Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SMP 7.1 Continually requests login credentials

Created: 15 Apr 2013 | 2 comments

Just wondering if anyone else out there has had, or is having th eissue described below?

I login to our SMP 7.1 NS server with appropriate credentials using Remote Desktop.  Just about every two minutes (and more frequently at times), I get a popup requesting my login credentials.  Over the course of twenty minutes, I was prompted 12 times to re-enter my password.  It's especailly troubling during the creation of Patch Policies for distribution. 

I know there's a lot going on on an NS, but the constant prompting for credentials jsut isn't right -- especially when I'm logged in directly to the NS server and not just accessing the tool via a web interface from a different client. 

Any insight into this issue would be greatly appreciated.  By the way, everyone tells me that IIS is configured correctly and isn't the cause of the credential requests.  I don't know what to beleive...

Help!

Operating Systems:

Comments 2 CommentsJump to latest comment

HighTower's picture

How about this?
 

KNOWN ISSUE: User needs to logon a few times to properly load certain SMP 7.1 Console items
http://www.symantec.com/business/support/index?page=content&id=TECH156006

The 3rd and 4th workarounds fixed it for me (from the KB):

Solution

Many of the reasons that were causing to prompt for Credentials were addressed with the SMP 7.1 SP2 Release. However, there were other use cases where Dev couldn't duplicate what the customers reported.

The following steps are provided as suggestion if the issue is still present:

1) Please review and try the suggestions on Microsoft KB2749007 "An unexpected 401.1 status is returned when using Pre-Authentication Headers with Internet Explorer and Internet Information Services"
2) Within IE, add the SMP URL as a "Intranet site".
3) Open IIS Manager, select "/Default Web Site/Altiris/Console". On the right pane, double-click on "Authentication". After that, right-click on "Windows Authentication" and select "Providers...". By default, the Enabled Providers have the order of "Negotiate" and then "NTLM". We need to swap these so that "NTLM" is at the top of the list.
4) Check the "Enable Integrated Windows Authentication" checkbox in IE (under Tools_>Internet Options->Advanced->Security). 

The Gaffer's picture

This is almost certainly due to the fact that your domain is using Kerberos authentication and the Altiris application pools are running with the ApplicationPoolIdentity account.

Using IIS Manager, change the identity to NetworkService on all the application pools. The default identity does not have the right to delegate Kerberos authentication.