Questions tagged [windows-authentication]
Windows authentication (or Integrated Windows Authentication) is a process where connections to applications or external systems are automatically authenticated with the currently logged on Windows user. This functionality was first made available in Windows 2000.
301 questions
0 votes
0 answers
406 views
Single user in domain not able to sign in using cached credentails
I have been having an issue with a single user in my domain. After ~2-3 month period of computer use the following error occurs. After a user profile deletion / computer reimage, we will have another ...
0 votes
1 answer
286 views
Automatic Windows Login on internal website uses wrong account to authenticate when website has an external certificate
We have an website on our corporate intranet. It has two https bindings on the same site/server/port: https://mysite1.mycorp.ads -Internal certificate issued by our internal certificate authority ...
- 291
1 vote
1 answer
177 views
Why does IIS misidentify my user account when using IWA with Negotiate?
Apologies if this question swings wide of the mark; I'm trying to troubleshoot something out of my area of expertise. I recently migrated an internal-facing web app to IIS. I also enabled Windows ...
- 11
0 votes
0 answers
150 views
MySQL GSSAPI Authentication Failing with "Access Denied" Error
All obfuscated portions are noted in [brackets]. I have MySQL set up on Rocky Linux v9.5 with MySQL Enterprise v9.1.0-1.1el9. Using a trial version of MySQL Enterprise Edition, I am trying to get the ...
1 vote
0 answers
142 views
Cygwin SSH service rejects local user connection attempt
I've set up Cygwin on a Windows machine, with the OpenSSH server sshd as a Windows service, up and running. I used ssh-host-config -y; and in /etc/sshd_config I've uncommented: PubkeyAuthentication ...
- 1,827
0 votes
1 answer
373 views
Account suddenly cannot perform NTLM logins over VPN
Starting a week ago I cannot login to windows shares or other servers using NTLM authentication over my VPN to our corporate network. Everything else works, SSO etc, Teams, Outlook, just NTLM based ...
- 101
1 vote
1 answer
439 views
Does Entra Kerberos (Azure AD Kerberos) support sign in to file shares without line of sight to on-premises domain controller?
I was naively thinking that Azure Kerberos (Entra Kerberos or Cloud Kerberos Trust) can help me in the following hypothetical situation, but it seems to me that it won't (at least in its current state)...
- 706
1 vote
0 answers
179 views
Browser is showing Sign in window for some URLs only
I have a PHP app on IIS 10. Recently some pages started displaying the Sign in window asking for username and password: What could cause that? Only Windows Authentication is Enabled with "HTTP ...
- 259
-1 votes
1 answer
2k views
Entra joined device seamless SSO not working for on premise web app configured for Windows authentication on https
Our device is Entra registered and has line of sight to our Active Directory Domain Controller. We have passwordless authentication setup using FIDO security key per the following microsoft site, ...
0 votes
0 answers
702 views
IIS website not recognising local group (Windows Auth) but does recognise specific users
IIS10 Windows Server2022 I have a server (SERVER) with a local group (SERVER USERS) that was made on install of a piece of software, that includes a web interface. In IIS, I have enabled windows ...
- 1
1 vote
0 answers
2k views
Windows Remote Desktop defaulting to NTLM
The issue: I have a Virtual Host - VHost.domian.com. When I try to connect from my laptop - Laptop.domain.com - it seems to be trying to use NTLM for authentication and not Kerberos. Note: My laptop ...
0 votes
1 answer
195 views
Windows 10 to Windows 10 authentication when off-domain
I have a laptop running Windows 10 Pro, domain joined to a Server 2012R2 AD. I have Hyper-V running on the laptop with a Windows 10 Pro guest, also joined to the domain. I have a shared folder on the ...
- 1
0 votes
0 answers
757 views
local IIS asp.net mvc web application using windows authentication keep prompting for credentials
I'm using windows 10 enterprise. localhost/mywebapp even not hitting home controller rather stuck on windows authentication prompt and no matter if I enter correct credential or bad credential it keep ...
- 59
1 vote
3 answers
5k views
How to test Windows Service Account can login to SQL Server database?
How to test that a Windows AD service account has been granted access to read from a SQL Server database server via Windows Authentication ? This would need be an isolated test independent of any ...
- 217
1 vote
0 answers
300 views
IIS 10 - Windows Authentication error - Cannot login some user!
I've a IIS 10 service on a Windows Server 2016 in the domain. There is a website with Windows Authentication. The rule monitors that the incoming user is a member of the AD\xy group or not. If member ...
- 11
0 votes
2 answers
846 views
Why is my Windows 11 host sending connection reset packets to AWX using certificate authentication?
Here is what I have done so far. Installed AWX 2.9 using docker on CentOS. Successfully managing Windows nodes (8,10) through AWX and WinRM using certificate authentication. (No problem here) ...
