Discussion:
ServerXMLHTTP 401 error on IIS 6
(too old to reply)
chack
2006-12-12 21:47:52 UTC
Permalink
I have a simple script (i.e. test.asp) that runs on one server (we'll
call it TESTSERVER) and tests a URL from another website hosted by
another server (we'll call it OTHERSERVER) on the INTRAnet. The test
is basically this...

<%
Response.Write "Status: " &
TestURL("http://otherserver/somefile.asp")

Function TestURL(URL)
Dim oHttp

Set oHttp = Server.CreateObject("MSXML2.ServerXMLHTTP")

oHttp.Open "HEAD", URL, False
oHttp.Send

TestURL = oHttp.Status
End Function
%>

The target URL ("http://otherserver/somefile.asp") is configured for
Integrated Windows Authentication, so I have ran the following command
on the TESTSERVER...

proxycfg -d -p " " "<local>"

If the status of TestURL is 200 or 0, then the URL is considered ok.
Here is the problem though...

When I run the test.asp script from an XP (IIS 5.0) machine it works
great and I get a Status code of 200.

If I run the same script from a 2003 Server (IIS 6.0) machine, I get
Status 401 (Access Denied). The only time it works on the 2003 machine
is if I physically login to the 2003 machine and run the following URL
in IE - http://localhost/test.asp. If I type in
http://testserver/test.asp, even from the TESTSERVER, it fails with 401
status.

I have also ran the proxycfg -d -p " " "<local>" command on the 2003
server, but this doesn't work.

So, what is it about IIS 6.0 that is different? Is there some security
policy that I'm missing? Any help on this is greatly appreciated.
chack
2006-12-14 18:01:05 UTC
Permalink
Update 1: I installed MSXML 4 on the TESTSERVER and now it works for
only one user. If I login to the test.asp script as DOMAIN\USERA, I
get a Status of 200

However, if I logon as DOMAIN\USERB, I get a Status of 401.

I can find no difference between the 2 users. Both USERA and USERB
belong to the same domain. They both belong to the Administrators
group on the TESTSERVER. I've checked all the local security policies
and found no difference between USERA and USERB.

Can anyone direct me on this?

Thanks.
Post by chack
I have a simple script (i.e. test.asp) that runs on one server (we'll
call it TESTSERVER) and tests a URL from another website hosted by
another server (we'll call it OTHERSERVER) on the INTRAnet. The test
is basically this...
<%
Response.Write "Status: " &
TestURL("http://otherserver/somefile.asp")
Function TestURL(URL)
Dim oHttp
Set oHttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
oHttp.Open "HEAD", URL, False
oHttp.Send
TestURL = oHttp.Status
End Function
%>
The target URL ("http://otherserver/somefile.asp") is configured for
Integrated Windows Authentication, so I have ran the following command
on the TESTSERVER...
proxycfg -d -p " " "<local>"
If the status of TestURL is 200 or 0, then the URL is considered ok.
Here is the problem though...
When I run the test.asp script from an XP (IIS 5.0) machine it works
great and I get a Status code of 200.
If I run the same script from a 2003 Server (IIS 6.0) machine, I get
Status 401 (Access Denied). The only time it works on the 2003 machine
is if I physically login to the 2003 machine and run the following URL
in IE - http://localhost/test.asp. If I type in
http://testserver/test.asp, even from the TESTSERVER, it fails with 401
status.
I have also ran the proxycfg -d -p " " "<local>" command on the 2003
server, but this doesn't work.
So, what is it about IIS 6.0 that is different? Is there some security
policy that I'm missing? Any help on this is greatly appreciated.
Alex Krawarik [MSFT]
2006-12-20 01:20:08 UTC
Permalink
Is the install location accessible by both domain users? For example, if you
install to "My Documents" of USERA, that location wouldn't necessarily be
accessbile to USERB.

HTH, Alex
Post by chack
Update 1: I installed MSXML 4 on the TESTSERVER and now it works for
only one user. If I login to the test.asp script as DOMAIN\USERA, I
get a Status of 200
However, if I logon as DOMAIN\USERB, I get a Status of 401.
I can find no difference between the 2 users. Both USERA and USERB
belong to the same domain. They both belong to the Administrators
group on the TESTSERVER. I've checked all the local security policies
and found no difference between USERA and USERB.
Can anyone direct me on this?
Thanks.
Post by chack
I have a simple script (i.e. test.asp) that runs on one server (we'll
call it TESTSERVER) and tests a URL from another website hosted by
another server (we'll call it OTHERSERVER) on the INTRAnet. The test
is basically this...
<%
Response.Write "Status: " &
TestURL("http://otherserver/somefile.asp")
Function TestURL(URL)
Dim oHttp
Set oHttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
oHttp.Open "HEAD", URL, False
oHttp.Send
TestURL = oHttp.Status
End Function
%>
The target URL ("http://otherserver/somefile.asp") is configured for
Integrated Windows Authentication, so I have ran the following command
on the TESTSERVER...
proxycfg -d -p " " "<local>"
If the status of TestURL is 200 or 0, then the URL is considered ok.
Here is the problem though...
When I run the test.asp script from an XP (IIS 5.0) machine it works
great and I get a Status code of 200.
If I run the same script from a 2003 Server (IIS 6.0) machine, I get
Status 401 (Access Denied). The only time it works on the 2003 machine
is if I physically login to the 2003 machine and run the following URL
in IE - http://localhost/test.asp. If I type in
http://testserver/test.asp, even from the TESTSERVER, it fails with 401
status.
I have also ran the proxycfg -d -p " " "<local>" command on the 2003
server, but this doesn't work.
So, what is it about IIS 6.0 that is different? Is there some security
policy that I'm missing? Any help on this is greatly appreciated.
Loading...