IIS : Windows Authentication 401.2 Unauthorised

ca-error

IIS : Windows Authentication 401.2 Unauthorised

Having deployed a couple of Certificate Authorities recently I ran into an issue with the Web interface http://<caname>/certsrv where despite entering valid credentials I was continually prompted for a username and password, and eventually a 401.2 Unauthorised error.

ca-error

On further investigation it turned out that the Windows Authentication providers were the cause, chaging this from Negotiate,NTLM to NTLM,Negotaite (you could even remove the Negotiate provider) resolves this issue, click read more to see the solution. 

To modify the providers open up IIS Manager navigate o the CerSrv virtual directory and double click Authentication:

ca-error-fix1

Select “Windows Authentication,” then from the Action Pane select “Providers…” 

ca-error-fix2

Finally increase the priority of the NTLM provider by selecting it and clicking “Move Up”

ca-error-fix4