Jump to content


evaade

Application Catalog 401 Unauthorized via FQDN

Recommended Posts

Hello,

 

I am hoping someone might be able to help. I am having an issue accessing the application catalog when I try and access it via the FQDN. When I use the FQDN of the server I get "401 - Unauthorized: Access is denied due to invalid credentials". If I use the NetBIOS name of the server I can access the Application Catalog without issue.

 

Here is a run down on my setup and the issue:

 

Setup

Standalone Primary SCCM 2012 R2 server running on Windows Server 2012 R2

Application Catalog web service point & Application Catalog website point are both installed

Default Application Catalog website point in Computer Agent Client settings is set to use the FQDN

Both http://servername & http://servername.domain.local have been added to the Intranet zone of IE

 

 

Issue

1. If I open IE on my domain connected workstation and enter http://servername.domain.local/CMApplicationCatalog, I immediately get a 401 - Unauthorized error. No prompt for credentials.

2. If I open IE on my domain connected workstation and enter http://servername/CMApplicationCatalog, I connect without issue

3. If I set the Default Application Catalog website point in Computer Agent Client settings to use the NEtBIOS name, the link from Software Center works, If I set it to FQDN I get the 401 error.

4. If I take http://servername & http://servername.domain.local out of the Intrnet zone in IE, I get prompted for credentials when using the NEtBIOS name, but still no prompt when using the FQDN

 

I know this must be a configuration issue somewhere, but I am not sure where. As you can see from above, the applicaiton catalog works without issue and SSO works when using the NetBIOS name of the server to access it, but if I use the FQDN of the server, I get a 401 error.

 

Any help is appreciated.

Share this post


Link to post
Share on other sites

Well, It looks like I have resolved the issue and found the root cause. The issue was due to the browser sending the requested URL via our proxy server and the proxy server changing the authentication headers before they reach the web server. This was only occuring when using the FQDN as we had the bypass local addresses turned on and therefore when using the Netbios name, it would not go through the proxy.

 

Turning the proxy settings off in IE, I can connect to the application catalog using the FQDN. Putting in an exception for the servers FQDN into the IE proxy settings resolves the issue for me.

 

I will look to deploy the exception via group policy.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.