UIM iis probe reporting 401 error for localhost
Article ID: 112269
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
iis probe is reporting the following in iis probe debug logs
The same is reported if we use localhost in config for health check
In the iis probe "localhost' is used as the hostname to monitor the local IIS server to skip the performance authentication.
Aug x 11:11:40:311 [5744] iis: [localhost] DBG: Rebuilt URL to: http://abcdxxxx/
Aug x11:11:40:311 [5744] iis: [localhost] DBG: timeout on name lookup is not supported
Aug x 11:11:40:311 [5744] iis: [localhost] DBG: Trying xxx.xx.x.xx...
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: Connected to wgdag1sccmss1 (xx.x.xx.xx) port 80 (#0)
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < HTTP/1.1 401 Unauthorized
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Cache-Control: private
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Content-Type: text/html; charset=utf-8
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Server: Microsoft-IIS/8.5
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < WWW-Authenticate: Negotiate
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < WWW-Authenticate: NTLM
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < X-Powered-By: ASP.NET
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Date: Mon, 06 Aug 2018 23:11:40 GMT
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Connection: keep-alive
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Content-Length: 5943
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: <
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: Connection #0 to host abcdxxxx left intact
Aug x 11:11:40:326 [5744] iis: CheckHttpResponse - Redirected to http://abcdxxxx/ with ret_code = 401 in redirects = 0 ,SSL Certificate Error Code = 0
Aug x 11:11:40:326 [5744] iis: localhost - Error: CheckResponse failed, Error code: 401
Aug x 11:11:40:326 [5744] iis: HeaderChunk: Size = 279, Content:
Aug x 11:11:40:326 [5744] iis: HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, xx Aug 20xx 23:11:40 GMT
Connection: keep-alive
Content-Length: 5943
Manually browsing to either URL (hostname or localhost) works fine
localhost displays the default IIS landing page, hostname ask for credentials and then displays the landing page.
The same is reported if we use localhost in config for health check
In the iis probe "localhost' is used as the hostname to monitor the local IIS server to skip the performance authentication.
Aug x 11:11:40:311 [5744] iis: [localhost] DBG: Rebuilt URL to: http://abcdxxxx/
Aug x11:11:40:311 [5744] iis: [localhost] DBG: timeout on name lookup is not supported
Aug x 11:11:40:311 [5744] iis: [localhost] DBG: Trying xxx.xx.x.xx...
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: Connected to wgdag1sccmss1 (xx.x.xx.xx) port 80 (#0)
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < HTTP/1.1 401 Unauthorized
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Cache-Control: private
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Content-Type: text/html; charset=utf-8
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Server: Microsoft-IIS/8.5
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < WWW-Authenticate: Negotiate
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < WWW-Authenticate: NTLM
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < X-Powered-By: ASP.NET
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Date: Mon, 06 Aug 2018 23:11:40 GMT
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Connection: keep-alive
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Content-Length: 5943
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: <
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: Connection #0 to host abcdxxxx left intact
Aug x 11:11:40:326 [5744] iis: CheckHttpResponse - Redirected to http://abcdxxxx/ with ret_code = 401 in redirects = 0 ,SSL Certificate Error Code = 0
Aug x 11:11:40:326 [5744] iis: localhost - Error: CheckResponse failed, Error code: 401
Aug x 11:11:40:326 [5744] iis: HeaderChunk: Size = 279, Content:
Aug x 11:11:40:326 [5744] iis: HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, xx Aug 20xx 23:11:40 GMT
Connection: keep-alive
Content-Length: 5943
Manually browsing to either URL (hostname or localhost) works fine
localhost displays the default IIS landing page, hostname ask for credentials and then displays the landing page.
Environment
uim 8.51
iis 8.5
iis probe 1.91
perfmon 1.63
os win2012r2
iis 8.5
iis probe 1.91
perfmon 1.63
os win2012r2
Resolution
Option 1 :The suggested format as below of the username worked ok
1. Put local host in "Host name or IP address" field
2. put domain name\username in username field
3. keep the "Domain" field as blank(please do not fill anything)
4. Check the "Windows" check box
Note: If windows authentication is enabled on IIS server then user must provide user & password in windows authentication section.
Option 2: anonymous authentication not enabled - by setting this in IIS, the domain name entry is no longer required
Anonymous access should be there on IIS server
Anonymous access, the most common web site access control method, allows anyone to visit the public areas of a web site while preventing unauthorized users from gaining access to a web server's critical administrative features and private information. Anonymous authentication gives users access to a web site without prompting them for a user name or password. When a user attempts to connect to a public web site, the web server assigns the user to the Windows user account called IUSR_computername, where computer name is the name of the server on which IIS is running.
For more details please follow this url:
https://helpx.adobe.com/dreamweaver/kb/anonymous-authentication-iusr-account.html
Also can check if anonymous-authentication is enabled on server where IIS is installed and enable is not already enabled
1. Go to control panel
2. Go to administrative tools.
3. Click on IIS Admin
4. Find the website.
5. Click on Authentication.
6. Enable Anonymous Authentication.
7. Restart the website.
1. Put local host in "Host name or IP address" field
2. put domain name\username in username field
3. keep the "Domain" field as blank(please do not fill anything)
4. Check the "Windows" check box
Note: If windows authentication is enabled on IIS server then user must provide user & password in windows authentication section.
