Web Agent Guides › Web Agent Configuration Guide › Manage User Access with IIS › Use the NetBIOS Name or UPN for IIS Authentication

Use the NetBIOS Name or UPN for IIS Authentication

In an IIS network, you may have a NetBIOS name that is different than the domain name for the location of a requested resource. When a user tries to access a protected resource and there are multiple domain controllers, user authentication fails and the web server log shows an "IIS logon failure." You can control whether the UPN or NetBIOS name is sent to the IIS web server with the following parameter:

• UseNetBIOSforIISAuth

  Specifies whether the IIS 6.0 Web Agent sends the user principal name (UPN) or the NetBIOS name to the IIS 6.0 web server for IIS user authentication.

  Note: This parameter is valid only if an Active Directory user store is associated with the Policy Server.

  If you enable this parameter, the Policy Server extracts the UserDN, the UPN, and the NetBIOS name from the Active Directory during SiteMinder authentication, and sends this data back to the IIS 6.0 Web Agent.

  Depending on whether or not you selected the Run in Authenticated User's Security Context option for the user directory with the Administrative UI and how you set the UseNetBIOSforIIAuth parameter, a user's logon credentials are sent as follows:

  • When the UseNetBIOSforIISAuth parameter is set to no, the IIS 6.0 Web Agent sends the UPN name.
  • When the UseNetBIOSforIISAuth parameter is set to yes, the Web Agent sends the NetBIOS name.

  The IIS web server authenticates the user with the credentials it receives from the Web Agent.

  Default: No

To have the Web Agent use the NetBIOS name for IIS authentication, set the UseNetBIOSAuth parameter to yes.