I am trying to troubleshoot a problem with a third party web app, and the vendor refuses to investigate without Fiddler logs from a workstation.
The app is hosted locally on IIS in our network, and is using HTTPS issued by our domain CA. We are using NTLM and Negotiate authentication with kernel-mode auth enabled.
If I enable Fiddler decryption, external HTTPS sites work and decrypt without issue, but this site (and another internal IIS site with a similar configuration) prompt endlessly for credentials and/or return 401 unauthorized. I have searched and searched but can't find anything explaining how to solve this problem. The application pool is running under a domain service account per the vendor's setup directions.
I do see the NTLM and Negotiate headers in the request but something is clearly not right.
I am a sysadmin but I am not very experienced with IIS or web development so it may be something very obvious that I'm missing. Any help would be appreciated.
OK, I am not sure what might be causing the 401 issues you are dealing with, but perhaps you could try an alternative solution to provide logs for further investigation. The team recently published Fiddler Jam, which can capture logs directly from within a Chromium browser. Perhaps you could try to generate a JAM log and send it to the vendor to investigate it using the Fiddler Jam dashboard (there is a free trial for the dashboard usage, and the extension is entirely free).
As for the 401 issue, could you check if the solution mentioned in this KB article is applicable for your case?
I have tried this both ways with no change in behavior. I still get a continuous stream of 401 prompts every time I load the page if Fiddler is running.
Check the if Ignore server certificate errors (unsafe) option is enabled (from Settings > HTTPS).