This weekend while I was creating a publishing rule for an IIS webpage on our TMG server I noticed a strange behaivour on the IIS server. When you try and open the page through a web browser you get an http authentication window and after you enter your credentials the same http authentication window popups again. After the third iteration the server reports 401 Unauthorized: Access is denied due to invalid credentials.
The problem was solved by changing the order for the authentication mechanisms. We had Negotiate above NTLM and the server had trouble authenticating the users.
To change the order you have to do the following:
- Open IIS and select the website (or directory) that is causing the 401
- Open the “Authentication” property under the IIS header
- Click the “Windows Authentication” item and click Providers
- Change the order and put NTLM on top.
After the change open Command Prompt and do a iisreset /noforce.
The error should be gone and credentials should be working again.