External windows authentication fails when connecting to Service Desk from a web browser that is directly on the primary server.

Article Id: 49770
Status: Published
Updated On: 14-02-2018 08:05
Legacy Id: TEC566267
Products:
CA IT Asset Manager , CA Software Asset Manager (CA SAM) , ASSET PORTFOLIO MGMT- SERVER , SUPPORT AUTOMATION- SERVER , CA Service Desk Manager - Unified Self Service , KNOWLEDGE TOOLS , CA Service Management - Asset Portfolio Management , CA Service Management - Service Desk Manager
Issue/Introduction:

Description:

IIS has been configured to automatically authenticate users based on Windows authentication, users are authenticated via the Windows domain to log into Service Desk Manager (SDM), and Access Types in SDM are configured to use External OS authentication. In this scenario:

  • Logging in to SDM fails if it is attempted from a web browser that is running on the Service Desk primary server (HTTP error 401.1).
  • Logging in to SDM works fine if it is attempted from a web browser that is running on remote client PC that connects to Service Desk.

Recreation steps:

  1. Log onto the Service Desk Manager 12.5 CA SDM server as a user running under the Administrator role.
  2. Configure Access Types to use OS Integrated External authentication
  3. Configure IIS to authenticate users based on Windows authentication: Enable Windows authentication. Disable anonymous authentication.
  4. Try to log on to Service Desk Manager from any remote PC client (not SDM primary server). Confirm that the login is successful.
  5. Try to log on to SDM from Service Desk Manager primary server. Confirm that the login fails.

Solution:

The problem could be due to what is documented in the following article:
http://support.microsoft.com/kb/896861

Below is an extract of the Symptoms section from the above link. For Cause, Work Around, and additional information, please see the full article.

Article ID: 896861 - Last Review: April 26, 2010 - Revision: 12.0
You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version

When you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running Microsoft Internet Information Services (IIS) 5.1 or a later version, you may receive an error message that resembles the following:

HTTP 401.1 - Unauthorized: Logon Failed

This issue occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address.

Note: You only receive this error message if you try to browse the Web site directly on the server. If you browse the Web site from a client computer, the Web site works as expected.

Environment:

Release:
Component: ARGIS