UIM iis probe reporting 401 error for localhost
search cancel

UIM iis probe reporting 401 error for localhost

book

Article ID: 112269

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

iis probe is reporting the following in iis probe debug logs
The same is reported if we use localhost in config for health check 
In the iis probe "localhost' is used as the hostname to monitor the local IIS server to skip the performance authentication.

Aug x 11:11:40:311 [5744] iis: [localhost] DBG: Rebuilt URL to: http://<address>/ 
Aug x11:11:40:311 [5744] iis: [localhost] DBG: timeout on name lookup is not supported 
Aug x 11:11:40:311 [5744] iis: [localhost] DBG: Trying ##.##.##.##... 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: Connected to <server> (##.##.##.##) port 80 (#0) 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < HTTP/1.1 401 Unauthorized 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Cache-Control: private 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Content-Type: text/html; charset=utf-8 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Server: Microsoft-IIS/8.5 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < WWW-Authenticate: Negotiate 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < WWW-Authenticate: NTLM 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < X-Powered-By: ASP.NET 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Date: Mon, 06 Aug 2018 23:11:40 GMT 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Connection: keep-alive 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < Content-Length: 5943 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: < 
Aug x 11:11:40:326 [5744] iis: [localhost] DBG: Connection #0 to host <server> left intact 
Aug x 11:11:40:326 [5744] iis: CheckHttpResponse - Redirected to http://<address> with ret_code = 401 in redirects = 0 ,SSL Certificate Error Code = 0 
Aug x 11:11:40:326 [5744] iis: localhost - Error: CheckResponse failed, Error code: 401 

Aug x 11:11:40:326 [5744] iis: HeaderChunk: Size = 279, Content: 
Aug x 11:11:40:326 [5744] iis: HTTP/1.1 401 Unauthorized 

Cache-Control: private 
Content-Type: text/html; charset=utf-8 
Server: Microsoft-IIS/8.5 
WWW-Authenticate: Negotiate 
WWW-Authenticate: NTLM 
X-Powered-By: ASP.NET 
Date: Mon, xx Aug 20xx 23:11:40 GMT 
Connection: keep-alive 
Content-Length: 5943

Manually browsing to either URL (hostname or localhost) works fine  
localhost displays the default IIS landing page, hostname ask for credentials and then displays the landing page. 

Environment

uim all supported versions
iis 8.5
iis probe 1.91 
perfmon 1.63
os win2012r2 

Resolution

Option 1 :The suggested format as below of the username worked ok

1. Put local host in "Host name or IP address" field 
2. put domain name\username in username field 
3. keep the "Domain" field as blank(please do not fill anything) 
4. Check the "Windows" check box 

Note: If windows authentication is enabled on IIS server then user must provide user & password in windows authentication section. 

Option 2:  anonymous authentication not enabled - by setting this in IIS, the domain name entry is no longer required

Anonymous access should be there on IIS server

Anonymous access, the most common web site access control method, allows anyone to visit the public areas of a web site while preventing unauthorized users from gaining access to a web server's critical administrative features and private information. Anonymous authentication gives users access to a web site without prompting them for a user name or password. When a user attempts to connect to a public web site, the web server assigns the user to the Windows user account called IUSR_computername, where computer name is the name of the server on which IIS is running. 

For more details please follow this url:


Understand anonymous authentication and IUSR account

Also can check if anonymous-authentication is enabled on server where IIS is installed and enable is not already enabled

1.    Go to control panel 
2.    Go to administrative tools. 
3.    Click on IIS Admin 
4.    Find the website. 
5.    Click on Authentication. 
6.    Enable Anonymous Authentication. 
7.    Restart the website.

Additional Information

The IIS probe internally uses CURL for fetching the IIS information. 

If you run curl command from a command prompt with the -v option you will see the same set of authentications as done by the iis probe internally. This can also be verified in your environment using a curl command. 

Try the command below to see the behavior: (NTLM) 
'curl -v -u <User>:<password> http://localhost:80' --anyauth or 'curl -v -u <User>:<password> http://localhost:80' --ntlm 

Also as per https://curl.haxx.se/mail/lib-2015-06/0033.html 

When CURLAUTH_ANY is set, curl first performs a request without Authorization header, and then when the server returns a 401 it tries again with the Authorization header. 

Curl output 
====================================================== 
➤ curl -u <user>:<password> http://localhost:81 -v --anyauth 
* Rebuilt URL to: http://localhost:81/ 
* Trying ::1... 
* TCP_NODELAY set 
* Connected to localhost (::1) port 81 (#0) 
) GET / HTTP/1.1 
) Host: localhost:81 
) User-Agent: curl/7.50.3 
) Accept: */* 

( HTTP/1.1 401 Unauthorized 
( Cache-Control: private 
( Content-Type: text/html; charset=utf-8 
( Server: Microsoft-IIS/7.5 
( WWW-Authenticate: Negotiate 
( WWW-Authenticate: NTLM 
( X-Powered-By: ASP.NET 
( Date: Fri, 12 Apr 2019 13:13:36 GMT 
( Content-Length: 6276 

* Ignoring the response-body 
* Curl_http_done: called premature == 0 
* Connection #0 to host localhost left intact 
* Issue another request to this URL: 'http://localhost:81/' 
* Found bundle for host localhost: <data> [can pipeline] 
* Re-using existing connection! (#0) with host localhost 
* Connected to localhost (::1) port 81 (#0) 
* Server auth using NTLM with user <user>
) GET / HTTP/1.1 
) Host: localhost:81 
) Authorization: <authentication>
) User-Agent: curl/7.50.3 
) Accept: */* 

( HTTP/1.1 401 Unauthorized 
( Content-Type: text/html; charset=us-ascii 
( Server: Microsoft-HTTPAPI/2.0 
( WWW-Authenticate: NTLM <authentication>
( Date: Fri, 12 Apr 2019 13:13:36 GMT 
( Content-Length: 341 

* Ignoring the response-body 
* Curl_http_done: called premature == 0 
* Connection #0 to host localhost left intact 
* Issue another request to this URL: 'http://localhost:81/' 
* Found bundle for host localhost: <data> [can pipeline] 
* Re-using existing connection! (#0) with host localhost 
* Connected to localhost (::1) port 81 (#0) 
* Server auth using NTLM with user <user> 
) GET / HTTP/1.1 
) Host: localhost:81 
) Authorization: NTLM <authentication>
) User-Agent: curl/7.50.3 
) Accept: */* 

( HTTP/1.1 200 OK 
( Content-Type: text/html 
( Last-Modified: Mon, 01 Apr 2019 11:58:39 GMT 
( Accept-Ranges: bytes 
( ETag: <etag>
( Server: Microsoft-IIS/7.5 
( Persistent-Auth: true 
( X-Powered-By: ASP.NET 
( Date: Fri, 12 Apr 2019 13:13:36 GMT 
( Content-Length: 1147 

(!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd") 
(html xmlns="http://www.w3.org/1999/xhtml") 
(head) 
(script language="javascript") 

function DisplayVisits() 

// How many