Title	Protocol Transition fails and the user gets a 401 unauthorized message

URL Name	a46170-Protocol-Transition-fails-and-the-user-gets-a-401-unauthorized-message

Summary

Validation Status	Work in Progress

Age	5,446.95

Translate To

Applies To

Access Manager Web Agent IIS V4.8 Agent
2003 Server
Protocol Transition
Outlook Web Access (OWA)
Microsoft SharePoint Server

Issue

Protocol Transition fails and the user gets a 401 unauthorized message
Protocol Transition does not work. User receives a 401 message in the browser.

The ct_agent.log shows a 401 error message indicating the the content cannot be served with the current credentials.

2009-05-27 15:53:36 -0400 - [1672] - <Debug> - AUTH_TYPE: Basic
2009-05-27 15:53:36 -0400 - [1672] - <Info> - [NotifyAccessDenied]
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - REMOTE_USER:
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - LOGON_USER:
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - AUTH_TYPE:Basic
2009-05-27 15:53:36 -0400 - [1672] - <Info> - [NotifySendResponse]
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - Response: 401

The following messages do NOT appear in the ct_agent.log file. The absence fo the "WildCard map extension loaded" suggests a problem with the wildcard map.

2008-04-29 13:46:25 -0700 - [2284] - <Debug> - Windows user token cache initialized, size : 3000, ttl:28800
2008-04-29 13:46:25 -0700 - [2284] - <Info> - Domain name: SUPPORTLAB7
2008-04-29 13:46:25 -0700 - [2284] - <Info> - WildCard map extension loaded

The ct_tokengen.log shows startup information but there is no other messages in the log files.

Cause

This may occur if the anonymous user account defined for the IIS application pool is not able to access content on the local server. By default the IIS server access content under the permission of the IUSER account. Since no content is served on the server the wildcard map is not called.

Resolution

If the IIS anonymous user account has been changed ensure that the account credentials are valid and that the user has sufficient privileges to serve anonymous content from the web server. If the account is a domain account ensure that this user is able to do a domain authentication. Right click on the "default web site" in the IIS manager and select the "Directory Security" tab. Click the "Edit" button under "Authentication and Access Control" and click "Enable Anonymous Access" and select the IUSER account.

Workaround

Notes

Also see the following related solutions:

"Protocol Transition fails and the user gets a 401 unauthorized message" Protocol Transition fails and the user gets a 401 unauthorized message

"Protocol Transition fails and the user gets a 401 unauthorized message" Protocol Transition reports error 404 for any pages with the wildcard map.

"AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error." AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error.

Legacy Article ID 000014789

Audience	External

Article Source	Conversion

Original Article Author	istaines

Original Created Date	5/27/2009 10:08 PM

Owner	Admin6 Integration (R3 Propel)

Assigned To

Assigned By

Assignment Note

Assignment Due Date

Publication Status	Published

Article Type	Knowledge

Article Number	000057169

Created By	Admin6 Integration (R3 Propel)

Last Modified By	Katrina Nash

Language	English