IIS: Authentication Fails with Error Code 2148074254

Recently, we migrated a web application to a SharePoint server. The web application is a custom built ASP/ASPX app that supports Integrated Windows Authentication. We were able to run the application successfully using Anonymous Access but we were unable to authenticate from remote computers when Anonymous Access was disabled.

I checked the NTFS permissions and double checked the IIS properties for both the Web site and the Virtual directory and everything was setup properly. Different types of domain accounts, even Domain Admins, were attempted and none were able to login successfully from remote machines. Logging in from the server itself, however, worked just fine.

Our SharePoint sites which Windows Authentication and Kerberos were authenticating properly, so it wasn’t the server. I checked the web server logs and saw HTTP 401 errors failing with the IIS specific code “2148074254.” Searching the web turned up nothing useful. I tried a registry change and even rebooted the server to no avail.

I checked the server again — local login works just fine, remote logins do not. I recalled experiencing something similar with another application I’d written and the problem had to do with Kerberos’ restrictions on double-hop authentication. Maybe this site just needs an SPN?

I created a new application pool, assigned the web application to that pool and ran the pool as a domain user. I then created an SPN using the hostname of the newly migrated site.

Setspn.exe -A HTTP/vieval.domain.com domain\iisservice
Setspn.exe -A HTTP/vieval domain\iisservice

Success! Once the registration was complete, we were able to login to the web application. I find it surprising that the Kerberos setting is server-wide. Anyone know the reasons why?

Posted in Active Directory, IIS, Security, SharePoint
2 comments on “IIS: Authentication Fails with Error Code 2148074254
  1. An IT person says:

    We had a similar issue and found that the server was trying to use ports 65190 and 56102, but those were being blocked by our DMZ firewall. We opened those for now and it's working, but it smells fishy, and I'm concerned that new dynamic ports will be chosen after a reboot. Gotta call Microsoft on this one and see what's up with the high ports.

  2. search here says:

    I have also experienced the same kind of error. This might be most probably due to a inner looping. But I have tried and failed. Could anyone please help me with the codes? I have been in vain for every single effort of mine.

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">