evaade Posted February 12, 2014 Report post Posted February 12, 2014 Hello, I am hoping someone might be able to help. I am having an issue accessing the application catalog when I try and access it via the FQDN. When I use the FQDN of the server I get "401 - Unauthorized: Access is denied due to invalid credentials". If I use the NetBIOS name of the server I can access the Application Catalog without issue. Here is a run down on my setup and the issue: Setup Standalone Primary SCCM 2012 R2 server running on Windows Server 2012 R2 Application Catalog web service point & Application Catalog website point are both installed Default Application Catalog website point in Computer Agent Client settings is set to use the FQDN Both http://servername & http://servername.domain.local have been added to the Intranet zone of IE Issue 1. If I open IE on my domain connected workstation and enter http://servername.domain.local/CMApplicationCatalog, I immediately get a 401 - Unauthorized error. No prompt for credentials. 2. If I open IE on my domain connected workstation and enter http://servername/CMApplicationCatalog, I connect without issue 3. If I set the Default Application Catalog website point in Computer Agent Client settings to use the NEtBIOS name, the link from Software Center works, If I set it to FQDN I get the 401 error. 4. If I take http://servername & http://servername.domain.local out of the Intrnet zone in IE, I get prompted for credentials when using the NEtBIOS name, but still no prompt when using the FQDN I know this must be a configuration issue somewhere, but I am not sure where. As you can see from above, the applicaiton catalog works without issue and SSO works when using the NetBIOS name of the server to access it, but if I use the FQDN of the server, I get a 401 error. Any help is appreciated. Quote Share this post Link to post Share on other sites More sharing options...
evaade Posted February 12, 2014 Report post Posted February 12, 2014 Well, It looks like I have resolved the issue and found the root cause. The issue was due to the browser sending the requested URL via our proxy server and the proxy server changing the authentication headers before they reach the web server. This was only occuring when using the FQDN as we had the bypass local addresses turned on and therefore when using the Netbios name, it would not go through the proxy. Turning the proxy settings off in IE, I can connect to the application catalog using the FQDN. Putting in an exception for the servers FQDN into the IE proxy settings resolves the issue for me. I will look to deploy the exception via group policy. Quote Share this post Link to post Share on other sites More sharing options...