Integrated Security & Host Headers within IIS
I recently had to create a new website on an intranet for one of our clients. I have done this task numerous times before and was not expecting too many problems. I had already configured the CNAME entry on the DNS server, created my virtual directories and updated the security settings for the site to use Integrated Security.
When I browsed to the home page for my site I was a little surprised to see a login dialog box asking for my username and password and then even more surprised when it would not recognise my details. I was presented with an IIS error page. I checked my settings for the security zone that the site was running under, in this case a Trusted Site. I made sure that the ‘Automatic login with current username and password’ option was set, double checked my website settings and also checked my web.config file.
Having exhausted all the obvious issues I decided it was time to surf the net for a suitable solution. Sure enough Microsoft came up trumps with a useful article Authentication may fail with "401.3" Error if Web site’s "Host Header" differs from server’s NetBIOS name – http://support.microsoft.com/kb/294382 . After updating the server using the SetSPN tool I was able to surf to my new website without being promted for my credentials or getting IIS authorization errors.