Login fails for some users IIS Windows Authentication from other domain

1

I have an IIS set up in a domain A, on let's call it the process network. We are using windows-authentication and in this environment everything works as it should.

But we also have users on an office network set up in domain B. There is no trust between the domains, but there is an opening between the networks so they can reach the site. For most users in domain B everything works as expected, when they try do log in they are prompted for the Domain A credentials and then logged in.

However some users are unable to log in. They get prompted to supply credentials as expected but when they do they are denied (3 tries followed by a 401), due to:

Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a

Above is taken from IIS event log.

I know for sure the user name is valid, and that the password is correct. I have not tried for all these users, but for some. I have tried to login using my credentials from a user's computer that cannot login, and it worked. So it doesn't seem like it's a client issue.

An interesting side note is that the users having trouble are on geographically different locations than the IIS. I have not received any problems from office network-users from the same region as the IIS is located.

EDIT: The users have changed password after the reset, so i shouldn't be becuase of expired password.

iis
active-directory
webforms
asked on Stack Overflow Feb 26, 2013 by Henrik

1 Answer

1

You must establish a two-way domain trust in order to make Kerberos work. Everything else will fail as you see in your logs.

answered on Stack Overflow Feb 26, 2013 by Michael-O

User contributions licensed under CC BY-SA 3.0