Hi there,
We deploying K2 in a small-ish company with limited resources. As a result, K2 is being installed on the domain controller (Windows 2003).
Our problem is as follows. When we enable IWA on the workspace, we get: The request failed with HTTP status 401: Unauthorized.
However, if we disable IWA and enable Basic Authentication, then IE promts for the UserName and Password, and on entering the correct details, the workspace loads correctly.
I've checked, rechecked and triple verified the security settings. I'm extremely sure it's not because of some incorrect folder security setting or something like that (besides, Basic Authentication would also not work if that was the case)
Also, I've changed the customErrors tag in web.config for the workspace (and workspaceservice) to Off, so I can see the asp.net error. However, it seems like it doesn't even get to execute the aspx pages and the error is just a simple one liner (the above text) on a white page.
I've looked through the IIS log and there's nothing unusual, well nothing that acording to the resources I've read is not expected.
Can anybody give me any ideas on how to proceed. Maybe somebody has installed this on a domain controller before and had similar problems
Thanks,
Charl Marais
Page 1 / 1
Hi Charl,
I've seen this before and there's a couple of things to check. In essence, please have a look at KB articles 98 and 123 - everything is explained in these two articles.
The things you should check:
1. The DisableLoopbackCheck Registry setting explained in KB98
2. The AppPool is started under a domain account
3. This domain account should be part of the IIS_WPG group on the local machine.
4. Add the K2V3 site to Trusted Sites
5. IE -> Internet Options -> Advanced -> Enable Integrated Windows Authentication (requires restart) -> Checked
6. We've also once had to edit the IIS metabase (KB123) to set NTAuthenticationProviders to 'Negotiate,NTLM'
7. Give 'Authenticated Users' - 'Modify' permissions on 'C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET Files' and ''C:WINDOWSTemp'
In between these steps, you should reboot a couple of times i.e. after steps 1, 3 and 6.
Hope this helps,
Ockert
I've seen this before and there's a couple of things to check. In essence, please have a look at KB articles 98 and 123 - everything is explained in these two articles.
The things you should check:
1. The DisableLoopbackCheck Registry setting explained in KB98
2. The AppPool is started under a domain account
3. This domain account should be part of the IIS_WPG group on the local machine.
4. Add the K2V3 site to Trusted Sites
5. IE -> Internet Options -> Advanced -> Enable Integrated Windows Authentication (requires restart) -> Checked
6. We've also once had to edit the IIS metabase (KB123) to set NTAuthenticationProviders to 'Negotiate,NTLM'
7. Give 'Authenticated Users' - 'Modify' permissions on 'C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET Files' and ''C:WINDOWSTemp'
In between these steps, you should reboot a couple of times i.e. after steps 1, 3 and 6.
Hope this helps,
Ockert
Hi Chris,
Did you perhaps install W2K2 with streamlined SP1 when creating the DC? :evil: I had a very similar issue today - I couldn't get the Workspace to work - Tried everything - even the DisableLoopbackCheck in the registry.
My installation was not on a domain controller but this should not be an issue - K2.net should and does run on a domain controller at various sites.
In the end I configured Kerberos and it worked immediately so I would suggest you do that - It only takes half-an-hour or so.
Did you perhaps install W2K2 with streamlined SP1 when creating the DC? :evil: I had a very similar issue today - I couldn't get the Workspace to work - Tried everything - even the DisableLoopbackCheck in the registry.
My installation was not on a domain controller but this should not be an issue - K2.net should and does run on a domain controller at various sites.
In the end I configured Kerberos and it worked immediately so I would suggest you do that - It only takes half-an-hour or so.
Thanks, I'll give that try.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.