Why are there two entries in the IIS log with the code 401.5 and 200?

A

Alexey Baranoshnikov2015-09-24 14:59:52

IIS

Alexey Baranoshnikov, 2015-09-24 14:59:52

There is a similar question here, but without an answer:
serverfault.com/questions/478656/iis-logging-one-4...
There is 1C on the server with IIS, to which POST requests go. Everything works, the response to the client from the server always comes 200, but two entries are written in the logs: one with a 401.5 error, and the second 200. Why is that?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

F

Fredcapit, 2017-01-20
@Fredcapit

As far as I understand it has to do with authentication.
First comes a POST request with no authentication fields. The server replies to the client that authentication is needed and returns a response with an http header indicating which authentication is needed. The browser inserts the required values into the authentication header and repeats the request. Further requests should pass normally.
It happens when 2 types of authentication are configured on IIS (NTLM, Kerberos for example), in this case one of the types of authentication may not work and as a result you can always receive 2 responses from the server.
Kerberos authentication can be configured on the local network, and if you specify the same on IIS, authentication may not work (I don’t know why, but it’s the same for me) and therefore only NTLM should be left.