Thoughts on and experiences with computers, programming and electronics. http://www.realtechnology.com/RTBlog/tabid/59/BlogId/2/Default.aspx en-US rtblog@realtechnology.com ronsmith@realtechnology.com Mon, 06 Feb 2012 11:53:07 GMT Mon, 06 Feb 2012 11:53:07 GMT http://backend.userland.com/rss Blog RSS Generator Version 3.3.0.16726 <p>My dev server is a Win 2003 machine with IIS 6.0.  I've got a number of web sites set up which I reference via URLs such as <a href="http://site1.localhost/">http://site1.localhost</a>, <a href="http://site2.localhost/">http://site2.localhost</a>, etc.  By putting entries in my HOSTS file which point back to 127.0.0.1, I can use those URLs to access the sites because I set up Host Headers for each site to look for its specific URL.</p> <p>After installing VS 2008, I suddenly lost the ability to debug web applications on my local machine.  I had been using VS 2005 successfully before that.</p> <p>"Unable to start debugging on the web server. An authentication error occurred while communicating with the web server."</p> <p>I did a lot of fruitless searching on the web.  None of the solutions worked: Integrated Windows Authentication must be enabled for the website - yes it was. ASP.Net security settings all checked out.  ACL's were all okay.  I found that if I disabled Anonymous logins for the website in IIS, I could see that Integrated Windows Authentication wasn't working properly.  When viewing the site in my browser I would be asked to log in, but my windows credentials would not work*. Arg!</p> <p>After examining IIS log files, it was clear that Visual Studio was trying to log in to the web server using the same account I was logged into Windows with.  So we were both having the same problem. For some reason IIS wasn't handling IWA properly.</p> <p>I turned on auditing for logon failures and examined the security event log.</p> <p>Hmm, this is interesting:</p> <p>Event Type: Failure Audit<br /> Event Source: Security<br /> Event Category: Logon/Logoff <br /> <font style="background-color: #ff6600">Event ID: 537</font><br /> Date:  1/8/2009<br /> Time:  12:56:45 PM<br /> User:  NT AUTHORITY\SYSTEM<br /> Computer: ISIS<br /> Description:<br /> Logon Failure:<br />   Reason:  An error occurred during logon<br />   User Name: administrator<br />   Domain:  isis<br />   Logon Type: 3<br />   <font style="background-color: #ff9900">Logon Process: ÈùÈ</font><br />   Authentication Package: NTLM<br />   Workstation Name: ISIS<br />   Status code: 0xC000006D<br />   Substatus code: 0x0<br />   Caller User Name: -<br />   Caller Domain: -<br />   Caller Logon ID: -<br />   Caller Process ID: -<br />   Transited Services: -<br />   Source Network Address: 127.0.0.1<br />   Source Port: 4869</p> <p>Well, no, it isn't that interesting, but the error code led me to this explanation:</p> <p><strong><a href="http://support.microsoft.com/kb/896861/en-us">You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6</a></strong></p> <p>As it turns out, Windows Server 2003 Service Pack 1 (SP1) has a loopback check security feature.  Since I was browsing locally and using host headers to access my websites, Windows was refusing to validate the request  (or something like that).</p> <p>After following the instructions for the workaround, VS debugging works fine now.  I felt I needed to connect the dots here because my initial searches didn't turn up this solution.</p> <p>*This had been a problem prior to intalling VS 2008, but I was able to work around it by enabling anonymous access to the websites.</p> http://www.realtechnology.com/RTBlog/tabid/59/EntryID/27/Default.aspx rtblog@realtechnology.com http://www.realtechnology.com/RTBlog/tabid/59/EntryID/27/Default.aspx#Comments http://www.realtechnology.com/Default.aspx?tabid=59&EntryID=27 Fri, 09 Jan 2009 00:10:10 GMT 0 http://www.realtechnology.com/DesktopModules/Blog/Trackback.aspx?id=27