Solved

WWW-Authenticate header error

Posted on 2006-06-15
9
4,571 Views
Last Modified: 2008-05-29
I have a SonicWall SSL-VPN 2000 hardware VPN box that users use to connect to a 2003 Server.  The server hosts e-mail, files, and Sharepoint.  You can create links to internal web services and it passes the credentials to the resource.  When I follow a link to the sharepoint intranet site, I get the following error:

TTP/1.1 401 Unauthorized Content-Length: 1656 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="server.nwi.local" X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 6.0.2.6568 Date: Thu, 15 Jun 2006 16:09:02 GMT Connection: close You are not authorized to view this page
You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.  

I assume it's something to do with how the device is passing the credentials to the web server.  What settings would I need to change on the IIS site to allow it to accept WWW-Authenticate headers?
0
Comment
Question by:itgrouptn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16915481
http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiauths.htm#enablebasic

Bear in mind that basic authentication *IS NOT* considered to be secure unless done over https. It is the simplest method of authentication, and as such virtually every browser supports it.

If you want to understand more about how it all works, then:

http://old.owasp.org/columns/jlima/joelima2.html

will give you a good overview.

HTH:)
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16918282
Can you tell us whats there in IIS logs for this whole thing. Or just copy paste the whole communication frm the iis logs..
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16918291
And does it work fine when being accessed from a directly connected machine?
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:itgrouptn
ID: 16930354
This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when the VPN hardware device tries to authenticate on behalf of the client.  It may be an issue with trusted delegation.  Basic authentication and integrated windows authentication is enabled.  I'll post the IIS logs shortly.
0
 

Author Comment

by:itgrouptn
ID: 16930410
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-18 17:58:36
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-18 17:58:36 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

2006-06-18 18:04:08 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

Here are two separate attempts to connect via the VPN box.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16930510
>This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when >the VPN hardware device tries to authenticate on behalf of the client

I think that you need to be looking at the configuration of the VPN Hardware rather than the client/server? VPN hardware is supposed to be (as neart as dammit!) transparent!
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16933183
I think your vpn box is the problem. Its not able to forward the integrated authentication. So what you can do is you can use ssl with Basic authentication for Sharepoint website.

0
 

Author Comment

by:itgrouptn
ID: 16940029
I have basic authentication enabled for the sharepoint site and it is restricted to SSL.  The link I created to exchange webmail works fine, so I think it's something specific to SharePoint.
0
 
LVL 4

Accepted Solution

by:
ansh_gupta earned 500 total points
ID: 16940304
Yes sharepoint is not supposed to be working from outside. remember that.. Basic auth may not work with sharepoint coz it has ISAPI filters and extensions which ask for integrated auth. thats y its not supposed to work frm outside.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question