Solved

IIS 6 - Windows Authentication to a trusted domain fails

Posted on 2004-10-14
3
3,447 Views
Last Modified: 2012-06-22
I am in the process of deploying sharepoint in an extranet environment.
All external users have an account created on the extranet server (Domain B) and are able to authenticate.

All internal users have accounts on a seperate server (Domain A). I have setup a one-way trust between Domain A and Domain B.

I have added a group on Domain B called "Internal Accounts" and successfully added users from Domain A.

Within the sharepoint portal I have granted "Reader" access to the "Internal Accounts" group.

When an internal user attempts to login, they receive an internal 500 error.
Error Code: -1073740781 (0xc0000413) - Login Failure

If I attempt to login using an account that doesn't exist, I receive an authentication error.
Since I am receiving an Internal 500 error for the problem above, I would assume that Sharepoint does recognize that the user exists, but cannot process some information.

Could this have something to do with the way that Sharepoint impersonates user accounts. Is it possible that even though I have setup the trust, that the impersonated account does not have permission to Domain A's active directory.

Does anyone know if this is a Windows issue I am having or Sharepoint issue?

Many thanks!
0
Comment
Question by:mmcleod1
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 125 total points
ID: 12314074
Sounds like you may actually have a Forest trust rather than a domain trust:

To select the scope of authentication for users authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties. On the Authentication tab, click either Forest-wide authentication or Selective authentication.

With Selective authentication there is additional configuration that needs to take place.

I would suggest using Forest-wide authentication in this case.

See if it helps....  :)

Dave Dietz
0
 

Author Comment

by:mmcleod1
ID: 12323350
Dave, thanks for the suggestion.

Under the Authentication tab, I have an option for Domain-Wide authentication or selective authentication.  (Not Forest-wide authentication)

The trust setup is: domainA.mycompany.net
I have tried adding the trust: mycompany.net and receive the same results.

Any other thoughts?
0
 

Author Comment

by:mmcleod1
ID: 12339035
Well it seems to be working this morning so maybe I just had to be more patient?!?!?
Thanks anyway Dave.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now