Windows Auth in IIS does not work when browsing to the website on the server running IIS using a URL with an A record pointing to the IIS server

authentication iis iis-7.5 windows-authentication

I have a website that runs on IIS that uses windows authentication.

On the website level, under 'Authentication' I have only Windows Authentication (NTLM only as a provider) enabled.

On the virtual directory level, under 'Authentication', I have ASP.NET Impersonation and Windows Authentication (NTLM only as a provider) enabled. (Disabling ASP.NET Authentication here does not change anything)

  • The IP address of the server running IIS is: 172.0.0.10
  • The computer name of the server running IIS is: myiisserver
  • The FQDN on the server running IIS is: myiisserver.mydomain.com
  • A DNS 'A Record' exists to point 172.0.0.10: myapp.mydomain.com

On the website bindings, I have:

Type  |  IP Address      |  Port  |  Host Name
--------------------------------------------------------------
http  |  All Unassigned  |  80    |  localhost
http  |  All Unassigned  |  80    |  myiisserver
http  |  All Unassigned  |  80    |  myiisserver.mydomain.com
http  |  All Unassigned  |  80    |  myapp.mydomain.com

This is the only website that I have running on the IIS server.

The App Pool running the web site and the virtual directory is the same and uses 'NetworkService' as the identity.

On the IIS server and on other workstations in the network:

  • myiisserver is added to 'Trusted Sites'
  • myiisserver.mydomain.com is added to 'Trusted Sites'
  • myapp.mydomain.com is added to 'Trusted Sites'

On the trusted sites zone, Automatic logon using current user name and password is selected on the IIS server and other workstations.

On Internet Options -> Advanced, Enable Integration Windows Authentication was enabled on the IIS server and other workstations.

On other workstations in the network:

  • http://myiisserver works OK
  • http://myiisserver.mydomain.com works OK
  • http://myapp.mydomain.com works OK

On IIS server:

  • http://localhost works OK
  • http://myiisserver works OK
  • http://myiisserver.mydomain.com works OK
  • http://myapp.mydomain.com works DOES NOT WORK - Prompts for User name and password - Entering a user name and password that has access to the resources does not work and it continues to prompt for user name and password. Any suggestions to get this to work on the IIS server?

Updating the registry key below on the server running IIS fixed the issue!

  1. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  2. Right-click MSV1_0, point to New, and then click Multi-String Value.

  3. Type BackConnectionHostNames, and then press ENTER.

  4. Right-click BackConnectionHostNames, and then click Modify.

  5. In the Value data box, type the host name or the host names for the site(s) that are on the local computer (i.e. myapp.mydomain.com), and then click OK.

BackConnectionHostNames registry key value in the registry editor

Related

How to redirect http requests to a service running in other port
Which host name to put in /etc/hostname?
let CRON send emails through SMTP ( debian squeeze )
How can I display a message in Maven
How to include CSS file in Symfony 2 and Twig?
Deriving maven artifact version from git branch
AngularJS accessing DOM elements inside directive template
PG COPY error: invalid input syntax for integer
What happens if I remove the auto added supportedRuntime element?
How to use Callable with void return type?
Make a union of polygons in GeoPandas, or Shapely (into a single geometry)
Java equivalent to .Net's NotSupportedException