Login fails for some users IIS Windows Authentication from other domain
Question
I have an IIS set up in a domain A, on let's call it the process network . We are using windows-authentication and in this environment everything works as it should.
But we also have users on an office network set up in domain B. There is no trust between the domains, but there is an opening between the networks so they can reach the site. For most users in domain B everything works as expected, when they try do log in they are prompted for the Domain A credentials and then logged in.
However some users are unable to log in. They get prompted to supply credentials as expected but when they do they are denied (3 tries followed by a 401), due to:
Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a
Above is taken from IIS event log.
I know for sure the user name is valid, and that the password is correct. I have not tried for all these users, but for some. I have tried to login using my credentials from a user's computer that cannot login, and it worked. So it doesn't seem like it's a client issue.
An interesting side note is that the users having trouble are on geographically different locations than the IIS. I have not received any problems from office network -users from the same region as the IIS is located.
EDIT: The users have changed password after the reset, so i shouldn't be becuase of expired password.
1 answers
solution1
1 2013-02-26 12:04:04
You must establish a two-way domain trust in order to make Kerberos work. Everything else will fail as you see in your logs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.