The postings on this site are my own and do not represent my Employer's positions, advice or strategies.

LifeAsBob - Blog



No Ads ever, except search!
Saturday, July 20, 2024 Login

IIS NT Authentication Stopped working 2/19/2023 6:39:09 AM

Just an internally hosted web site, for use by members of my group on our domain.  Been working for years, suddenly today it begins prompting for credentials and/or wouldn't load.  Of course no changes, but there are always changes we can't control when you work in a big organization, group policy changes and patching being the biggest.

This same server, also hosts SSRS and it was authenticating fine with windows / nt authentication, so we knew it wasn't a problem of the server.

Ultimate credit goes to Ben Reese for helping solve this ! 

Ben sent me this so I could put it here as a place holder so we can remember the fix.

Followed these steps:

 The solution for this is to disable the NEGOTIATE protocol in IIS, so that NTLM is always use. In sporadic situations, or to confirm the problem, you may want to disable NEGOTIATE in the client workstation.

  1. Access IIS Manager;
  2. Expand <server> Sites Default Web Site;
  3. In the IIS group, choose Authentication;
  4. Click Windows Authentication. On the side bar, option Providers shows up; if not, first activate Windows Authentication so it does show up;
  5. Remove NEGOTIATE provider.
  6. If you added Windows Authentication on step 4, deactivate it again;
  7. Do an IISReset

After performing the steps above, authentication should start working in Internet Explorer / Microsoft Edge.

 I tried lowering the priority of “NEGOTIATE” provider first, but that didn’t work unfortunately. Went ahead and removed it then tested again… It’s working in Edge without a UN/PW! Chrome still prompts the first time, but I maybe integrated security doesn’t work the same on Chrome ?? SSRS prompts for credentials in Chrome too if you haven’t authenticated already.

 And how I got there in case that was the wrong “fix” and it needs to be undone:

Blog Home