IIS 7.5 Windows Authentication failed with 401

Question

Since we moved from IIS 7.0 to IIS 7.5 the Windows Authentication doesn't work anymore from remote requests. If I open the website on the webserver everything works fine.

web.config:

<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
        <deny users="?" />
        <allow users="*" />
</authorization>

IIS Settings:

Authentication (enabled): ASP.NET Impersonation, Windows Authentication (all others are disabled)
ApplicationPool: Managed Pipeline Mode -> Classic, Identity -> ApplicationPoolIdentity

Failed Request Trace:

MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName: WindowsAuthenticationModule
Notification: 2
HttpStatus: 401
HttpReason: Unauthorized 
HttpSubStatus: 1
ErrorCode: 2148074254 
ConfigExceptionInfo:  
Notification: AUTHENTICATE_REQUEST
ErrorCode No credentials are available in the security package (0x8009030e) 

Any suggestions?

Answer 1

We had a two-hop problem I think. If I move our SQL/Oracle DB to the server which is running IIS it works.

So here is an article to which describes a solution.

How to configure SQL and IIS for two hop kerberos authentication 2

or SSRS Reportviewer ASP.NET Credentials 401 Exception

Thanks

Answer 2

Which client are you using? you might be running a client that is trying to pre-authenticate, but in IIS 7 we use Kernel Mode authentication by default which requires a challenge. If that is the case you can disable Kernel Mode auth by selecting the Windows Authentication entry and clicking Advanced Settings, you should see a checkbox that allows you to Disable that for the specific application and it should work if this is the problem.