"Let me see if I understand your last mail. If we get the 'forbidden'
problem, you want me to access the intranet site directly from the
hosting machine that is running IIS via Internet Explorer or browse
directly from IIS (right click browse) or am I missing the point
completely?"
[WenJun]
Yes, this is in order to verify if IIS Integrated auth doesn't work
at that time. According to your new statement - "everyone else is OK.
", I believe this is no longer necessary.
A important point in your new thread is you are using host header
like:
www.intranet.info. Integrated auth acutally includes two logon
methods - Kerberos and NTLM. When authorization section in request
header is Negotiate (by default), IE and IIS may either choose NTLM
or Kerberos in the end and the one can be affected by host header is
Kerberos. The following KB article contains some related information
of this topic:
Authentication may fail with "401.3" Error if Web site's "Host
Header" differs from server's NetBIOS name
http://support.microsoft.com/default...b;EN-US;294382
I wonder what the detailed error message is in the XP user's browser?
Is it just a 401.x error or 403.x forbidden? it can be helpful if
you can paste the error for me to take a look. If the error is just
401.x, per the KB states, you can set the NTAuthenticationProviders
metabase attribute to enforce IIS using NTLM. Please note using
iisreset command to restart IIS is necessary after this change.
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
Let me know if the problem persists.
Best regards,
WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! -
www.microsoft.com/security