Overview
Authentication and Access Control Diagnostics (AuthDiag) tool designed specifically to troubleshoot authentication and authorization (access control) failures. AuthDiag offers several features to narrow down and isolate the cause of 401.1, 401.3, and some Active Server Pages (ASP) 500 errors.
Security failures caused by invalid credentials or incorrect permissions are often difficult to locate the root cause and with AuthDiag users have a one easy-to-use tool to do all troubleshooting.
AuthDiag does system-level analysis as well as IIS configuration verficiation and detects potential causes of failures. It offers users the ability to Check Authentication, Check Permissions for a user or site path, and Monitor URL Failures (AuthMon). Beyond helping users test all authentication types available in IIS (excluding Microsoft Passport), AuthDiag offers users the ability to monitor requests as they come into the Web server using AuthMon and analyze for failures. AuthMon (as this feature is commonly referred to) logs all data to disk for later retrieval but also allows the user to stop and restart monitoring directly from the User interface.
AuthDiag 1.0 also offers users the opportunity to verify the setup of Service Principal Name (SPN) that are stored in Microsoft Active Directory. Also offered is a verification of User
Rights and Privileges versus a built-in list of needed permissions and warns when rights or
privileges are not found.
Requirements
This tool needs access to privilege system and IIS data and requires Windows Administrator privileges. The tool will fail at startup if run on a system by a user without administrator
privileges.
AuthDiag 1.0 has no support for running the tool from a remote client. It requires
administrators to directly log on the server, or use a terminal client to access the console.