-2 votes
1 answer
459 views
RDP login works when using Android App, but now when using Windows [closed]
I am trying to connect to my work machine using RDP. Using my Android Phone I can connect to it. It shows up in the list and I fill in my details like so: COMPANYNAME\USERNAME. Then I enter the ...
- 137
2 votes
0 answers
4k views
Windows authentication (AD) not working when IIS Application pool is running as custom user
I'm using: Windows 10 x64 Professional (in ad domain) IIS 10 Web site is running under local user EPM_USER, everything works except Windows authentication Configuration: When I try to from another ...
- 131
1 vote
1 answer
3k views
Disable the Windows 10 Password login option when FIDO in use
Hello Collective intelligence, I have a question that is bugging me, I have a Yubikey 5C setup in Azure AD with passwordless auth and registered to my account, I can log into the PC using the FIDO key ...
1 vote
0 answers
4k views
IIS Windows Authentication - Failure 2304 on some machines
I am working currently on an IIS server that uses Windows Authentication. There is a weird problem for me when there are some PCs that when trying to browse to the server - they get a prompt to enter ...
- 11
0 votes
1 answer
2k views
What is the proper way to use IIS to forward the REMOTE_USER header to Tomcat?
I am trying to set up SSO with IIS 10 and Tomcat 9. I want to use Windows Authentication in IIS and pass the authenticated username to Tomcat. I had this working with Tomcat 8.5, however after ...
- 111
0 votes
1 answer
1k views
WCF "rejected the client credentials" just for one user account on two computers
I am getting the well known WCF service error when connecting from a client. The server has rejected the client credentials. Logon attempt failed. as described e.g. in this question. My problem is ...
- 162
0 votes
1 answer
462 views
Why would a server in an AD environment allow Remote Registry access by FQDN, but deny and lock out accounts over IP address?
We have a situation where a software application cannot be installed because the admin account used during installation gets locked out during prerequisite checks. After some investigation, we found ...
- 3
1 vote
0 answers
240 views
Hyper-V Server 2012 R2 - replica VMs state "password incorrect", but lets me log in after 7-8 minutes
so I have a replica server that backups 2 server 2012 R2 VMs. Each week, I run a test failover to make sure they boot up, and I can log into them. A curious issue I'm having is, once I get to the ...
- 11
1 vote
0 answers
2k views
IIS SSO not working, asking for login via login-prompt every new session
We are facing an issue where we don't get SSO to work on an IIS web app. We have set Windows-Authentication as enabled and Negotiate and NTLM as providers (IIS Windows Authentication and Providers). ...
- 11
0 votes
1 answer
5k views
Logging all failed authentication attempts against Active Directory
I need to log all failed authentication attempts against my Active Directory domain. An external app binds to MS AD via LDAPS and uses AD for user authentication requests. When the wrong user or ...
- 81
1 vote
0 answers
140 views
Windows authentication across multiple hostnames without multiple credential prompts - is it possible?
I have a web application that utilizes multiple hostnames (see below for an explanation of why it's set up like this - I don't want that to distract from the more general question here). Basically, ...
- 111
0 votes
0 answers
858 views
Cannot reach HTTPS page with self-signed server certificate and DoD CA certificates
I'm attempting to create a local web server using Flask, a Python microframework, that uses the PKIs on a DoD CAC. I've created the self-signed root CA and server certificate and key following this ...
- 111
1 vote
1 answer
148 views
In Windows Active Driectory, what's the purpose of SIDs when the username is already unique?
A Windows ID (such as MyDomain\someuser) will have a unique SID (such as S-1-5-21-1695517229-881958489-217698969-1001) The ID is used during login, which confirms that it too is unique in nature. What'...
- 1,404
0 votes
1 answer
808 views
Sharing a UPN between root and child AD domains
Is it possible to share a UPN between a root and child AD domains? We're considering our options around how to structure an Active Directory domain with the option of splitting off the child domain ...
- 85
4 votes
3 answers
46k views
Remote Desktop Authentication without NTLM - How to Configure from non-Windows clients?
Background This has been bugging me for quite a while (and no amount of internet searching has amounted to a decent solution), so I'm hoping someone can offer some sage advice. When I try and start a ...
- 1,797
0 votes
1 answer
68 views
Using custom auth through hardware device on Windows network map drive possible?
I want to custom the auth method when connecting smb as a client on Windows to a linux server. I expect to it to work like this: When connecting as a network map drive, Windows auth center will read ...
- 13
0 votes
1 answer
1k views
Windows Authentication not working on Windows Server 2012 R2
I've exhausted every bit of me to get Windows Authentication to work on the server and I cannot find any help on the internet. Windows authentication is working on my local PC, below is what I've done ...
