member
chris.hayles-fshc.co - 10/8/2009 5:27:54 AM
   
RE:Configuring Windows Authentication
Yes. Thanks Onrej. However, I have emailed you regarding a seperate issue I am now having regarding certain CMS Desk pages.

Thanks,
Chris

User avatar
Member
Member
fonze_ellis - 10/7/2009 8:47:26 PM
   
RE:Configuring Windows Authentication
Hi Chris,

Can you please post what 'relevant IIS Service' you are referring to?

I am getting the same error using Win Server 2008 and IIS 7 after moving a site. CMSDesk and CMSSiteManager, plus the site in preview mode all works fine but won't work when browsing to it directly.

Cheers

User avatar
Member
Member
chris.hayles-fshc.co - 10/8/2009 5:26:29 AM
   
RE:Configuring Windows Authentication
Open up IIS Manager on the hosting server.

Expand folders to find your site directory.

Double-click the "Authentication" icon and make sure that "Windows Authentication" is enabled.

From what I can see this is set in two places so you may need to highlight the server (rather than the site directory) and make sure it is enabled there too.

I had one enabled but not the other. Enabling both has resvoled the issue for me.

Chris

User avatar
Member
Member
fonze_ellis - 10/8/2009 7:26:55 PM
   
RE:Configuring Windows Authentication
Cheers, thanks for that. Yeah they were both already enabled for me so there's another reason I'm getting this issue.

Oh well, I'll have to keep hunting around and working on it!

Thanks for your reply :)

User avatar
Kentico Developer
Kentico Developer
kentico_ondrejv - 10/16/2009 12:56:31 PM
   
RE:Configuring Windows Authentication
Hello,

I've googled around and found following articles. Please try hints described there:

http://blog.rileytech.net/post/2008/01/21/Vista-IIS7-Windows-Authentication-and-you.aspx

http://programming.torensma.net/2009/10/error-message-401-2-unauthorized-logon-failed-due-to-server-configuration-iis7/

Hopefully they will be useful for you.

Best Regards
Ondrej Vasil

User avatar
Member
Member
fonze_ellis - 10/19/2009 6:11:38 PM
   
RE:Configuring Windows Authentication
Hi Ondrej,

I had a look at those links, thanks for that. Although, these won't help. Windows Authentication is already (and always has been) enabled in IIS 7, plus I don't use Vista (we use Windows Server 2008 and XP for the clients) - and everything is enabled just fine.

Plus, the website in IIS was an existing site and it serves up pages fine. I've tracked down the problem to being the database - when I edit Web.Config and point the site to a fresh default database, it works fine. When I point it back to a restore of our production database, I get the 401.2 error when trying to browse to the live site. Browsing to CMS Desk and using Preview mode for all pages works! Very strange. I'm working with your support guys at the moment to resolve this.

Thanks!

User avatar
Member
Member
fonze_ellis - 11/1/2009 12:49:51 AM
   
RE:Configuring Windows Authentication
Well, we got the problem solved! It was to do with SSL being turned on in the Kentico CMS when our test server wasn't configured for using SSL.

Problem: I was wanting to take a copy of the website files, and a BAK of the SQL database from our production intranet and restore it onto a test server. All is fine, until I try to browse to any pages within the test intranet. The browser just bombs out saying 'Can't display the page'. Digging down behind the scenes, IIS was giving an error code of 401.2 - Unauthorised access.

Everything was enabled properly, Windows Authentication, etc etc. Plus, you could browse to all the pages within CMSDesk.

After weeks of stuffing around, and working with Kentico support (who were very helpful and responsive) the problem ended up simply being related to SSL.

Solution: Our production server uses SSL, so in CMSDesk on the root node of the site, under the 'Properties' tab and then Security, down the bottom the option saying 'Requires SSL' is set to Yes. That's fine for a server configured to use SSL. When on a server not running SSL, the browser just bombs out without any decent error.

Obviously the option is saved in the database, so when restoring to our test server which doesn't use SSL, it was bombing out with no descriptive error. Going into CMSDesk and setting this option to 'No' for SSL let the site work just fine on the test server.

Anyway, thought I would post a follow up to this in case it helps others with the same issue. Surely other people would try restoring a copy of their production system to a test server without SSL and forget the basics like I did! :)