MVC4 deployed to remote IIS 7.5, gives 401.2 error when accessing sql server

Question

Development of an MVC site to handle tracking data. Target is to use MVC4 and deploy to a Windows 2008 R2 Server running SQL Server 2008 and IIS 7.5. This is run in a domain.

Original setup, which worked, was a development machine using Visual Studio 2012.2 running Windows 8, IIS 8 (not express), and talking to the remote SQL server. Development did not occur using Developer Server. I was able to connect to the the website, run anything, etc. without apparent issue in any logs.

Problem has happened since deployment to the 2008 server and onto IIS 7.5. Using DefaultAppPool mapped to ApplicationPoolIdentity , I created a Web Site with Binding *:80 and attached the deployment. Settings are:

Application pool: DefaultAppPool
.Net Framework Version: 4.0
Pipeline Mode: Integrated
Pass-through authentication.

Test Settings shows message "The application pool identity is valid." I add a Virtual Directory to the Web Site and Test Settings shows same message. I convert the Directory to an Application and Test Settings now shows error message "Invalid application path". If I use my own credentials then Test Settings it shows valid.

From IIS on remote server Web Site->Application->Actions->Browse *:80 I receive my home page automatically. Browsing to a page the includes a call to the sql server gives me an error 401.2, which traces to a 404 on a remote machine.

I have Windows Authentication installed on the IIS server, I created login in SQL for IIS AppPool\\DefaultAppPool . I added the same to access as a user db_reader and db_writer in the database. I added the identity to read/write and execute permissions for the virtual directory for the website.

I have read everything I can find in my searches on this and everything says the problem is Windows Authentication not being installed or needing to run aspnet_regiis -i ... but I did all of it! I am certain this is a configuration issue but I just can't figure it out and have exhausted myself trying to fix this for the last two days.

Web.config sections as follows:

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <configSections>

    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 --></configSections>
  <appSettings>
    <add key="webpages:Version" value="2.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5">
      <assemblies>
        <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </assemblies>
    </compilation>
    <httpRuntime targetFramework="4.5" />
    <authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>
    <pages>
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
    <identity impersonate="true" />
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="TestAsyncHttpHandler" />
      <add name="TestAsyncHttpHandler" path="*.svc" verb="*" type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /></handlers>
        <modules>
            <remove name="WebDAVModule" />
        </modules>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.4.0.0" newVersion="5.4.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.4.0.0" newVersion="5.4.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Spatial" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.4.0.0" newVersion="5.4.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
  </entityFramework>
  <connectionStrings>
    <add name="PerfTrendDataEntities" connectionString="metadata=res://*/Models.PerfTrendDBModel.csdl|res://*/Models.PerfTrendDBModel.ssdl|res://*/Models.PerfTrendDBModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=perftrenddb;initial catalog=PerfTrendData;integrated security=True;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="TrendRestServiceBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="PerformanceTrendDB.Web.SubmitResults.TrendRestService" behaviorConfiguration="TrendRestServiceBehavior">
        <endpoint name="BasicHttp" address="basic" binding="basicHttpBinding" bindingConfiguration="FileUploadConfig" contract="PerformanceTrendDB.Web.SubmitResults.ITrendRestService" />
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="FileUploadConfig" transferMode="StreamedRequest" />
      </basicHttpBinding>
    </bindings>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
</configuration>

All of this configuration works on the IIS 8 on my development box, I am not sure if there should have been much of a difference with moving to IIS 7.5, I am fairly certain it has to be an issue with communicating to the SQL server from the new machine.

EDIT: Added Log File and Trace File

Flow of operation, open website and click the ManageUsers link. Manage users loads then the api call fails. Looks like a lot of errors are happening from browser attempts to use anonymous initially, then logs in with credentials... so two errors in configuration to fix it looks like.

Log Files Shows:

2013-10-16 03:05:37 10.23.34.146 GET /PerformanceData - 80 - 10.24.158.125 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/30.0.1599.69+Safari/537.36 401 2 5 609
2013-10-16 03:05:39 10.23.34.146 GET /PerformanceData - 80 AMR\gjmason 10.24.158.125 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/30.0.1599.69+Safari/537.36 200 0 0 2281
2013-10-16 03:07:01 10.23.34.146 GET /PerformanceData/Home/ManageUsers - 80 - 10.24.158.125 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/30.0.1599.69+Safari/537.36 401 2 5 15
2013-10-16 03:07:01 10.23.34.146 GET /PerformanceData/Home/ManageUsers - 80 AMR\gjmason 10.24.158.125 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/30.0.1599.69+Safari/537.36 200 0 0 484
2013-10-16 03:07:03 10.23.34.146 GET /perftrenddb/api/UserManagement - 80 - 10.24.158.125 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/30.0.1599.69+Safari/537.36 401 2 5 1015
2013-10-16 03:07:03 10.23.34.146 GET /perftrenddb/api/UserManagement - 80 AMR\gjmason 10.24.158.125 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/30.0.1599.69+Safari/537.36 404 0 2 296

Trace Files shown in condensed snippets:

Summary (1st error)
Url: http://perftrenddb:80/PerformanceData/Home/ManageUsers 
App Pool: DefaultAppPool 
Authentication: NOT_AVAILABLE 

Summary (2nd error - same details)
Url: http://perftrenddb:80/perftrenddb/api/UserManagement 
App Pool: ASP.NET v4.0 Classic 
Authentication: NOT_AVAILABLE 

Summary (3rd error - from a STATUS_CODE 404)
Url: http://perftrenddb:80/perftrenddb/api/UserManagement 
App Pool: ASP.NET v4.0 Classic 
Authentication: Negotiate 

So three things?

1. Attempts to log in as anonymous user, or is that the Impersonation attempt? Normal?
2. ( Fixed, see Solution 2 ) The api calls are going to http://perftrenddb:80/perftrenddb/api/UserManagement , not the way I set it up and not the way it ran on my local machine.
3. The App Pool changed to Classic rather than DefaultAppPool which used Integrated Pipeline, is that a problem?

I can answer the second and third error traces, since that one is in the JS file. It was my fault when I had made it to work in the development environment (this is my first foray into web development, I normally stick to application libraries!). I do have a solution for that part... it has gotten my web site working, although I am still getting the error/traces on the first issue and the App Pool changeover that I don't understand.

I hate weird issues I don't understand so any insight into fixing the 401.2 anonymous login issues would be great!

Solution 2 To fix the context prefix for us noobs out there that hard coded our virtual directory names there is a fix that eliminates the Developer Server/IIS Express/IIS deployment issues.

Add this to your _Layout.cshtml or master page:

    <script type="text/javascript">
        var config = {
            contextPath: '@Url.Content("~")'
        }
    </script>

Then in your JS file add:

var apiUri = config.contextPath + "api/MyWebApi";

Where MyWebApi is the name of the API Controller you are accessing. And you can now call your getJSON with no problems, ie

$.getJSON(apiUri, null).success( /* Your code */ );

Answer 1

As far as i have understood, i can see in the microsoft sites that 401.2 error is because

Authentication was not attempted because the server and client could not agree on an authentication protocol

Also i can guess that there might be problem with permissions also.

you can use the following tools provided by microsoft to diagnose the issue

Authentication and Access Control Diagnostics 1.0

IIS Diagnostics Toolkit

Hope this might be helpful to some one who are facing the same issue.