Option 2: anonymous authentication not enabled - by setting this in IIS, the domain name entry is no longer required
Anonymous access should be there on IIS server
Anonymous access, the most common web site access control method, allows anyone to visit the public areas of a web site while preventing unauthorized users from gaining access to a web server's critical administrative features and private information. Anonymous authentication gives users access to a web site without prompting them for a user name or password. When a user attempts to connect to a public web site, the web server assigns the user to the Windows user account called IUSR_computername, where computer name is the name of the server on which IIS is running.
For more details please follow this url:
https://helpx.adobe.com/dreamweaver/kb/anonymous-authentication-iusr-account.html
Also can check if anonymous-authentication is enabled on server where IIS is installed and enable is not already enabled
1. Go to control panel
2. Go to administrative tools.
3. Click on IIS Admin
4. Find the website.
5. Click on Authentication.
6. Enable Anonymous Authentication.
7. Restart the website.
Additional Information
The IIS probe internally uses CURL for fetching the IIS information.
If you run curl command from a command prompt with the -v option you will see the same set of authentications as done by the iis probe internally. This can also be verified in your environment using a curl command.
Try the command below to see the behavior: (NTLM)
'curl -v -u (UserName):(password) http://localhost:80' --anyauth or 'curl -v -u (UserName):(password) http://localhost:80' --ntlm
Also as per https://curl.haxx.se/mail/lib-2015-06/0033.html
When CURLAUTH_ANY is set, curl first performs a request without Authorization header, and then when the server returns a 401 it tries again with the Authorization header.
Curl output
======================================================
➤ curl -u administrator:******** http://localhost:81 -v --anyauth
* Rebuilt URL to: http://localhost:81/
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 81 (#0)
) GET / HTTP/1.1
) Host: localhost:81
) User-Agent: curl/7.50.3
) Accept: */*
)
( HTTP/1.1 401 Unauthorized
( Cache-Control: private
( Content-Type: text/html; charset=utf-8
( Server: Microsoft-IIS/7.5
( WWW-Authenticate: Negotiate
( WWW-Authenticate: NTLM
( X-Powered-By: ASP.NET
( Date: Fri, 12 Apr 2019 13:13:36 GMT
( Content-Length: 6276
(
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:81/'
* Found bundle for host localhost: 0x80082b00 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (::1) port 81 (#0)
* Server auth using NTLM with user 'administrator'
) GET / HTTP/1.1
) Host: localhost:81
) Authorization: NTLM XXXXXVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
) User-Agent: curl/7.50.3
) Accept: */*
)
( HTTP/1.1 401 Unauthorized
( Content-Type: text/html; charset=us-ascii
( Server: Microsoft-HTTPAPI/2.0
( WWW-Authenticate: NTLM XXXXXVNTUAACAAAABQAFADgAAAAGgokCfEsxpo/MhnUAAAAAAAAAAKIAogA9AAAABgGxHQAAAA9IQ0xDQQIACgBIAEMATABDAEEAAQAeAEQAUwAtAEYANAA4AEUAMwA4ADcANgA1ADMANwAyAAQAEgBIAEMATABDAEEALgBDAE8ATQADADIARABTAC0ARgA0ADgARQAzADgANwA2ADUAMwA3ADIALgBIAEMATABDAEEALgBDAE8ATQAFABIASABDAEwAQwBBAC4AQwBPAE0ABwAIAJhUs4kx8dQBAAAAAA==
( Date: Fri, 12 Apr 2019 13:13:36 GMT
( Content-Length: 341
(
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:81/'
* Found bundle for host localhost: 0x80082b00 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (::1) port 81 (#0)
* Server auth using NTLM with user 'administrator'
) GET / HTTP/1.1
) Host: localhost:81
) Authorization: NTLM XXXXXXVNTUAADAAAAGAAYAEAAAADSANIAWAAAAAAAAAAqAQAADQANACoBAAAPAA8ANwEAAAAAAAAAAAAABoKJAnhH62/SPskpQzauZ5ZkvQgDDD0jY18LsjHimq272ukFPY3XuFx005QBAQAAAAAAAAAAUIkx8dQBAww9I2NfC7IAAAAAAgAKAEgAQwBMAEMAQQABAB4ARABTAC0ARgA0ADgARQAzADgANwA2ADUAMwA3ADIABAASAEgAQwBMAEMAQQAuAEMATwBNAAMAMgBEAFMALQBGADQAOABFADMAOAA3ADYANQAzADcAMgAuAEgAQwBMAEMAQQAuAEMATwBNAAUAEgBIAEMATABDAEEALgBDAE8ATQAHAAgAmFSziTHx1AEAAAAAAAAAAGFkbWluaXN0cmF0b3JEUy1GNDhFMzg3NjUzNzI=
) User-Agent: curl/7.50.3
) Accept: */*
)
( HTTP/1.1 200 OK
( Content-Type: text/html
( Last-Modified: Mon, 01 Apr 2019 11:58:39 GMT
( Accept-Ranges: bytes
( ETag: "92a5e83e82e8d41:0"
( Server: Microsoft-IIS/7.5
( Persistent-Auth: true
( X-Powered-By: ASP.NET
( Date: Fri, 12 Apr 2019 13:13:36 GMT
( Content-Length: 1147
(
(!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd")
(html xmlns="http://www.w3.org/1999/xhtml")
(head)
(script language="javascript")
function DisplayVisits()
{
// How many
If you run curl command from a command prompt with the -v option you will see the same set of authentications as done by the iis probe internally. This can also be verified in your environment using a curl command.
