Forum Discussion
mertyucel
Sep 13, 2024Copper Contributor
Strange problem on windows 2022 server standard
hi all
we same 2 administrators in our server 2022 with IIS. one of them is default user administrator which is used by me. the other one is my padawan's account. in this configuration we created some web sites under different domains. every site is using different nt user. everything seems ok. but with this configuration then I test the user settings of a site under basic settings I got the error below but site is working.
The user name or password is incorrect. (Exception from HRESULT: 0x8007052E)
my padawan does the same .. now it says ok. why is this is happening in 2 admin setting.
we've another server exact same configuration but only with default admin, everything works as it should be.
I tested the issue with another server ... everything was perfect until I created the second admin and start doing things with.
samething replicated with windows 2019 too. while Im getting these errors websites are working flawlessly in all occasions.
any one has an idea about whats going on... ???
- kyazaferrSteel Contributor
Admin Privileges and Permissions
Since you are using two administrators on the same IIS server (the default administrator account and your padawan's account), there may be differences in permissions or the way IIS is interacting with these accounts.
- Double-Check Permissions: Ensure both admin accounts have the correct permissions for managing the websites in IIS. Sometimes, IIS might fail to authenticate the user if the permissions are misconfigured for one of the accounts.
- UAC (User Account Control): UAC can behave differently when there are multiple administrator accounts. It may be that the padawan’s account, while an admin, doesn’t have the same privileges as the default administrator account. Check if UAC is causing issues for one of the admins.
- Try running IIS Manager as an administrator for both accounts, and see if the issue persists when logged in with each account.
2. Stored Credentials
The error suggests an authentication issue, likely due to saved or incorrect credentials being used for accessing IIS or websites.
- Clear Saved Credentials: It's possible that the Windows Credentials Manager has saved credentials that are being used by one of the administrator accounts when trying to test the user settings. Check both accounts' credential managers for any saved IIS or site-specific credentials and remove them if necessary.
- Try Different Logins: If you are testing using different usernames or service accounts for each site, verify that each username and password is correctly set and being used in IIS.
3. IIS Configuration for Authentication
Since you mentioned that the sites are configured to use different NT users, check the following:
- Authentication Settings: Make sure the correct authentication settings are configured for each site. Verify that Windows Authentication is enabled and the credentials for the NT user accounts are properly set up for each site.
- AppPool Identity: Ensure that the AppPool Identity under which the sites are running has sufficient permissions. Sometimes, if the application pool identity is different for the two administrators, it can lead to issues in authenticating users even if the site is functional.
- Try configuring the Application Pool Identity for the sites to use a specific user account and test again.
4. IIS and Kerberos Authentication
If Kerberos authentication is being used for authentication on IIS, the issue could be related to Kerberos ticket validation between multiple administrators. The error you're seeing might be tied to how IIS and the domain controllers handle ticketing and authentication when there are multiple administrators.
- Check Kerberos Configuration: Ensure that Kerberos authentication is correctly configured, and there are no conflicts with multiple admin accounts in the domain. Look into whether your setup uses delegated permissions for the administrator accounts, as this could cause authentication issues if misconfigured.
5. Differences in Server Configuration
You mentioned that everything works on the server with just the default admin, and issues occur when you add the second admin. This suggests that something related to the user profiles or group policies on the second admin account might be affecting IIS configuration.
- Compare Group Policies: Check if there are any Group Policy Objects (GPOs) that are being applied to the second administrator account differently than to the default administrator account. It’s possible that security settings or policies specific to admin accounts are conflicting with IIS authentication.
- Profile Issues: Try creating a new administrator account and see if the issue persists. This will help rule out whether there is a specific issue with your padawan's account or profile.
6. Check Event Viewer Logs
Review the Event Viewer logs for any related errors. Look under:
- Windows Logs > Application for any IIS or authentication-related errors.
- Security Logs for any failed logins or access issues.
These logs may provide more specific details on what is causing the authentication failures.
7. Test with Local Users
Since each site uses different NT users, ensure that the NT users have the correct permissions on the server. It might be helpful to test the login with local users or service accounts that are part of the IIS_IUSRS group to see if that resolves the issue.
Summary Checklist:
- Verify permissions for both administrator accounts.
- Check UAC settings and ensure IIS is being run with administrator privileges.
- Clear stored credentials from Windows Credentials Manager.
- Review IIS authentication settings and app pool identities.
- Ensure proper configuration of Kerberos or NTLM authentication for multiple users.
- Compare Group Policies applied to the admin accounts.
- Review Event Viewer logs for specific authentication or IIS-related errors.