Browser Client ask for Windows Username and Password

Owned by René Pape
Last updated: 20 Mar 2015
2 min read

Problem

The system is set up for Single Sign On (SSO)/Integrated Security and everything is configured correctly with the user being member of an AD role, the AD Role is added to the "allow role" part of the "authorization_INT.config" file on the server and the SID of this AD Role is entered in the administrative DVI Role definitions, so the user should be able to start the DVI System without any authentication challenges.

Solution

Some Active Directory or server configurations seems to fail silently during a "Negotiate" phase, and never tries plain NTLM authentication. Moving the NTLM provider as first priority solves the login problem. You can do this by applying the following steps:

  1. Open Internet Information Services Manager (IIS Manager) on the server



  2. Select the Plass DVI System site (1)

  3. Double-click/open Authentication in the IIS section (2)



  4. Select the Windows Authentication - it should already be Enabled, if not, you have a lot of other problems to fix as well (3)
  5. Click Providers... in the right pane (4) - it will open the Providers window
  6. Select the NTLM line in the Providers window (5). It should be at the bottom. If it is already at the top, this is not what is causing your problem.
  7.  Click the Move Up button until NTLM is at the top (6)
  8. Click OK to save and close the Providers window
  9. Your client should be able to access the DVI System site without any prompts