Solved: HTTP Exception after migrating TMS with TMSPE - Page 3

Jens Didriksen · ‎06-28-2012

Migrated TMS 13.2 with TMSPE from physical server to VM 2008 R2, which went fine, however, VCS-C is now giving me HTTP exception status for all provisioning services; users, phonebooks and devices.

Status: failed

Response: HTTP Exception

Reason: (400) HTTP Error: WWW-Authenticate

And yet, TMSPE diagnostics in TMS shows no alarms; it's all green.

TAC is working on it though.

Anyone seen this before ?

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Paul Woelfel · ‎02-27-2013

Hi all,

I had also the issue, that on a fresh installed Win2k8r2 with TMS 14.1.1, TMSPE and VCS X7.2.1 replication won't start because auf 401 WWW-Authenticate .. failure. The Error message was not detailed and truncated, so we didn't see the cause of this error. I did some digging and tcpdumps on the VCS and found that VCS did not send the credentials to the TMS web page. I saw the following HTTP requests:

VCSC GET /tmsagent/phonebook etc -> TMS

VCSC <- 401 Unauthorized TMS

After these two HTTP messages VCSC should send the credentials, but there was no subsequent request.

I saw in the HTTP headers, that python httplib2 (http://code.google.com/p/httplib2/) is used to request the site and tried it myself on the VCSC. I found that httplib2 can't decode the WWW-Authenticate: Negotiate.

To solve this issue, I just disabled Windows Authentication on the tmsagent folder. Is NTLM or any Windows related authentication needed on the tmsagent folder? As far as I know this folder is only used for syncing to VCS.

Regards, Paul

Chad Johnson · ‎02-27-2013

Hi Juergen/Paul,

Juergen glad you found the error. What was it specifically?

Paul, you are correct the tmsagent is only used for TMSPE in version 14.1.1. NTLM or any Windows Authentication is not required for the sync to work however many customer like to use NTLM as it is much more secure than Basic. I will look into the httplib2 item and get back to you. If you disabled Windows Authentication and left Basic enabled it will work as you found out. I am not aware of any issues that it could cause with only Basic enabled.

Chad

Juergen Hornung · ‎02-27-2013

Chad,

sad to say, initially I use your describtion to manual edit C:\Windows\System32\inetsrv\config\applicationHost.config

But this doesent help to solve the problem. Solving the problem you have to use IISmanager and move Basic Auth module above Windows- and DigestAuth Module.

Regards

Juergen

Chad Johnson · ‎02-27-2013

Hi Juergen,

Agreed, this is why Magnus posted below mine to indecate that it didn't always work and advised to use IIS Manager to do the work instead of manually editing it.

Glad you got it fixed!

Chad

Paul Woelfel · ‎02-27-2013

Hi Chad,

We are using HTTPS so we won't have to mind about sending the credentials only base64 enocded in the HTTP traffic.

Regards, Paul

Chris Swinney · ‎03-19-2013

Cheers all for the info, as we had run in the same issue after moving to Windows 2008R2 front/back end from a Windows 2003 single server. The info provided by Magnus regard the module order worked well, although as the module were inherited from the parent site, I modified the module order on the root of IIS.

I too prefer to use Basic authentication over SSL as have seen nothing but issue with NTLM authentication, especially where client are behind NAT or proxies. In fact, MS recommenced this setup in at least some circumstances.

Chris