The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'

Question

I have a WCF service which is being called from my web application. The WCF service call is made on SSL port 443.

When my application makes the call, i recieve the following error message in my log file: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'

I checked the iis authentication headers on my machine(IIs 5.1) and the machine where the WCF service is deployed(IIS 6.0) using the cscript command:

For iis 5.1 adsutil set w3svc/1/ntauthenticationproviders "Negotiate,NTLM"

Simlilarly, the header has been set on server machine IIS 6.0 using the command: adsutil set w3svc/1/root/ntauthenticationproviders "Negotiate,NTLM"

I have repeatedly checked the headers and they have the same value of "Negotiate,NTLM" at both ends, yet my service call is failing.

Kindly help.

Answer 1

With NTLM authentication, the user executing on the calling server must be verifiable within the domain within the headers. This would mean that your IIS 5.1 machine would have to have its IIS instance (application pool) running under a domain viable user. Since the application pool is almost universally run by either Local System, Network Service, or AppPoolService (or similar system account) nome of which are domain available, you will need to configure the IIS instance that is performing the call to be run by a service account with appropriate permissions in the domain.