When logging into Citrix XenApp web interface, it gives the error "an authentification failed".
I'm sure I'm logging in with the correct Windows login credentials. The account that I'm logging in with also has admin privilages. I've also tried using the domain login credentials, but this gives the same error.
Check the logs, Start> Admin Tools > Event Viewer > Application
Look for events with source "Citrix Web Interface"
Related
I have a working ASP.NET MVC web app I developed with Entity Framework with a database-first approach. The database was already existing. When I run it in Visual Studio, everything works fine.
I then published the site and setup an IIS web site on my computer for it. Pages that do not require data work fine. But the site cannot access the database. I have tried creating a mixed mode SQL Server id, changing the odbc connection to login as the admin user, and adding the IUSR user to SQL Server. No luck.
How can I get the local site to access the database from IIS just like it does through IIS Express?
Here is the error page:
Server Error in '/' Application.
Cannot open database "PVS" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\PVS'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Cannot open database "PVS" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\PVS'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Cannot open database "PVS" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\PVS'.]
I am setting up service broker between two servers. The environment I am implementing this does not have a domain.
The two SQL servers service run under "NETWORK SERVICE"
I am getting following error message
Service Broker login attempt by user 'NT AUTHORITY\ANONYMOUS LOGON.' failed with error: 'Connection handshake failed. The login 'NT AUTHORITY\ANONYMOUS LOGON' does not have CONNECT permission on the endpoint. State 84.'.
If I add NT AUTHORITY\ANONYMOUS LOGON to SQL server and grant the connect permission then everything works fine.
I am not sure granting the permission to NT AUTHORITY\ANONYMOUS LOGON is a good idea.
A little bit of Google research tells me, I need to configure SPN for Kerberos but I have no knowledge to do that.
Can you help, or direct me to a good article to refer please?
Configuration
SQL 2008 R2 and Windows 2008
I have come across this issue before also.
This guide got me through it. If you're not an AD admin you might need to get your server guys involved.
guide to fix double hop issue
I am setting up service broker between two servers. The environment I am implementing this does not have a domain.
Then you should use Certificate based authentication instead of Windows:
CREATE ENDPOINT [broker]
STATE = STARTED
AS TCP (LISTENER_PORT = 4022)
FOR SERVICE_BROKER (
AUTHENTICATION = CERTIFICATE [MyCertName]);
The setup is quite complex, as it involves exchanging certificates between the hosts, creating logins and users to map to the other host and granting endpoint connectivity. And you'll then need to also do the dialog security layer. You can read here How does Certificate based Authentication work, and this blog explains step by step how to do it: A simple secure dialog with transport certificates.
Note that even though the error message is about anonymous logon, this is not a Kerberos 'double-hop' issue (better known as constrained delegation).
I have asp web page application with Integrated Windows authentication checked on IIS and cleared the Anonymous Access box. From Advanced windows authentication I have Enable kernel-mode authentication checked.
Application pool runs with admin domain user and integrated mode.
When user clicks on some web page inside this app, I can see from log that domain user name is send to server and also I have values in Request.ServerVariables("AUTH_USER").
Everything fine, as it should be. I can see which user access application.
Now, the web page also access SQL database.
I have connection string, like:
"Provider=SQLOLEDB.1;Integrated Security=SSPI;..."
But when I access database, i get the following error:
Microsoft OLE DB Provider for SQL Server error '80040e4d'
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
How can i say, that connection to the sql server is made with app pool account and not anonymous?
i think that if you check the config file of the web site for the identity tag you will find it set as follow:
<identity impersonate="true"/>
in your configuration it should be:
<identity impersonate="false"/>
this way you tell iis to not impersonate whoever is logged on remotely via web but to use the account specified in the application pool.
here is a page with a brief description of the topic.
After 2 days of testing, i have finally manage to make it work.
There are two forms of impersonation:
"identity impersonate=false" is for application to run in the context of user or user defined in app pool.
But there is also impersonation for application pool to use the user to access the resource on disk. It is under Basic settings and Connect as.
Default is pass-through authentication.
I don't know what it has to do with access to external database, but after set this to the same user of app pool, everything works now.
I hope it will help somebody.
I have 2 web applications on the same web server (IIS 7.5 on Windows Server 2008) that connect to the same database(on a separate server). Both applications use the same connectionstring and both use the same application pool. The app pool uses a custom account for the App Pool Identity. One site works just fine but the other site gets "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON" as soon as it attempts to connect to the database. Any suggestions on what the problem may be?
I found the problem. In IIS, under the site's Authentication settings, I had to disable "ASP .NET Impersonation".
I am accessing my server through remote desktop connection and have configured a webservice in IIS. I am able to see the methods but when I click on the button to "Invoke" I get the following error:
System.Data.SqlClient.SqlException: Login failed for user 'SOLDev\Server02$'.
at ShareWare.Web.Service.WebAPI.Reservation.GetInfo()
Why is it taking the machine name as the user?
My windows authentication user is User1Dev.
Also my directory security in IIS is setup as follows:
Option "Enable anonymous access" -- it's disabled
Option "Integrated Windows Authentication" -- checked off
I am using .NET framework 2.0
Your web service connects to the SQL using Windows authentication as the principal running the service. In this case it appears to be BUILTIN\System or BUILTIN\Network Service, both of which authenticate in the domain as the machine account, ie. 'SOLDEV\Server02$' which corresponds to a machine named Server02 in the domain SOLDEV.
If you wish to authenticate on the SQL Server with your own login, then the IIS must flow the authentication information, in a process called Constrained Delegation. See Configuring Constrained Delegation for Kerberos (IIS 6.0). or How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0.
If you want the web service to authenticate to SQL Server as itself, then you must grant login permission to the web service principal on SQL: CREATE LOGIN [SOLDEV\Server02$] FROM WINDOWS.
It's because the web service is running as the Network Service id, not as the logged in user. You probably also need to have <identity impersonate="true" /> in your web config if you are planning to use the user's credentials to connect to SQL Server.