I am moving some old web applications from an old Server to a Server 2016. We are using a domain account for the application identity and we need to use windows authentication. I am getting a 401.3 error when I try a test.html page on the server. I am only getting this for static content though as I tried a home.aspx page and that page worked.
Things I have tried/checked
Static Content is installed under the Common HTTP Features
The domain account used for the app pool has full access to the directory containing test.html
Tried NTLM first as provider instead of Negotiate on IIS Windows Authentication Providers
Tried "Enable Kernel-mode authentication" checked and unchecked
Tried all settings of "Extended Protection" under Advanced settings for windows authentication.
Tried ProcMon. All I get when I filter for test.html is 2 QueryOpen operations with result SUCCESS
The solution for this was that we need to have the account that was running the application pool set up in the "Impersonate a client after authentication." Our local group policy had this locked down. I am guessing the default install may have IIS_USRS group in this policy but our server did not.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.