We are using ARR+URL Rewrite to balance the load between several instances of a web application on a single machine.
- The instances are running on ports 10000, 20000, etc.
- For each instance there is a record in the server hosts file (e.g., site1 127.0.0.1)
- Servers are added to the server farm (e.g. site1:10000, site2:20000)
- There's a simple URL Rewrite rule that routes requests that match shortappname/(.*) to the server farm with URL /fullappname/{R:1}
This set up worked fine until we switched the application from forms-based authentication to windows authentication. The default ARR web site has only anonymous auth on, the app sites have only windows auth switched on, and I'm getting the 401.2 error message after being requested for my credentials three times. If I access any specific instance on e.g. http://machine:10000/fullappname/, everything works. I've read everything Google has thrown at me, and I have no idea what's wrong.
- Kernel mode auth is switched on and all app pools are running under the network service account
- There are HOST SPNs for both NetBIOS and fully qualified names registered for the server account (which shouldn't even matter, since everything runs on the same machine)
- If I switch auth mode to NTLM only, I still get this error.
I am not an IIS administrator (I am responsible for the functionality of this app), but no one else here has experience with ARR.