IIS strange NT AUTHORITY\ANONYMOUS LOGON with Chrome browsers
I need some help troubleshooting why, when using a Chrome browser user gets error Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' while using an Edge browser users do not. I have multiple web application hosted on that server, all intranet based using windows authentication with impersonation. Another strange observation, when Chrome users connect to the web app they receive this error, now if they open same site in Edge, they authenticate just fine and then on refreshing the Chrome browser they are able to authenticate in Chrome.... I have a few users that can't connect in either browser. Here is my configuration. Using IIS 10 and SQL Server. The app and db servers have Kerberos enabled using a service account. Some key IIS settings: App Pool - V4.0 Classic using service account, provisioned for Kerberos. Load user Profile is set to False Authentication: (The following are enabled) ASP.NET Impersonation - Identity to Impersonate - Authenticated User Windows Authentication - Advanced Settings Accept Extended Protection and Enable Kernel-mode auth Providers set to Negotiate then NTLM App Settings: system.webServer/security/authentication/windowsAuthentication authPersistSingleRequest = False Enabled = True useAppPoolCredentials = True userKernelMode = True Any guidance greatly appreciated. Andre Full Error: Server Error in '/' Application. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.] System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +345 System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +156 System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) +258 System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +312 System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry) +202 System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +413 System.Data.SqlClient.SqlConnection.Open() +128 GATES2._0.Helpers.CurrentReviewPeriodMonth() in C:\Users\myusername\Documents\Visual Studio 2019\GATES 2.0\GATES2.0\GATES2.0\Helpers.cs:2187 GATES2._0.Default.Page_Load(Object sender, EventArgs e) in C:\Users\myusername\Documents\Visual Studio 2019\GATES 2.0\GATES2.0\GATES2.0\Default.aspx.cs:71 System.Web.UI.Control.OnLoad(EventArgs e) +106 System.Web.UI.Control.LoadRecursive() +68 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3785 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3770.0Users get intermittent credential prompt on client browser when using IIS Windows Authentication
Users get intermittent credential prompt on client browser when using IIS Windows Authentication, after Domain Controller installed Windows Security Patch 5009557. There is a known issue for 5009557 - “After installing this update on domain controllers (DCs), affected versions of Windows Servers might restart unexpectedly.” The Domain Controller reboot intermittently will cause IIS Windows Authentication failure intermittently and thus end users will get intermittent credential prompt on client browser. The issue is fixed in patch 5010791. Install patch 5010791 on Domain Controller will address the problem stated above.
