Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jun 24, 2011 07:57 PM by luism3
Feb 26, 2007 01:15 PM|LINK
My users are getting the 'NT AUTHORITY\ANONYMOUS LOGON' error intermittently. The application is running off a Server 2005 box and loses the credentials when accessing data on a SQLServer 2005 server.
The error will pop on entering the application or can happen during the use of the application. After a few minutes and the reopening of the browser, it usually works fine. The application server is set to Integrated Windows Authentication only and Anonymous
access is disabled. The connection string to the database has trusted connection set to true.
From what I've gathered through internet searches, this problem should either be 100% on or 100% off, not intermittent as mine is. Has anyone seen this problem before?
Feb 27, 2007 01:18 PM|LINK
Yes, this should either be 100% on or 100% off. However have you check your event log, I think there might be additional information provided. And please check if this is because of your local network too.
Feb 28, 2007 12:45 PM|LINK
After some more searching and the viewing of a very comprehensive presentation at
http://support.microsoft.com/kb/842861/ I think I've narrowed the problem down to Kerberos settings on the application server.
My first thing to look into is the possibility of duplicate SPNs. It seems that this could cause the intermittent problem if the SPN is being generated each time the app is accessed rather than being declared. Unfortunatly, I haven't figured out how to look
for evidence of the duplicate SPN, nor how to declare the SPN.
Anyone seen and solved this problem?
Mar 11, 2008 08:20 PM|LINK
Any update on this? I'm having a similar issue:
Jun 23, 2011 03:22 AM|LINK
Did you ever find the solution?
Jun 23, 2011 06:25 AM|LINK
Did you ever find the solution?
This is an old thread. Are you having the same problem. Can you provide some more details?
Jun 23, 2011 05:22 PM|LINK
There are two server.
1th. Has IIS with the webApp, windows 2008 r2 with IIS 7.5
2nd. has sql server 2008r2
1th one is been configured to the windows authentication... <Authentication mo.."windows">... <Identity Impersonate "True">...
DoubleHop config is ready and thats it! the environment is fine.
The system is working!.
But now, suddely, last monday the system started thowing the error: "Login failed for user NT AUTHORITY\ANONYMOUS AUTHENTICATION".
I restarted the IIS, then I change the appPool account from de ApplicationPoolIdentity to Network Sevice. So the webApp starded working again. now, yesterday (wednesday) the app threw the same error. again!.
I know that sql server is who throws this exception, because the user does not have permissions to login the database (the anonymous user)...so, why is it happening? suddenly and intermittently
Jun 24, 2011 08:34 AM|LINK
Maybe you are facing the double hop issue.
The double-hop issue is when the ASPX page tries to use resources that are located on a server that is different from the IIS server. In your case, the first "hop" is from the web browser client to the IIS ASPX page; the second hop is to the AD. The AD
requires a primary token. Therefore, the IIS server must know the password for the client to pass a primary token to the AD. If the IIS server has a secondary token, the NTAUTHORITY\ANONYMOUS account credentials are used. This account is not a domain
account and has very limited access to the AD. You can refer this links below
Hope this helps
Jun 24, 2011 07:57 PM|LINK
Has I was telling you, double hop configuration is ready.
Double Hop has two options: 100% fails, or 100% working. It wouldn't be INTERMITTENT. (am I wrong?)
My problem is intermittent. during the day all the users are using de webApp and it works.. but suddenly, some of them start reporting the error. And worst: some times it start working alone, with no fixing actions.