Iis – Windows authentication does not work after reboot

iisiis-7

I have a strange issue on IIS7 running on Windows 2008 (Domain Controller).

We have a website and we set to use "Windows authentication" only. So, all other authentication methods are disabled.

When the Windows server rebooted, users cannot login, and got 401 error.

But, if I restart the IIS server, it works fine … until the next reboot.

Here is the logging when it does not work. I tested from "localhost", logged in directly in the server:

#Date: 2012-10-26 09:06:00
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2012-10-26 09:06:00 10.224.14.147 HEAD / - 80 - 10.224.15.85 - 401 2 5 855
2012-10-26 09:06:20 10.224.14.147 HEAD / - 80 - 10.224.15.85 - 401 2 5 0
2012-10-26 09:06:50 10.224.14.147 HEAD / - 80 - 10.224.15.85 - 401 2 5 1
2012-10-26 09:07:20 10.224.14.147 HEAD / - 80 - 10.224.15.85 - 401 2 5 0
2012-10-26 09:07:31 127.0.0.1 GET /service.dll - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) 401 2 5 129

As you can see above, it looks like the IIS7 received "anonymous" authentication

When it does work, after restarting IIS7:

#Software: Microsoft Internet Information Services 7.0
#Version: 1.0
#Date: 2012-10-26 09:12:11
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2012-10-26 09:12:11 127.0.0.1 GET /service.dll - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) 401 2 5 339
2012-10-26 09:12:11 127.0.0.1 GET /service.dll - 80 THESERVER\John 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.0;+Trident/4.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) 200 0 0 315

As you can see above, the IIS7 picked up THESERVER\John account who accessed.

Anyone could think any possible issue?

Best Answer

Sounds like a problem with IIS starting before netlogon.

First thing you should do is try setting IIS to delayed start, and failing that, you can create a quick script to restart IIS a minute or two after the machine boots. Hacky, but effective.

Related Topic