Recently I was asked to help with an issue where SharePoint kept asking for authentication and after three prompts would show a blank screen. Note: This was error was for loading the default home page not for opening up any type of document.

Typically this is caused by Kerberos and SPN's not being correctly configured for SharePoint, but we were not using Kerberos.

Looking at the IIS log we see the typical 401.2 (anonymous failed) followed by 401.1 (access denied). We quickly verified LoopBackCheck was disabled.

To ensure we are not using Kerberos we removed that authentication option. Authentication can be set at the global or web application level. In this case we will concentrate on the web application level.

Open up Internet Information Services Manager and double click on Authentication.

You will now see the authentication types listed and their status. Select Windows Authentication and then on the right click Providers.

Highlight Negotiate then select remove

We then reset IIS and tried to load our site. It continued to prompt.

Next we decided to ensure Kernel mode authentication was disabled. We went back to the authentication screen and click on Advanced Setting instead of providers.

If Kernel mode is enabled, please disable it as Kernel mode is not supported for SharePoint 2010 and by default SharePoint disables this when web applications are created..

Once again we reset IIS and tested.  We continue to receive prompts.

Next we decided to ensure HTTP Keep-Alive was enabled.

In IIS manager double-click HTTP Response Headers.

On the right, click Set Common Headers


Ensure that Enable HTTP Keep-Alive is checked.

Reset IIS and test.  Once again we are prompted for authentication.

We turned on FREB tracing. The error we received in the trace was "No credentials are available in the security package (0x8009030e)".  An internet search on this did not turn up anything useful for our situation.

We decided to use the IE 8 feature Developer Tools (More info on developer tools). We opened IE and pressed F12 Then loaded the home page.  Normally you would see the HTTP traffic, we saw nothing in the trace.

Next we tried using NETSH to capture network traffic.  Again nothing useful was found.

I reviewed the web.config and ApplicationHost.config files.  Looking these over nothing stuck out, so I decided to replace my web.config with the one from the broken site.  My SharePoint Site loaded with no issues.  I then started the slow painful process of making my ApplicationHost.config file look like the broken SharePoint site's.  After this was complete my lab now showed the same symptoms.

I narrowed it down to recycling of the ApplicationPool.  In the broken site recycling was turned on based on Virtual Memory, Private Memory, Fixed number of Requests, and Regular Time Interval. The ApplicationHost.Config looks like the snippet below. Removing the recycle setting one at a time allowed me to finally narrow it down to Fixed number of Requests, which was set at 4 billion.

                <recycling logEventOnRecycle="Time, Requests, Schedule, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory">
                    <periodicRestart memory="8097152" privateMemory="8097152" requests="4294967295" time="180.00:00:00">
                        <schedule>
                            <clear />
                            <add value="01:26:00" />
                        </schedule>
                    </periodicRestart>
                </recycling>

 

To avoid issues in the future I recommended that the default recycle settings not be modified. http://technet.microsoft.com/en-us/library/cc298550(v=office.12).aspx