We have an internet site containing a "hello world" .html file on IIS7 with Windows authentication turned on. The users are local machine Windows users on the web-server. For some users the site is very slow. Using fiddler2, I've tracked it down to a 15 second delay between the browser connecting and the browser beginning the initial GET request:
ACTUAL PERFORMANCE
--------------
ClientConnected: 15:28:09.737
ClientBeginRequest: 15:28:24.750
ClientDoneRequest: 15:28:24.750
...
The site then responds with a HTTP 401, the browser responds immediately with a second GET request (presumably with the relevant authentication token) that comes back with a HTTP 200 straight away.
The issue happens regardless of which machine I access it from. The issue only occurs in IE though (v6 – v8), Firefox and Chrome work fine.
On my machine, using the IP address of the site rather than the DNS name solves the issue, that does not solve the issue for everyone else though.
I have tried making the config change on this article, it didn't fix it.
Any ideas?
Best Answer
I had a similar situation with a client. The domain controllers were misconfigured (in NT4 mode), and IE had the "Enable Windows Integrated Security" option checked.
What IE does when in Windows Integrated Security mode is it tries the request with a Windows 2000+ mode AD/Kerberos ticket. When the web server fails to authenticate the ticket, it fails back to NTLM.
You have 3 options.
Unfortunately, in my situation, I had to go with option #2 because of the egos involved, but it worked exceptionally well.