- 101
0 votes
0 answers
562 views
Configure an IIS 10 ASP.NET MVC app to allow only specific domain user to access "/api/" URLs
This is on Windows Server 2019, the web app is a ASP.NET MVC app (.NET FW 4.6) I'm not sure how to debug this. The AppPool runs under a Managed Service Account! (not that it helps using ...
- 53
0 votes
0 answers
744 views
How to configure Windows Authentication (NTLM, Negotiate) to work when using IISARR?
As part of the upgrade from Win 2008 to Win 2016-project, we have introduced the use of DNS-aliases (way overdue) for all IIS-sites in all enviroments. We now use IIS with ARR installed as a proxy ...
- 335
0 votes
0 answers
787 views
No access over firewall to shared folder on clustered fileserver, but access to shares on a node server works
Update 2019-11-21: We have new a Windows Failover Cluster installed and are running a clustered file server on it that hosts file shares. We need to access these shares through a firewall from ...
- 203
0 votes
1 answer
2k views
nginx - prevent caching authorization info
I am using nginx as reverse proxy for my asp.net core web application. I am using spnego module for nginx for supporting of windows integrated authentication. It is works, but if user enters incorrect ...
- 101
0 votes
0 answers
429 views
How to login to MS SQL Server using Ubuntu OS & ODBC with disabled SQL Server Authentication and only accept Windows Authentication?
It is only part of my problem but technically, I am trying to access an SQL Server with disabled SQL Server Authentication using ODBC connection string in Ubuntu OS. I already tried to connect with ...
- 23
0 votes
0 answers
39 views
What sort of authentication is a windows machine local group with a domain user added to it?
I went and looked at a service that was run by a domain user. The process for the service read from a file on the machine's hard drive, and in the ACLs for that service there was an ACE for the local ...
- 5,061
2 votes
0 answers
414 views
Is it possible to limit SSRS authentication to Kerberos only?
We have an instance of SSRS (SQL Server Reporting Services) which uses Kerberos Constrained Delegation to fetch data for its reports from SQL Server on behalf of its users. For this purpose, SSRS was ...
- 343
1 vote
1 answer
375 views
W10 Client temporary authentication failure when reconnecting network drives
The customer has a W10 laptop. The laptop is member of MyDomain. The user has 20 network drives mapped onto his laptop. The server is W2016 Domain Controller. The user logs in on his laptop using his ...
- 307
1 vote
1 answer
4k views
Smartcard Authentication on Windows Domain Controller using Yubikey for Windows Login
I have a Yubikey 5 NFC and I am trying to configure it on a test bench for windows login authentication. I cannot seem to get the certificate to enroll on the Yubikey. I have followed the Yubikey ...
- 113
2 votes
1 answer
361 views
How DC authenticates when Client is not using any authentication?
I have a virtual environment with the following structure: DC: Windows Server 2008 Client: Windows 7 I installed Active Directory on the Windows Server 2008 and made it in domain januapp.local, then I ...
3 votes
1 answer
2k views
IIS and HttpListener (.NET) with windows authentication
I have a question about Windows authentication with IIS and HttpListener I have the following setup (All installed in same Windows 8.1 box. No outside communication). All requests are sent as http://...
- 31
2 votes
0 answers
128 views
Users getting locked out on local Domain Controller after switching default Exchange mail address to different domain
Originally, all of our users were on a single domain (ie. domain1.com) . After merging with a 2nd company, it was decided that we would use the 2nd domain (ie. domain2.com) as the primary company ...
- 378
0 votes
1 answer
2k views
What are the rules regarding casing of values for environment variable USERNAME in Windows?
One of my customers says that in his AD usernames have mixed case sometimes and besides that, that people are able to successfully login using another casing of usernames. So there might be an ...
0 votes
0 answers
256 views
Cannot log into windows 10 pro with static IP address and no internet access
I recently purchased a computer for a project at work. The OS is Windows 10 Pro. The computer asked for my Microsoft account while I was setting it up for the first time. I thought this was weird but ...
- 101
1 vote
1 answer
6k views
IIS: Change Default Domain Controller For Windows Authentication
Please bear with me, I am a software developer and know little of Active Directory and Windows Server domains. I am running a .NET MVC intranet application on IIS (Windows Server 2016 Standard) that ...
- 113
0 votes
1 answer
542 views
IIS Windows Authentication : IE not choosing the right certificate
I am trying to setup an intranet website (osTicket ticketing solution). I want my users to connect automatically to the website, so they don't have to fill their credentials. For this I have : Created ...
- 1
1 vote
0 answers
608 views
Cannot use integrated security with netcore app on iis installed as a web site
I have a little test project in netcore (2.1.401) that returns the logged in user via CNTLM. I deployed it to an IIS server following [this guide]. I also added the website to the hosts file. If I ...
- 1,211