Only one user unable to authenticate against AD using Windows Authentication on a .NET 4.0 web application on iis7

Question

Only one user unable to authenticate against AD using Windows Authentication on a .NET 4.0 web application on iis7

We are having a problem where one user is unable to authenticate using Windows Authentication. The site is configured to allow "All Users" to access the website and I have confirmed that this user is a member of the "Domain Users" group in AD.

Looking at this users group membership side by side another user, they are identical. However if I copy the user and test with the new account, it also can't use the windows auth.

Any help at all in figuring out why just this one user can't authenticate would be greatly appreciated.

I apologize if I left any important details out; I'm a developer and I don't know much about server administration or networking. The biggest problem is that I don't know the right question to ask to debug this thing I'm sure.

Update, from the server log on this failure:

Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a

I am 100% certain the username/password are correct.

active-directory

iis-7

windows-authentication

asked on Server Fault Feb 4, 2014 by

Chronos • edited Feb 4, 2014 by

Chronos

2 Answers

This are the most common causes:

username and password is correct BUT contains national characters like łóżźęą or other special things. I observed sometimes this fails. In other words try a completely different password.
username is more than 20 chars. double check User properties what is the pre-win2000 login.
username and password is correct however the account has expired. Check appropriate properties tab in AD. Account may look like active but it is not. It is NOT disabled. Just expired.
type password in the username field to be 100% sure You are typing what You think You are typing (wrong keyboard settings !)
account locked due to incorrect login attempts. Depending on policy it may not unlock itself. double check if it is not locked.
reset the password from each AD controller and check if it helps. Sometimes for some unknown to me reasons a password was not replicated across AD and just resetting it helps from a different AD controller.
check DisableLoopbackCheck key workaround - sometimes it helps: http://support.microsoft.com/kb/896861

answered on Server Fault Feb 4, 2014 by

Bartłomiej Zarzecki • edited Feb 4, 2014 by

Joel Coel

We have had issues like this before where it works with another user but if we copy the bad user for a test account it doesnt work. The end result is creating a new user for that person. Just make sure you copy a user that is working and create his username differently than his original.

ex. Name- james smith Windows login - jsmith

New Windows login - jasmith

Hope that helps, its not a fix but its a great work around

answered on Server Fault Aug 26, 2016 by

Anleth

User contributions licensed under CC BY-SA 3.0