Windows credentials prompt for users trying to login to Site Minder protected application

Document ID : KB000051444
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

A new web server was added to an existing web farm, all running web agent 6.0QMR6. The agent installed successfully and it triggers protection on the protected content, however, some users when they get served by this server, get a windows prompt just prior to their credentials being posted to the .fcc form.

Review of the transactions hitting the problematic web server showed authentication and authorization failures even though the users had sufficient privileges to access the requested protected resources:

[13:24:54][** Status: Not Authenticated. ][lab_wa][][LABNET\user1]           
[11/13/2008][13:25:30][LABNET\user1][** Status: Not Authenticated.][lab_wa][]       
[13:29:42][** Status: Not Authenticated. ][lab_wa][][LABWEB\user2]       
[11/13/2008][13:29:42][LABWEB\user2][** Status: Not Authenticated.][lab_wa][]       
[13:39:30][** Status: Not Authenticated. ][lab_wa][][LABNET\user3]       
[11/13/2008][13:39:33][LABNET\user3][** Status: Not Authenticated.][lab_wa][]  

Solution:

On analysis of the metabase of the IIS 5 web server configured for the NTLM authentication scheme it was found that the WebAgent was installed on a virtual directory that existed on the IIS 5 web server:

[/LM/W3SVC/3/Root/siteminderagent]           
{AccessFlags}       
6016="03EE","01","02","01","353137"       
{DirBrowseFlags}       
6005="06C3","01","02","01","31303733373431383836"       
{Win32Error}       
1099="031A","01","01","01","30"       
{KeyType}       
1002="0974","00","01","02","4949735765625669727475616C446972"       
{Path}       
3001="1541","01","02","02","443A5C50726F6772616D2046696C65735C6E65746567726974       
795C7765626167656E745C73616D706C6573"  

Client un-installed and re-installed SiteMinder webagent such that the siteminder agent was installed on a per server basis and the related mapping is at the server level for that IIS web server.