000014789 - Protocol Transition fails and the user gets a 401 unauthorized message

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000014789
Applies ToAccess Manager Web Agent IIS V4.8 Agent
2003 Server
Protocol Transition
Outlook Web Access (OWA)
Microsoft SharePoint Server
IssueProtocol Transition fails and the user gets a 401 unauthorized message
Protocol Transition does not work.  User receives a 401 message in the browser.

The ct_agent.log shows a 401 error message indicating the the content cannot be served with the current credentials.

2009-05-27 15:53:36 -0400 - [1672] - <Debug> - AUTH_TYPE: Basic
2009-05-27 15:53:36 -0400 - [1672] - <Info> - [NotifyAccessDenied]
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - REMOTE_USER:
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - LOGON_USER:
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - AUTH_TYPE:Basic
2009-05-27 15:53:36 -0400 - [1672] - <Info> - [NotifySendResponse]
2009-05-27 15:53:36 -0400 - [1672] - <Debug> - Response: 401


The following messages do NOT appear in the ct_agent.log file.  The absence fo the "WildCard map extension loaded" suggests a problem with the wildcard map.

2008-04-29 13:46:25 -0700 - [2284] - <Debug> - Windows user token cache initialized, size : 3000, ttl:28800
2008-04-29 13:46:25 -0700 - [2284] - <Info> - Domain name: SUPPORTLAB7
2008-04-29 13:46:25 -0700 - [2284] - <Info> - WildCard map extension loaded


The ct_tokengen.log shows startup information but there is no other messages in the log files.
CauseThis may occur if the anonymous user account defined for the IIS application pool is not able to access content on the local server.  By default the IIS server access content  under the permission of the IUSER account.  Since no content is served on the server the wildcard map is not called.
ResolutionIf the IIS anonymous user account has been changed ensure that the account credentials are valid and that the user has sufficient privileges to serve anonymous content from the web server. If the account is a domain account ensure that this user is able to do a domain authentication.  Right click on the "default web site" in the IIS manager and select the "Directory Security" tab.  Click the "Edit" button under "Authentication and Access Control" and click "Enable Anonymous Access" and select the  IUSER account.
Notes

Also see the following related solutions:

"Protocol Transition fails and the user gets a 401 unauthorized message" Protocol Transition fails and the user gets a 401 unauthorized message

"Protocol Transition fails and the user gets a 401 unauthorized message" Protocol Transition reports error 404 for any pages with the wildcard map.

"AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error." AxM 4.8 agent for IIS 6: Protocol Transition does not work - 404 error.

Legacy Article IDa46170

Attachments

    Outcomes