Thursday, May 14, 2009

When using IIS 6.0 with Integrated Security, get Access Denied from IE 6.0

This happened when setting up SQL Server Reporting Services.  It has many different places where you can tell the applications to run as a service.  My administrator gave me an account for running my SQL Services: MYDomain\SQLAgentSrvc

After setting up my applications, I setup new App Pools for each site and I used the same account to run them.

When opening the site with IE 6.0/7.0 I got the popup window for authentication and normally it passes through for NTLM.  So, I tried FireFox and it logged me in just fine.  I found a web page that suggested a couple tools to help solvle this "Access denied in Internet Explorer" issue.

In my research I found two tools that helped me to figure this out:

Fiddler 2:
This helped me to see what FireFox was doing to make it work and what IE was doing that wasn't working.  In the captures I noticed that FireFox was using straight NTLM and IE was using Kerberos. 

And

Microsofts Authentication and Access Control Diagnostics 1.0 (AMD64)
This helped me to see some issues with the active directory account that I was running the AppPools as, especially when tested the Kerberos Configuration. 

So, I changed the account that the Applicaiton pools ran under to "Network Service" and poof.  Issue was fixed.