Various issues may occur when attempting to authenticate in the Active Roles Web Interface. These issues include but are not limited to:
Authentication is a process that occurs between a client machine, the IIS Server installed on the Active Roles Web Interface host, and an Active Directory Domain Controller. Active Roles receives the end result of the authentication process: authentication happens outside of Active Roles and Active Roles logging will not capture any authentication-related issues.
Some basic troubleshooting steps are possible, but complicated authentication-related issues may require a Microsoft engagement in order to be resolved.
Windows Authentication is the default authentication type configured on the Active Roles sites in IIS. As a troubleshooting step, it is recommended to disable Windows Authentication and enable Basic Authentication as this is a simpler method with fewer failure points.
NOTE: Active Roles Web Interface sites have ASP.NET Impersonation set to Enabled and configured to pass Authenticated User by default. This setting is required and should not be changed.
NOTE: Basic Authentication requires that a username be entered in the format domain\username
NOTE: Basic Authentication over non-SSL traffic is not secure and should not be used in a production environment.
If Basic Authentication also does not function as expected using any a valid URL or alias, this suggests that there is a username or password error. Log out of Windows and log back into Windows to confirm that the password is valid and not expired.
If Basic Authentication works while Windows Authentication does not under the same conditions, this confirms that the issue lies in the Kerberos configuration and not in the communication between the client, server, and Domain Controller.
Proceed with troubleshooting by enabling Kerberos logging on the client, IIS host, and Active Roles Administration Service host.
For assistance with interpreting Kerberos logging, please engage Microsoft for assistance.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center