My users are getting the 'NT AUTHORITY\ANONYMOUS LOGON' error intermittently. The application is running off a Server 2005 box and loses the credentials when accessing data on a SQLServer 2005 server.
The error will pop on entering the application or can happen during the use of the application. After a few minutes and the reopening of the browser, it usually works fine. The application server is set to Integrated Windows Authentication only and Anonymous
access is disabled. The connection string to the database has trusted connection set to true.
From what I've gathered through internet searches, this problem should either be 100% on or 100% off, not intermittent as mine is. Has anyone seen this problem before?
Yes, this should either be 100% on or 100% off. However have you check your event log, I think there might be additional information provided. And please check if this is because of your local network too.
Zhao Ji Ma
Sincerely,
Microsoft Online Community Support
“Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
After some more searching and the viewing of a very comprehensive presentation at
http://support.microsoft.com/kb/842861/ I think I've narrowed the problem down to Kerberos settings on the application server.
My first thing to look into is the possibility of duplicate SPNs. It seems that this could cause the intermittent problem if the SPN is being generated each time the app is accessed rather than being declared. Unfortunatly, I haven't figured out how to look
for evidence of the duplicate SPN, nor how to declare the SPN.
1th. Has IIS with the webApp, windows 2008 r2 with IIS 7.5
2nd. has sql server 2008r2
1th one is been configured to the windows authentication... <Authentication mo.."windows">... <Identity Impersonate "True">...
DoubleHop config is ready and thats it! the environment is fine.
The system is working!.
But now, suddely, last monday the system started thowing the error: "Login failed for user NT AUTHORITY\ANONYMOUS AUTHENTICATION".
I restarted the IIS, then I change the appPool account from de ApplicationPoolIdentity to Network Sevice. So the webApp starded working again. now, yesterday (wednesday) the app threw the same error. again!.
I know that sql server is who throws this exception, because the user does not have permissions to login the database (the anonymous user)...so, why is it happening? suddenly and intermittently
The double-hop issue is when the ASPX page tries to use resources that are located on a server that is different from the IIS server. In your case, the first "hop" is from the web browser client to the IIS ASPX page; the second hop is to the AD. The AD
requires a primary token. Therefore, the IIS server must know the password for the client to pass a primary token to the AD. If the IIS server has a secondary token, the NTAUTHORITY\ANONYMOUS account credentials are used. This account is not a domain
account and has very limited access to the AD. You can refer this links below
Has I was telling you, double hop configuration is ready.
Double Hop has two options: 100% fails, or 100% working. It wouldn't be INTERMITTENT. (am I wrong?)
My problem is intermittent. during the day all the users are using de webApp and it works.. but suddenly, some of them start reporting the error. And worst: some times it start working alone, with no fixing actions.
jekent
Member
2 Points
3 Posts
'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Feb 26, 2007 01:15 PM|LINK
My users are getting the 'NT AUTHORITY\ANONYMOUS LOGON' error intermittently. The application is running off a Server 2005 box and loses the credentials when accessing data on a SQLServer 2005 server.
The error will pop on entering the application or can happen during the use of the application. After a few minutes and the reopening of the browser, it usually works fine. The application server is set to Integrated Windows Authentication only and Anonymous access is disabled. The connection string to the database has trusted connection set to true.
From what I've gathered through internet searches, this problem should either be 100% on or 100% off, not intermittent as mine is. Has anyone seen this problem before?
Zhao Ji Ma -...
All-Star
23104 Points
2380 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Feb 27, 2007 01:18 PM|LINK
Hi,
Yes, this should either be 100% on or 100% off. However have you check your event log, I think there might be additional information provided. And please check if this is because of your local network too.
Sincerely,
Microsoft Online Community Support
“Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
jekent
Member
2 Points
3 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Feb 28, 2007 12:45 PM|LINK
After some more searching and the viewing of a very comprehensive presentation at http://support.microsoft.com/kb/842861/ I think I've narrowed the problem down to Kerberos settings on the application server.
My first thing to look into is the possibility of duplicate SPNs. It seems that this could cause the intermittent problem if the SPN is being generated each time the app is accessed rather than being declared. Unfortunatly, I haven't figured out how to look for evidence of the duplicate SPN, nor how to declare the SPN.
Anyone seen and solved this problem?
kuyarico
Member
2 Points
2 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Mar 11, 2008 08:20 PM|LINK
Any update on this? I'm having a similar issue: http://forums.asp.net/t/1227096.aspx
luism3
Member
6 Points
3 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Jun 23, 2011 03:22 AM|LINK
Did you ever find the solution?
GPankaj
Contributor
4588 Points
768 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Jun 23, 2011 06:25 AM|LINK
Hi
This is an old thread. Are you having the same problem. Can you provide some more details?
Thank You
luism3
Member
6 Points
3 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Jun 23, 2011 05:22 PM|LINK
Sure.
There are two server.
1th. Has IIS with the webApp, windows 2008 r2 with IIS 7.5
2nd. has sql server 2008r2
1th one is been configured to the windows authentication... <Authentication mo.."windows">... <Identity Impersonate "True">...
DoubleHop config is ready and thats it! the environment is fine.
The system is working!.
But now, suddely, last monday the system started thowing the error: "Login failed for user NT AUTHORITY\ANONYMOUS AUTHENTICATION".
I restarted the IIS, then I change the appPool account from de ApplicationPoolIdentity to Network Sevice. So the webApp starded working again. now, yesterday (wednesday) the app threw the same error. again!.
I know that sql server is who throws this exception, because the user does not have permissions to login the database (the anonymous user)...so, why is it happening? suddenly and intermittently
GPankaj
Contributor
4588 Points
768 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Jun 24, 2011 08:34 AM|LINK
Hi
Maybe you are facing the double hop issue.
The double-hop issue is when the ASPX page tries to use resources that are located on a server that is different from the IIS server. In your case, the first "hop" is from the web browser client to the IIS ASPX page; the second hop is to the AD. The AD requires a primary token. Therefore, the IIS server must know the password for the client to pass a primary token to the AD. If the IIS server has a secondary token, the NTAUTHORITY\ANONYMOUS account credentials are used. This account is not a domain account and has very limited access to the AD. You can refer this links below
http://support.microsoft.com/kb/329986
http://stackoverflow.com/questions/4071929/how-do-i-configure-iis-so-that-the-users-domain-credentials-are-used-when-connec/4072300#4072300
Hope this helps
luism3
Member
6 Points
3 Posts
Re: 'NT AUTHORITY\ANONYMOUS LOGON' Error Happening Intermittently
Jun 24, 2011 07:57 PM|LINK
Has I was telling you, double hop configuration is ready.
Double Hop has two options: 100% fails, or 100% working. It wouldn't be INTERMITTENT. (am I wrong?)
My problem is intermittent. during the day all the users are using de webApp and it works.. but suddenly, some of them start reporting the error. And worst: some times it start working alone, with no fixing actions.