Getting a Windows Security Prompt now instead of being logged in to UniversitySite?

Applies To

  • UniversitySite Cloud (vs Behind the firewall installations)
  • Behind the Firewall Installations (vs UniversitySite Cloud)
  • Windows server 2008 or newer

Intended Audience

  • System administrators

Background

From time to time you may get reports that users are unable to login to UniversitySite and are seeing a windows security prompt asking for network credentials.  You may have made NO changes to the site or to the server that you are aware of.  We have so far found that rebooting the web server restores windows authentication functionality but sometimes you can't reboot the server during business hours.  We recently discovered a bit of a work around that may help you until you CAN schedule a reboot after hours.  

As it turns out, this problem can affect both cloud and behind the firewall customers because it is a windows authentication problem tied to a failure with the ApplicationPoolIdentity associated with the application pool assigned to your UniversitySite website(Behind the Firewall) or UniversitySiteSSO site (Cloud)

So far the only way to get this problem resolved has been to reboot the web server where the site is running.  This does not prevent the problem from recurring because it seems the ApplicationPoolIdentity is prone to fail in this way from time to time for reasons that are as yet unknown to us.  It does not however usually occur very often in our experience.  You may see it once or twice a year.

Symptoms

  • Users are reporting they can't get into UniversitySite
  • Users are getting a windows security prompt when trying to access the site
  • No one made any changes to the site as far as you know

Resolution

You can immediately resolve this problem without a server reboot if you are satisfied with changing the Identity defined for the Application pool UniversitySite or UniversitySiteSSO (Cloud customers) uses to the Network Service.  Apparently Microsoft is not supporting the Network service any more but has as of IIS 7.5 switched to ApplicationPoolIdentity but the ApplicationPoolIdentity seems to be prone to failures with windows authentication.  See this article where I got my information. 

BOTTOM LINE: change the application pool to Network Service (no iisreset or reboot needed) but live with whatever security risk you think this poses or does not pose.

OR

Reboot your web server but expect to see the problem recur from time to time

Still need help? Contact Us Contact Us