IWA authentication creds.ntc issues 404 error

Document ID : KB000039385
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue: 

We have 1252 sp1 cr01 policy server env. We are trying to setup IWA services on win 2008 r2 server. For this have installed webagent 1252 sp1 cr04 64 bit/.

After doing install and config I setup authen tication to anoanymous for entire siteminderagent virtual directory except the 'ntml' which setup as 'Windows authentication'.

When trying to browse a page protected by IWA it says 404 not found for /siteminderagent/creds.ntc. ]

I tried to directly browse for /siteminderagent/creds.ntc but again I get a 404 page not found.

Environment:  

-IIS 7.0, 7.5, 8.0,8.5

SSO Agent for IIS R12.0 - R12.52 SP2

Resolution:

While reviewing the IIS Error log in detail we found the following.

2016-01-27 15:32:12 30.135.160.107 GET /siteminderagent/ntlm/creds.ntc 80 - 30.120.20.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/7.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET+CLR+1.1.4322;+.NET4.0C;+.NET4.0E;+InfoPath.3;+MS-RTC+LM+8;+MS-RTC+EA+2) 404 70 218

Note the 404 7 at the end of the line.
Reviewing this error on MS’s website.
https://support.microsoft.com/en-us/kb/943891
Shows that 404.7 = File extension denied.
Researching “How to deny extensions in IIS 7.5” provided a link to MS’s website.

http://www.iis.net/configreference/system.webserver/security/requestfiltering/fileextensions

Based on information found on this link we found that IIS was configured to limit the allowed extensions under request filtering.

“Allow unlisted file name extensions” was unchecked.

When we selected “Allow unlisted file name extensions” the IWA Auth test was successful at testing IWA authentication.