Overview
Authentication and Access Control Diagnostics (AuthDiag) tool designed specifically to troubleshoot authentication and authorization (access control) failures. AuthDiag offers several features to narrow down and isolate the cause of 401.1, 401.3, and some Active Server Pages (ASP) 500 errors.
Security failures caused by invalid credentials or incorrect permissions are often difficult to locate the root cause and with AuthDiag users have a one easy-to-use tool to do all troubleshooting.
AuthDiag does system-level analysis as well as IIS configuration verficiation and detects potential causes of failures. It offers users the ability to Check Authentication, Check Permissions for a user or site path, and Monitor URL Failures (AuthMon). Beyond helping users test all authentication types available in IIS (excluding Microsoft Passport), AuthDiag offers users the ability to monitor requests as they come into the Web server using AuthMon and analyze for failures. AuthMon (as this feature is commonly referred to) logs all data to disk for later retrieval but also allows the user to stop and restart monitoring directly from the User interface.
AuthDiag 1.0 also offers users the opportunity to verify the setup of Service Principal Name (SPN) that are stored in Microsoft Active Directory. Also offered is a verification of User Righs and Privliges versus a built-in list of needed permissions and warns when rights or privliges are not found.
Features
- Ability to test authentication without a browe for all IIS supported authentication types
- User interface and command-line permission viewing and checking for user or path
- Real-time monitoring (AuthMon) of HTTP authentication and authorization events and logging
- Windows User Rights checking based on documented permissions needed for Internet Information Services (IIS).
- Windows Security Privlige analysis
- Detecting of incorrect credentials for the configured anonyous user
- Testing of custom domain account credentials for authentication with analysis of failures
Benefits
- Eliminates the need to looking at un-important events that lead troubleshooting down the wrong path
- Quick access to tools needed to correct configuration problems such as IIS Manager and Windows Explorer
- Detailed analysis and help system
Requirements
This tool needs access to privilege system and IIS data and requires Windows Administrator privileges. The tool will fail at startup if run on a system by a user without administrator prilvileges.
AuthDiag 1.0 has no support for running the tool from a remote client. It requires adminstrators to directly log on the server, or use a terminal client to access the console.