After upgrading from 7.1 to 7.5 (SMP), we are getting 401 errors when trying to access the console through any domain account that is not alos in the local administrators group. Our NS is a VM running Windows Server 2008 R2 Standard SP1.
Those of us that are full admins can access the console just fine because our domain accounts are also in the server's local Administrators group. The clients seem to be able to get config & MD policies, and submit inventory & status just fine.
We have multiple users in a "Report Viewers" role in the console, and it was working just beautifully prior to upgrade. After the upgrade, any domain user that is in the role but is not also in Local Administrators group is getting 401 errors when trying to reach the console. If I add the user's domain account to the local Administrators group, the console pulls up for them just fine. If I remove them again, it stops working.
They get prompted for credentials by IE 3 times, and then it gives them
401 - Unauthorized: Access is denied due to invalid credentials.
The IIS Log shows the connection attempt, but there is no ID listed that is being sent with the request.
The Security Event log shows a failed logon audit (Event ID: 4625) specifying a "NULL SID" and a Failure Reason of, "Unknown user name or bad password" - even though I know that the user & password are good because I'm currently using them to log on/off/on other systems with.
If anyone has encountered this & has a resolution, I'd be very grateful!!