IIS can perform Windows Authentication to allow your users to a web application. This authentication process can take place on the user-mode (IIS worker process) or kernel-mode (HTTP.SYS).
If you configure IIS to perform it in kernel-mode, you can add maximum 64 bindings to your site. If you add 65 or more bindings, IIS will show “401.2 Unauthorized: Logon Failed Due to Server Configuration with No Authentication” error even though the credentials you submit are correct.
Microsoft has confirmed this limitation. A change for Windows Server 2008 R2 or Windows Server 2012 R2 is not expected.
Workaround for IIS binding limit
The workaround is that using user-mode authentication for your application which has Windows Authentication on.
In order to use user-mode authentication instead of kernel-mode:
- Go to IIS Manager
- Click on the website
- Double click on “Authentication“
- Select “Advanced Settings” on the right side
- Uncheck “Enable Kernel-mode authentication“
Afterwards, continue with these steps:
- Go to IIS Manager
- Click the website name
- Double click on “Configuration Editor“
- Select “system.webServer/security/ authentcation/windowsAuthentication” from the path
- Set “True” for “useAppPoolCredentials“
- Set “False” for “useKernelMode“
- Click “Apply“
A discussion about the binding limit on IIS forum.
If Windows Authentication is failing and you are using IBM Cognos, check this post out: Windows Authentication is failing for IBM Cognos.
Another possible cause for Windows Authentication failure is the February updates. More information: Authentication stops working after installing February 2019 updates.
