Access to console remotely throws a 401 Unauthorized error - 401.1 error
search cancel

Access to console remotely throws a 401 Unauthorized error - 401.1 error

book

Article ID: 154309

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Accessing the console remotely causes 401 Unauthorized error page. IIS logs show 401 1 (401.1) error.

Windows Security event logs show successful authentication from remote IP

Other problem could be:

Continually prompted for credentials when trying to get into the console.  This happens both at the server and from a remote console.

Environment

ITMS 7.x, 8.x

Cause

Windows Authentication does not seem to properly function between IIS and Windows.

This seems to be an issue caused by IIS settings to use kernel mode authentication.

Resolution

Disable the kernel mode authentication for Windows Authentication on the Altiris website.

  • Start the IIS manager and go into Sites > Default Web Wise > Altiris
  • On the /Altiris Home configuration page, pick IIS >  Authentication
  • On the Authentication page select  "Advanced Settings..." for "Windows Authentication"
  •  On the Advanced Settings dialog disable (uncheck) "Enable  Kernel-mode Authentication"
  • Run iisreset (with elevated privileges) and connections should now authenticate properly from remote locations/computers to the console

Note! Turning off kernel mode authentication will break IT Analytics.  Microsoft KB  http://support.microsoft.com/kb/2749007 offers two workarounds to this problem -  "disable Pre-Authentication in Internet Explorer, or turn off Kernel Mode Authentication for the IIS Web application".

To "disable Pre-Authentication in Internet Explorer" add the following registry value to the computer that you are opening the console on: 

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/

Value Name: DisableNTLMPreAuth
Data Type: REG_DWORD
Value: 1

 

Powered by Wolken Software