Is there anything in the httperr.log file that might give you a clue as to
why IIS thinks the request is badly formed?
Cheers
Ken
--
IIS Blog:
www.adopenstatic.com/cs/blogs/ken/
Web:
www.adopenstatic.com
<cd*******@hotmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
: We are recieving the following error "HTTP Error 400 - Request is badly
: formed." I believe we are receiving the error because the SSL VPN
: client is attempting to send a Kerberos ticket and our IIS server is
: expecting NTLM.
:
:
cd*******@hotmail.com wrote:
: > Using a Cisco VPN client, everything works fine. We are using a thrid
: > party product that does SSL VPN. VPN via http/ssl. This is where we
: > run into problems. because the browser client cannot pass user
: > credentials to our iis server which is set to run under integrated
: > security.
: >
: >
: > Nicole Calinoiu wrote:
: > > <cd*******@hotmail.com> wrote in message
: > > news:11**********************@g47g2000cwa.googlegr oups.com...
: > > > Our intranet is running under windows integrated security. We have
: > > > domain users that want to access our intranet site via ssl vpn. SSL
: > > > VPN can not authenticate against services that run under windows
: > > > integrated security.
: > >
: > > That's not necessarily true. Have you actually tested this from a VPN
: > > client?
: > >
: > >
: > > > In order to get around this issue it seems that we
: > > > would need to create a login page on a separate site that runs under
: > > > anonymous security. Then pass the users credentials to the site
: > > > running under integrated security.
: > >
: > > If Windows authentication really doesn't work, perhaps basic
authentication
: > > might? This would allow you to support VPN clients with far less
changes to
: > > your current application.
: > >
: > >
: > > > Has anyone had this issue or done
: > > > anything like this before? Is it even possible to pass user
credentils
: > > > to a site running under integrated security?
: > >
: > > Yes, but without any problems. Are you actually seeing a specific
problem?
: > > If so, what is it? If not, why not test authentication over VPN
against a
: > > simple sample application?
: