How to pass thru Windows domain authentication?

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

How to pass thru Windows domain authentication?

Post by leo1631 »

Hi, I have a problem. I need to monitor some web application which use windows domain authentication, just like some sharepoint web applications, can HostMonitor's test pass thru that? and how?

Thanks.
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:

Post by KS-Soft Europe »

HostMonitor may perform such test under some conditions...
1) enable "Ignore unknown certificate authority problems" option in "URL test properties" dialog
2) specify user name and password (just like you do that for basic authentication)
3) Mark "Enable Integrated Windows authentication" option in "Advanced" tab of "Internet Options" dialog of Internet Explorer on the machine, where HostMonitor is running.

Please note: to enable "Ignore unknown certificate authority problems" option for http requests, you should select "HTTPS" from "Service" combobox, enable "Ignore unknown certificate authority problems" option, and select "HTTP" back in "Service" combobox.

Regards,
Max
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

Post by leo1631 »

Thank Max for the instant reply.
But Unfortunately it does not work, the url test still can not access the web page because of privilege. :(
BTW, does a url test of HM process with the Internet Explorer? Why modify the Options of Internet Explorer, I've always thinked that HM is not concerned with IE at all.

Regards,
Leo
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

Post by leo1631 »

And also, is there any other method worthy to try?
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:

Post by KS-Soft Europe »

leo1631 wrote:But Unfortunately it does not work, the url test still can not access the web page because of privilege. :(
So, it does not work for you. It's a pity. Have you enabled "Ignore unknown certificate authority problems" option in "URL test properties" dialog? Have you access to the web server configuration? Could you tell me what options is enabled in "Authentication Methods" applet on "Directory Security" tab in "Web site properties" window of this certain site in "IIS Manager"? Could you send a screen-shot to support@ks-soft.net? Could you also take a look at web server log files? What error do you see in records that are concerned to HostMonitor's requests?
leo1631 wrote:BTW, does a url test of HM process with the Internet Explorer? Why modify the Options of Internet Explorer, I've always thinked that HM is not concerned with IE at all.
Actually, HostMonitor does not use IE directly. However, URL test method uses wininet.dll (part of Internet Explorer), that uses some IE registry settings.

Regards,
Max
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

Post by leo1631 »

Sorry for delayed answer.
KS-Soft Europe wrote: Have you enabled "Ignore unknown certificate authority problems" option in "URL test properties" dialog?
Absolutely yes. The URL looks like "http://domain\user:password@10.177.4.2 80/jsc/jsc.htm", is that correct?
KS-Soft Europe wrote: Could you tell me what options is enabled in "Authentication Methods" applet on "Directory Security" tab in "Web site properties" window of this certain site in "IIS Manager"?
Only "Integrated Windows authentication" is enabled.
KS-Soft Europe wrote: Could you also take a look at web server log files? What error do you see in records that are concerned to HostMonitor's requests?
The records in web log shows that HM still uses the guest account to access page.
-------------------------------------------------------
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2007-02-13 03:42:09
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) cs(Cookie) cs(Referer)
2007-02-13 03:42:09 10.177.8.25 - 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4625 272 0 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
2007-02-13 03:42:09 10.177.8.25 QDKILL2\Guest 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4240 399 16 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -
2007-02-13 03:42:10 10.177.8.25 QDKILL2\Guest 10.177.4.2 80 GET /jsc/jsc.htm - 401 5 4240 399 16 HTTP/1.0 10.177.4.2 Mozilla/4.0+(compatible;+MSIE+6.0) - -

-------------------------------------------------------
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:

Post by KS-Soft Europe »

leo1631 wrote:The URL looks like "http://domain\user:password@10.177.4.2 80/jsc/jsc.htm", is that correct?
Correct.
Is the machine, where HostMonitor is running, a member of the domain? Could you try to specify username without domain name? Your URL shoud be like this: "http://user:password@10.177.4.2 80/jsc/jsc.htm"
Does it work?

Regards,
Max
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

Post by leo1631 »

Yes, it's a member of the domain.
URL like"http://user:password@10.177.4.2 80/jsc/jsc.htm", I've tried, but it does not work cause the web server think the account is a local user.
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:

Post by KS-Soft Europe »

leo1631 wrote:Yes, it's a member of the domain.
Ok. What account do you use to start HostMonitor? If HostMonitor is started as service and you have specified domain admin account (Options > Service tab), than URL test should work without specifying username/password into "Password protected page" area of "URL test properties window". Could you try such workaround?

Regards,
Max
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

Post by leo1631 »

HostMonitor is started as service with a user of domain( not domain administrator), I can access the page if using IE and the user, but HM can not.
I checked the web log, HM still uses guest user "QDKILL2\Guest" try to access the page even if a URL test is specified username/password. When URL test work without specifying username/password, web log shows HM using "10.177.4.2", nothing else.
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:

Post by KS-Soft Europe »

Sorry, it seems HostMonitor does not support "Integrated Windows authentication" in some cases. We have added this task in our "to do" list. Low priority.

Regards,
Max
leo1631
Posts: 55
Joined: Thu Apr 27, 2006 8:51 pm

Post by leo1631 »

Anyway, thanks.
CapQwerty
Posts: 36
Joined: Wed Dec 14, 2005 3:58 pm

Post by CapQwerty »

We have had an interesting scenario
Last week we moved our system from a windows 2000 server to a Windows 2003 server
On the 2000 machine we had the username and password setup in the service section of Hostmon and also set up in the windows service section.

Untill the move there had been no issues with intergrated authentication.

But with the move we are no longer able to get this to work.
Reading above we had it working against what this thread says But now we are down around 30 http style tests because of this.

Any chance you can bump this up the priority list or explain why Win2k we got away with this work around and not 2003.

Regards
Jason
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:

Post by KS-Soft Europe »

CapQwerty wrote:Reading above we had it working against what this thread says But now we are down around 30 http style tests because of this.
What exact tests are down? URL? HTTP? URL test method uses wininet.dll, that is used by Internet Explorer, so you may try to enable "Automatic logon with current username and password" option in "User Authentication" -> "Logon" section of "Security settings" windows of "Internet Explorer" (IE menu "Tools" -> "Internet Options" tab -> "Security" tab -> "Custom Level" button). This option shoul help.

Regards,
Max
mpilz
Posts: 6
Joined: Fri Sep 05, 2003 2:15 am

Post by mpilz »

Hello.

We need also the Http test for windows integrated authentication. I think every iis config for intern webservers have integated authentications for security reasons.
Ok we will waiting for a new versions......

Regards
Marko
Post Reply