Error from logs: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server
search cancel

Error from logs: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server

book

Article ID: 173598

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

Agents are not able to register with a Task Server, and possibly not able to setup Persistent Communications with the Notification Server or a Task Server.

Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server

Operation 'Direct: Head' failed.
Protocol: HTTP
Host: NS Server
Path: /Altiris/TaskManagement/CTAgent/GetClientTaskServers.aspx
Connection Id: 64.5284
Communication profile Id: {xxxxxxxx-2EEC-4B3B-AAE3-D72DF98D22F8}
Throttling: 2 50 0
Error type: HTTP error
Error code: HTTP error occured (0x80042D21)
Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server

 

Operation 'Direct: Head' failed.
Protocol: HTTP
Host: NS Server
Path: /Altiris/TaskManagement/CTAgent/PersistentSettings.aspx
Connection Id: 59.5284
Communication profile Id: {xxxxxxxx-2EEC-4B3B-AAE3-D72DF98D22F8}
Throttling: 2 50 0
Error type: HTTP error
Error code: HTTP error occured (0x80042D21)
Error note: Authentication failed, request level authentication is not supported, check that IIS setting 'authPersistNonNTLM' is set to 'True' on the server

Environment

8.x and later

Cause

Kerberos authentication is not functioning properly

Resolution

First of all, make sure the 'authPersistNonNTLM'  setting is set to TRUE.  

Open IIS Manager on the server being connected to (Notification Server or Site Server) which is giving the error.
Select the ServerName under Start Page, and then select Configuration Editor (near the bottom) under Management
Navigate to system.webServer/security/authentication/windowsAuthentication, and then view the setting for 'authPersistNonNTLM' and make sure it is set to TRUE.  

 

If you still have errors, disable Kerberos authentication by doing the following:

Browse to: Default Website/Altiris/TaskManagement/CTAgent
Open Authentication and select Windows Authentication.  Select Providers on the right panel.  Move NTLM to the top.  Click OK.
Close out of IIS Manager

Issue should be resolved for this server.  You may need to repeat this on the NS and other Task Servers.

Additional Information

Microsoft documentation on authPersistNonNTLM: https://techcommunity.microsoft.com/t5/iis-support-blog/request-based-versus-session-based-kerberos-authentication-or/ba-p/916043

Powered by Wolken Software