IIS: Authentication Fails with Error Code 2148074254

Recently, we migrated a web application to a SharePoint server. The web application is a custom built ASP/ASPX app that supports Integrated Windows Authentication. We were able to run the application successfully using Anonymous Access but we were unable to authenticate from remote computers when Anonymous Access was disabled.

I checked the NTFS permissions and double checked the IIS properties for both the Web site and the Virtual directory and everything was setup properly. Different types of domain accounts, even Domain Admins, were attempted and none were able to login successfully from remote machines. Logging in from the server itself, however, worked just fine.

Our SharePoint sites which Windows Authentication and Kerberos were authenticating properly, so it wasn’t the server. I checked the web server logs and saw HTTP 401 errors failing with the IIS specific code “2148074254.” Searching the web turned up nothing useful. I tried a registry change and even rebooted the server to no avail.

I checked the server again — local login works just fine, remote logins do not. I recalled experiencing something similar with another application I’d written and the problem had to do with Kerberos’ restrictions on double-hop authentication. Maybe this site just needs an SPN?

I created a new application pool, assigned the web application to that pool and ran the pool as a domain user. I then created an SPN using the hostname of the newly migrated site.

Setspn.exe -A HTTP/vieval.domain.com domain\iisservice
Setspn.exe -A HTTP/vieval domain\iisservice

Success! Once the registration was complete, we were able to login to the web application. I find it surprising that the Kerberos setting is server-wide. Anyone know the reasons why?

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory, IIS, Security, SharePoint
5 comments on “IIS: Authentication Fails with Error Code 2148074254
  1. An IT person says:

    We had a similar issue and found that the server was trying to use ports 65190 and 56102, but those were being blocked by our DMZ firewall. We opened those for now and it's working, but it smells fishy, and I'm concerned that new dynamic ports will be chosen after a reboot. Gotta call Microsoft on this one and see what's up with the high ports.

  2. search here says:

    I have also experienced the same kind of error. This might be most probably due to a inner looping. But I have tried and failed. Could anyone please help me with the codes? I have been in vain for every single effort of mine.

  3. Dominique says:


    I checked the access to the site works fine… but IIS is still logging these two records for each desktop… (there are 15,000 desktops which means we have 15,000 failures on IPs… and it is checked every 15 seconds…
    2014-08-07 16:27:11 GET /AlertReq.aspx – 80 – DesktopAlert/5.2+(Windows+NT+6.1) 401 1 2148074254 0
    2014-08-07 16:27:11 GET /AlertReq.aspx – 80 AD\CNNWLAEXAMRM3 DesktopAlert/5.2+(Windows+NT+6.1) 200 0 0 0
    so for 24 hours it is over 5,000 lines for each machine meaning 50,000,000 lines per day why this error?


  4. Mike Demster says:

    The error just means no credentials were provided. this will occur during an NTLM handshake when the server responds with the NTLM challenge and before the client makes the final, authenticated request with the full NTLM (not the stub) being passed.

  5. Ben Oakes says:

    I am struggling to find the root cause of an authentication issue. In the IIS weblogs, a user clearly loses authenticated status. How to get rid of this issue??

Leave a Reply