2 Replies Latest reply on Aug 19, 2015 11:43 AM by carlos

    http authentication fails when setting up Preferred Server

    carlos Expert

      I been following this doc

      How to set up a Preferred Server in IIS 7.5

      I have set it up with anonymous authentication. leaving the IUSR as specific user, this work well in network and via CSA  (I added the local IIS_IUSR as well)


      Can some one explains how steps 7 and 8 work? (I do not understand when is necessary to change the specific user and when to use Application Identity)

      7. In the Actions pane, click Edit to set the security principal under which anonymous users will connect to the site (Do I need to change this)

      8. In the Edit Anonymous Authentication Credentials dialog box, select one of the following options:--  Specific user, ( IUSR )--  Application pool identity, if you want IIS processes to run by using the account that is currently specified on the property page for the application pool. By default, this is the Network Service.

      Now, as mentioned by Davidg5700 on this tread Software Distribution using CSA

      leaving the system configured this way (anonymous) leaves the directory open to anyone, so I changed the anonymous to basic.


      This makes the Software Distribution Task to use the Credentials entered in the preferred server, before I had my core set as the preferred server so the directory and credentials worked just fine) I found that is better to NOT use the core as a preffered server so I'm trying to use one of my domain machines for this.

      Following this Doc  How to configure a Preferred Package Server

      So I created a folder/structure exactly as in my Core (name and directory structure as the source referenced in the distribution package) the UNC works.

      Do I need to share this directory?

      Which credentials this screen is referring to? It says read credentials necessary to manage nodes to download files from the server, what does this means?


      I have tried my admin credentials on this, I can get to the UNC but can not get to the HTTP


      Then I shared the directory on the preferred server and granted me access, but still get the same error.

      Please If some one can help me with this, I been doing my homework but still can't get it to work, I'm missing something?



        • 1. Re: http authentication fails when setting up Preferred Server

          When you enabled anonymous access you must specified with which user anonymous users will connect. For this you can use a specific one or just the identity of the application pool.

          The difference is simplified the user. Every application pool is running under an identity (user).


          From my understanding you have two options.

          a) Just create a virtual directory, point it to the SWD folder. Enable anonymous access, IUSR is fine or create a specific one. Make sure that this one has the right to access the directory.

          Under this curcumstances everyone will allowed to access the swd depot. (not recommended if you ask me) and you can not validate against preferred server as you are setting username and password here.


          b) Just create a virtual directory, point it to the SWD folder. Set access to Windows Authentication. Make sure that the user/password under the preferred server has rigths to access the directory.

          Enable directory browsing on the virtual directory. (This should do the trick) and you can validate the credentials over preferred server.


          Hope this helps

          • 2. Re: http authentication fails when setting up Preferred Server
            carlos Expert

            Thank you Juan, I really appreciate your help.