Solved

IIS Service

Posted on 2006-07-11
12
569 Views
Last Modified: 2008-01-09
My company are migrating to a new Domain. There is a 2 way trust setup between the old Domain A and the new Domain B.
I've installed a IIS server on the new Domain B. When users from the old Domain A try to access the site it's running they get error "No Authority could be contacted to authorisation".
I've tried mapping to a machine on the new Domain and get message there are no logon servers availaible to service the request.

The web site running on the new IIS server cannot have anonymous access as it needs to use the windows login for users on the new Domain to function.

Anyone know how i can set it up so users on the old domain can access this resouce?
0
Comment
Question by:jonhagger
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 38

Expert Comment

by:younghv
Comment Utility
When connecting to the new domain, have you tried logging on as "DOIMAINNAME\USERNAME"?
When you specifically name the domain (before your network name), you can force the authentication to that domain.
Good Luck,
Vic
0
 

Author Comment

by:jonhagger
Comment Utility
They're not prompted for a username/password. Just fails straight away!
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
Are your users not required to log onto their computers?
0
 

Expert Comment

by:speednow
Comment Utility
To turn on logging on a Web site, follow these steps:
1.      Start the Internet Information Services Manager. To do this, click Start, point to Administrative Tools, and then click Internet Information Services.
2.      Double-click your server_name, where server_name is the name of the server.
3.      Expand the Web Site folder.
4.      Right-click the Web site for which you want to turn on logging, and then click Properties.
5.      On the Website tab, select Enable Logging.
Note Both Enable Logging on the Website tab and Log visits on the Home Directory Tab must be checked for logging to be enabled.
6.      Select a format in the Active log format list.
7.      Click Properties.
8.      On the General tab, select the way that you want to schedule the logging or change the Log file folder. For more information, see the Configuration Options for Saving IIS Log Files section of this article.
9.      Click the Advanced tab, and then click the items that you want to monitor in the log.NOTE: If you select ODBC logging, click Properties, provide the ODBC Data Source Name (DSN), table, user name, and password, and then click OK.
10.      Click OK.

----------------------------------------------------------------
Now Restart IIS on Domain B

Try to enter. Now copy back the IIS LOG here.

Find the log here: C:\winnt\System32\LogFiles
0
 

Expert Comment

by:speednow
Comment Utility
IIS6 Windows 2003 ?
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
This is definitely a problem that occurs when authenitcation happens via a Trusted Domain

Check out Authentication and Access Control Diagnostics 1.0
http://www.microsoft.com/downloads/details.aspx?FamilyID=e90fe777-4a21-4066-bd22-b931f7572e9a&DisplayLang=en

Authentication and authorization failures are common on Internet Information Services (IIS) platforms. AuthDiag is a tool designed to aid customers in effectively troubleshooting and determining the root cause of the problem.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:jonhagger
Comment Utility
The server is W2k3 with IIS6. I've enabled the logging but the connection attempts don't show.
When i tested with anonmous access from the old domain were able to access OK but it used the local IIS machine account (this attempt shows up in the logs).

DVT - where do i need to run the tool? on the IIS server or on the client?

Thanks
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 250 total points
Comment Utility
To install Authentication and Access Control Diagnostics 1.0 manually, please follow these steps:

1). Download and save authdiag.msi to your workstation or server
2). Double-click on authdiag.msi and click Next at the Authdiag (x86) Wizard
3). Accept the terms of the License Agreement (Required)
4). Accept the default username and organization or change and click Next
5). Choose the installation type and click next
6). Click Install

Upon completion of the installation, Authentication and Access Control Diagnostics 1.0 will be shown on the programs menu under "IIS Diagnostics\AuthDiag."

To automate the installation, please download the authdiag.msi file and do the following steps:

1). Click Start | Run and enter cmd.exe and click Run
2). Change to the download directory where AuthDiag.msi is located
Ex: cd AuthDiag
3). At the command prompt, type the following: msiexec /i authdiag.msi /q

This should successfully install AuthDiag with no user interaction. :)
0
 

Author Comment

by:jonhagger
Comment Utility
I logged onto the IIS server locally (off DOMAIN) and ran tool. Error reported : Service principal name (SPN) for machine 'servername' not found in Active Directory. Can this be related?
0
 

Author Comment

by:jonhagger
Comment Utility
Is there a way to force IE to prompt for a username and password when loading the site?
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
That is exactly the problems that you're looking for.

Heres some steps to fix that error.
http://support.dspanel.com/help43/Server_Configuration/Delegation.htm
0
 

Author Comment

by:jonhagger
Comment Utility
I've got WINS dynamic registration allowed on the WINS server and the host files for the PDC are present on the old domain PDC WINS :(
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now