Solved

WWW-Authenticate header error

Posted on 2006-06-15
9
4,557 Views
Last Modified: 2008-05-29
I have a SonicWall SSL-VPN 2000 hardware VPN box that users use to connect to a 2003 Server.  The server hosts e-mail, files, and Sharepoint.  You can create links to internal web services and it passes the credentials to the resource.  When I follow a link to the sharepoint intranet site, I get the following error:

TTP/1.1 401 Unauthorized Content-Length: 1656 Content-Type: text/html Server: Microsoft-IIS/6.0 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="server.nwi.local" X-Powered-By: ASP.NET MicrosoftSharePointTeamServices: 6.0.2.6568 Date: Thu, 15 Jun 2006 16:09:02 GMT Connection: close You are not authorized to view this page
You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.  

I assume it's something to do with how the device is passing the credentials to the web server.  What settings would I need to change on the IIS site to allow it to accept WWW-Authenticate headers?
0
Comment
Question by:itgrouptn
  • 4
  • 3
  • 2
9 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 16915481
http://www.microsoft.com/windows2000/en/server/iis/htm/core/iiauths.htm#enablebasic

Bear in mind that basic authentication *IS NOT* considered to be secure unless done over https. It is the simplest method of authentication, and as such virtually every browser supports it.

If you want to understand more about how it all works, then:

http://old.owasp.org/columns/jlima/joelima2.html

will give you a good overview.

HTH:)
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16918282
Can you tell us whats there in IIS logs for this whole thing. Or just copy paste the whole communication frm the iis logs..
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16918291
And does it work fine when being accessed from a directly connected machine?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:itgrouptn
ID: 16930354
This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when the VPN hardware device tries to authenticate on behalf of the client.  It may be an issue with trusted delegation.  Basic authentication and integrated windows authentication is enabled.  I'll post the IIS logs shortly.
0
 

Author Comment

by:itgrouptn
ID: 16930410
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2006-06-18 17:58:36
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2006-06-18 17:58:36 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

2006-06-18 18:04:08 192.168.1.2 GET /_vti_bin/owssvr.dll - 443 - 192.168.1.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254

Here are two separate attempts to connect via the VPN box.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16930510
>This is over https.  Authentication works perfectly when accessing it directly or over VPN.  This issue only surfaces when >the VPN hardware device tries to authenticate on behalf of the client

I think that you need to be looking at the configuration of the VPN Hardware rather than the client/server? VPN hardware is supposed to be (as neart as dammit!) transparent!
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16933183
I think your vpn box is the problem. Its not able to forward the integrated authentication. So what you can do is you can use ssl with Basic authentication for Sharepoint website.

0
 

Author Comment

by:itgrouptn
ID: 16940029
I have basic authentication enabled for the sharepoint site and it is restricted to SSL.  The link I created to exchange webmail works fine, so I think it's something specific to SharePoint.
0
 
LVL 4

Accepted Solution

by:
ansh_gupta earned 500 total points
ID: 16940304
Yes sharepoint is not supposed to be working from outside. remember that.. Basic auth may not work with sharepoint coz it has ISAPI filters and extensions which ask for integrated auth. thats y its not supposed to work frm outside.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question