Solved

IIS Service

Posted on 2006-07-11
12
572 Views
Last Modified: 2008-01-09
My company are migrating to a new Domain. There is a 2 way trust setup between the old Domain A and the new Domain B.
I've installed a IIS server on the new Domain B. When users from the old Domain A try to access the site it's running they get error "No Authority could be contacted to authorisation".
I've tried mapping to a machine on the new Domain and get message there are no logon servers availaible to service the request.

The web site running on the new IIS server cannot have anonymous access as it needs to use the windows login for users on the new Domain to function.

Anyone know how i can set it up so users on the old domain can access this resouce?
0
Comment
Question by:jonhagger
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 17083199
When connecting to the new domain, have you tried logging on as "DOIMAINNAME\USERNAME"?
When you specifically name the domain (before your network name), you can force the authentication to that domain.
Good Luck,
Vic
0
 

Author Comment

by:jonhagger
ID: 17083718
They're not prompted for a username/password. Just fails straight away!
0
 
LVL 38

Expert Comment

by:younghv
ID: 17083828
Are your users not required to log onto their computers?
0
 

Expert Comment

by:speednow
ID: 17085959
To turn on logging on a Web site, follow these steps:
1.      Start the Internet Information Services Manager. To do this, click Start, point to Administrative Tools, and then click Internet Information Services.
2.      Double-click your server_name, where server_name is the name of the server.
3.      Expand the Web Site folder.
4.      Right-click the Web site for which you want to turn on logging, and then click Properties.
5.      On the Website tab, select Enable Logging.
Note Both Enable Logging on the Website tab and Log visits on the Home Directory Tab must be checked for logging to be enabled.
6.      Select a format in the Active log format list.
7.      Click Properties.
8.      On the General tab, select the way that you want to schedule the logging or change the Log file folder. For more information, see the Configuration Options for Saving IIS Log Files section of this article.
9.      Click the Advanced tab, and then click the items that you want to monitor in the log.NOTE: If you select ODBC logging, click Properties, provide the ODBC Data Source Name (DSN), table, user name, and password, and then click OK.
10.      Click OK.

----------------------------------------------------------------
Now Restart IIS on Domain B

Try to enter. Now copy back the IIS LOG here.

Find the log here: C:\winnt\System32\LogFiles
0
 

Expert Comment

by:speednow
ID: 17085966
IIS6 Windows 2003 ?
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 17088583
This is definitely a problem that occurs when authenitcation happens via a Trusted Domain

Check out Authentication and Access Control Diagnostics 1.0
http://www.microsoft.com/downloads/details.aspx?FamilyID=e90fe777-4a21-4066-bd22-b931f7572e9a&DisplayLang=en

Authentication and authorization failures are common on Internet Information Services (IIS) platforms. AuthDiag is a tool designed to aid customers in effectively troubleshooting and determining the root cause of the problem.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:jonhagger
ID: 17088673
The server is W2k3 with IIS6. I've enabled the logging but the connection attempts don't show.
When i tested with anonmous access from the old domain were able to access OK but it used the local IIS machine account (this attempt shows up in the logs).

DVT - where do i need to run the tool? on the IIS server or on the client?

Thanks
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 250 total points
ID: 17088752
To install Authentication and Access Control Diagnostics 1.0 manually, please follow these steps:

1). Download and save authdiag.msi to your workstation or server
2). Double-click on authdiag.msi and click Next at the Authdiag (x86) Wizard
3). Accept the terms of the License Agreement (Required)
4). Accept the default username and organization or change and click Next
5). Choose the installation type and click next
6). Click Install

Upon completion of the installation, Authentication and Access Control Diagnostics 1.0 will be shown on the programs menu under "IIS Diagnostics\AuthDiag."

To automate the installation, please download the authdiag.msi file and do the following steps:

1). Click Start | Run and enter cmd.exe and click Run
2). Change to the download directory where AuthDiag.msi is located
Ex: cd AuthDiag
3). At the command prompt, type the following: msiexec /i authdiag.msi /q

This should successfully install AuthDiag with no user interaction. :)
0
 

Author Comment

by:jonhagger
ID: 17088773
I logged onto the IIS server locally (off DOMAIN) and ran tool. Error reported : Service principal name (SPN) for machine 'servername' not found in Active Directory. Can this be related?
0
 

Author Comment

by:jonhagger
ID: 17088836
Is there a way to force IE to prompt for a username and password when loading the site?
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 17088847
That is exactly the problems that you're looking for.

Heres some steps to fix that error.
http://support.dspanel.com/help43/Server_Configuration/Delegation.htm
0
 

Author Comment

by:jonhagger
ID: 17088909
I've got WINS dynamic registration allowed on the WINS server and the host files for the PDC are present on the old domain PDC WINS :(
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now