Try the command below to see the behavior: (NTLM)
'curl -v -u (UserName):(password) http://localhost:80' --anyauth or 'curl -v -u (UserName):(password) http://localhost:80' --ntlm
Also as per https://curl.haxx.se/mail/lib-2015-06/0033.html
When CURLAUTH_ANY is set, curl first performs a request without Authorization header, and then when the server returns a 401 it tries again with the Authorization header.
Curl output
======================================================
➤ curl -u administrator:******** http://localhost:81 -v --anyauth
* Rebuilt URL to: http://localhost:81/
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 81 (#0)
) GET / HTTP/1.1
) Host: localhost:81
) User-Agent: curl/7.50.3
) Accept: */*
)
( HTTP/1.1 401 Unauthorized
( Cache-Control: private
( Content-Type: text/html; charset=utf-8
( Server: Microsoft-IIS/7.5
( WWW-Authenticate: Negotiate
( WWW-Authenticate: NTLM
( X-Powered-By: ASP.NET
( Date: Fri, 12 Apr 2019 13:13:36 GMT
( Content-Length: 6276
(
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:81/'
* Found bundle for host localhost: 0x80082b00 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (::1) port 81 (#0)
* Server auth using NTLM with user 'administrator'
) GET / HTTP/1.1
) Host: localhost:81
) Authorization: NTLM XXXXXVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
) User-Agent: curl/7.50.3
) Accept: */*
)
( HTTP/1.1 401 Unauthorized
( Content-Type: text/html; charset=us-ascii
( Server: Microsoft-HTTPAPI/2.0
( WWW-Authenticate: NTLM XXXXXVNTUAACAAAABQAFADgAAAAGgokCfEsxpo/MhnUAAAAAAAAAAKIAogA9AAAABgGxHQAAAA9IQ0xDQQIACgBIAEMATABDAEEAAQAeAEQAUwAtAEYANAA4AEUAMwA4ADcANgA1ADMANwAyAAQAEgBIAEMATABDAEEALgBDAE8ATQADADIARABTAC0ARgA0ADgARQAzADgANwA2ADUAMwA3ADIALgBIAEMATABDAEEALgBDAE8ATQAFABIASABDAEwAQwBBAC4AQwBPAE0ABwAIAJhUs4kx8dQBAAAAAA==
( Date: Fri, 12 Apr 2019 13:13:36 GMT
( Content-Length: 341
(
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:81/'
* Found bundle for host localhost: 0x80082b00 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (::1) port 81 (#0)
* Server auth using NTLM with user 'administrator'
) GET / HTTP/1.1
) Host: localhost:81
) Authorization: NTLM XXXXXXVNTUAADAAAAGAAYAEAAAADSANIAWAAAAAAAAAAqAQAADQANACoBAAAPAA8ANwEAAAAAAAAAAAAABoKJAnhH62/SPskpQzauZ5ZkvQgDDD0jY18LsjHimq272ukFPY3XuFx005QBAQAAAAAAAAAAUIkx8dQBAww9I2NfC7IAAAAAAgAKAEgAQwBMAEMAQQABAB4ARABTAC0ARgA0ADgARQAzADgANwA2ADUAMwA3ADIABAASAEgAQwBMAEMAQQAuAEMATwBNAAMAMgBEAFMALQBGADQAOABFADMAOAA3ADYANQAzADcAMgAuAEgAQwBMAEMAQQAuAEMATwBNAAUAEgBIAEMATABDAEEALgBDAE8ATQAHAAgAmFSziTHx1AEAAAAAAAAAAGFkbWluaXN0cmF0b3JEUy1GNDhFMzg3NjUzNzI=
) User-Agent: curl/7.50.3
) Accept: */*
)
( HTTP/1.1 200 OK
( Content-Type: text/html
( Last-Modified: Mon, 01 Apr 2019 11:58:39 GMT
( Accept-Ranges: bytes
( ETag: "92a5e83e82e8d41:0"
( Server: Microsoft-IIS/7.5
( Persistent-Auth: true
( X-Powered-By: ASP.NET
( Date: Fri, 12 Apr 2019 13:13:36 GMT
( Content-Length: 1147
(
(!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd")
(html xmlns="http://www.w3.org/1999/xhtml")
(head)
(script language="javascript")
function DisplayVisits()
{
// How many
Feedback
Yes
No
Powered by
