We enabled passthrough authentication some time ago and it was working fine. At some point it stopped functioning correctly, it may have occured during one of the many patches and updates, but we aren't sure. I have revisited the instructions on how to set this up, but I ran into an odd situation. When I went into IIS to set verify and set the permissions, what i found was confusing and a possible problem. Within the Authentication screen of the "SolarWinds NetPerfMon" site I found the following:
Name Status Response Type
Anonymous Authentication Enabled
ASP .NET Impersonation Disabled
Basic Authentication Disabled HTTP 401 Challenge
Forms Authentication Enabled HTTP 302 Login/Redirect
Windows Authentication Enabled HTTP 401 Challenge
Alerts: "Challenge-based and login redirect-based authentication cannot be used simultaneously."
Now what should these settings be set to, to allow for Passthrough Authentication?
I had this same problem. I disabled Forms Authentication from IIS and the passthrough authentication then started to work for everyone. No idea why it stopped working before but it was a fix for me.
In addition, go into the Web Console Settings in Orion under /Orion/Admin/Settings.aspx and make sure Windows Automatic Login is set for "Enable Automatic Login".
Other things that may help depend on the browser. For IE and Chrome, most often times if the site is not recognized as an intranet site, it will just prompt without passing through. You've either got to identify the site as intranet, or set the options to pass the username and password. Another option that's helped us recently was having user clear all cache from the browser (after we did an upgrade and migration of SolarWinds Orion) and that helped the autologin.
This is pretty much correct, to add some detail...
The if the site is internal and not being recognized as the intranet zone then a GPO policy may need to be set to force Chrome to see it as a recognized intranet page.
However, if you want to test out the pass through in Chrome without pushing GPO settings you can lookup the Chrome Registry Key HKCU\Software\Policies\Google\Chrome\AuthServerWhitelist and add the sites you want to be able to pass through authenticate to.
Basically add a REG_SZ value like the following for a single site
or for multiple sites
To verify that chrome recognizes those settings going to the chrome://policy page and reloading policies you should be able to see your settings change and then retest authentication with the site you are working with.
I've found those same settings as the default settings, and, I've found that if I want my Windows Passthrough Authentication to work, the only one that needs to be enabled is Windows Authentication.
Beyond that if I want my Solarwinds Report emails to attach XLS , PDF versions I need to make sure Forms Authentication and Anonymous Authentication are enabled as well (with the same error given).
In my environment if I want Windows Passthrough to work, I need to make sure first my browser settings are correct, but, if I know those are correct and I know my AD groups are configured correctly, then within Solarwinds I make sure that the following is set up correctly:
Make sure IIS Site ID matches w/ the information found in the SolarWindsOrion.Websites table.
For me, running SSL/HTTPS with a URL name and cert loaded within IIS my table reads:
Website ID: 1 (which matches IIS sites)
Servername: mywebsiteurl.myworkdomain.com (this could be the server name as well)
Port: 443 (this could be 80 ect)
SSLEnabled: 1 (this can be 1 or 0 for none SSL)
Type: Primary (this can be additional, if its not the URL/Address you want to use... so in this example you'd want it to be primary)
Anytime I've had issues its mostly had to do with my IIS settings not matching the website table in the orion db. Hope that helps.
We've ran into this same issue. After doing Windows updates, we are unable to log in into the website. We tried blanking out the admin account password but it still doesn't log in. We also have the same settings under IIS. I've tried disabling one or the other to see if it will let us in but so far no dice.
Any users or admins have suggestions on this?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.