Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 584
  • Last Modified:

IIS Service

My company are migrating to a new Domain. There is a 2 way trust setup between the old Domain A and the new Domain B.
I've installed a IIS server on the new Domain B. When users from the old Domain A try to access the site it's running they get error "No Authority could be contacted to authorisation".
I've tried mapping to a machine on the new Domain and get message there are no logon servers availaible to service the request.

The web site running on the new IIS server cannot have anonymous access as it needs to use the windows login for users on the new Domain to function.

Anyone know how i can set it up so users on the old domain can access this resouce?
0
jonhagger
Asked:
jonhagger
  • 5
  • 3
  • 2
  • +1
1 Solution
 
younghvCommented:
When connecting to the new domain, have you tried logging on as "DOIMAINNAME\USERNAME"?
When you specifically name the domain (before your network name), you can force the authentication to that domain.
Good Luck,
Vic
0
 
jonhaggerAuthor Commented:
They're not prompted for a username/password. Just fails straight away!
0
 
younghvCommented:
Are your users not required to log onto their computers?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
speednowCommented:
To turn on logging on a Web site, follow these steps:
1.      Start the Internet Information Services Manager. To do this, click Start, point to Administrative Tools, and then click Internet Information Services.
2.      Double-click your server_name, where server_name is the name of the server.
3.      Expand the Web Site folder.
4.      Right-click the Web site for which you want to turn on logging, and then click Properties.
5.      On the Website tab, select Enable Logging.
Note Both Enable Logging on the Website tab and Log visits on the Home Directory Tab must be checked for logging to be enabled.
6.      Select a format in the Active log format list.
7.      Click Properties.
8.      On the General tab, select the way that you want to schedule the logging or change the Log file folder. For more information, see the Configuration Options for Saving IIS Log Files section of this article.
9.      Click the Advanced tab, and then click the items that you want to monitor in the log.NOTE: If you select ODBC logging, click Properties, provide the ODBC Data Source Name (DSN), table, user name, and password, and then click OK.
10.      Click OK.

----------------------------------------------------------------
Now Restart IIS on Domain B

Try to enter. Now copy back the IIS LOG here.

Find the log here: C:\winnt\System32\LogFiles
0
 
speednowCommented:
IIS6 Windows 2003 ?
0
 
Leon FesterCommented:
This is definitely a problem that occurs when authenitcation happens via a Trusted Domain

Check out Authentication and Access Control Diagnostics 1.0
http://www.microsoft.com/downloads/details.aspx?FamilyID=e90fe777-4a21-4066-bd22-b931f7572e9a&DisplayLang=en

Authentication and authorization failures are common on Internet Information Services (IIS) platforms. AuthDiag is a tool designed to aid customers in effectively troubleshooting and determining the root cause of the problem.
0
 
jonhaggerAuthor Commented:
The server is W2k3 with IIS6. I've enabled the logging but the connection attempts don't show.
When i tested with anonmous access from the old domain were able to access OK but it used the local IIS machine account (this attempt shows up in the logs).

DVT - where do i need to run the tool? on the IIS server or on the client?

Thanks
0
 
Leon FesterCommented:
To install Authentication and Access Control Diagnostics 1.0 manually, please follow these steps:

1). Download and save authdiag.msi to your workstation or server
2). Double-click on authdiag.msi and click Next at the Authdiag (x86) Wizard
3). Accept the terms of the License Agreement (Required)
4). Accept the default username and organization or change and click Next
5). Choose the installation type and click next
6). Click Install

Upon completion of the installation, Authentication and Access Control Diagnostics 1.0 will be shown on the programs menu under "IIS Diagnostics\AuthDiag."

To automate the installation, please download the authdiag.msi file and do the following steps:

1). Click Start | Run and enter cmd.exe and click Run
2). Change to the download directory where AuthDiag.msi is located
Ex: cd AuthDiag
3). At the command prompt, type the following: msiexec /i authdiag.msi /q

This should successfully install AuthDiag with no user interaction. :)
0
 
jonhaggerAuthor Commented:
I logged onto the IIS server locally (off DOMAIN) and ran tool. Error reported : Service principal name (SPN) for machine 'servername' not found in Active Directory. Can this be related?
0
 
jonhaggerAuthor Commented:
Is there a way to force IE to prompt for a username and password when loading the site?
0
 
Leon FesterCommented:
That is exactly the problems that you're looking for.

Heres some steps to fix that error.
http://support.dspanel.com/help43/Server_Configuration/Delegation.htm
0
 
jonhaggerAuthor Commented:
I've got WINS dynamic registration allowed on the WINS server and the host files for the PDC are present on the old domain PDC WINS :(
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now