Multiple logins needed for RWW - IIS problems?

Posted on 2008-10-22
Medium Priority
Last Modified: 2013-11-21
I have a customer with a SBS 2003 Server and I am trying to configure Remote Web Workplace.  I am using a Linksys BEFSX41 firewall router.  I am having multiple problems.  
Externally, I can access OWA with no problems.  For RWW, I am prompted to login 3 times.  The first login is a dialog box.  The second is the RWW screen.  The third is another login box.  Once I login all three times, RWW is started.    
Internally, I can access both OWA and RWW with no additional login prompts.

I believe this to be a problem with IIS authentication/permissions.  I compared IIS settings to my server where RWW and OWA work with no issues.  I made numerous changes to IIS to try to fix this issue but nothing has worked thus far.  Here is a summary of what I did with IIS:
-Corrected IP address of companyweb.
-Changed port number for SharePoint Central Administration to 8083.  (McAfee Enterprise was using 8081)
-Unchecked use of "basic authentication" for default website.  When I did this, I was presented with a box for "inheiritance overrides" for other things that were using basic authentication and I selected all.  This broke access to OWA, but I added basic authentication for /Exchange and fixed that issue.

Do I have this in a big knot?  I am not sure what else to check.  Help!

Another issue I am having is that once I connect to RWW, I cannot connect to most of the client computers.  Some are setup up with custom RDP ports which, I guess, I will need to change back to 3389.  On other computers, I have verified that port 3389 is in the registry key but I have confirmed with netstat that port 3389 is not listening.  Can I configure these changes company wide via group policy or do I have to manually make the changes at each station?
Question by:ableinc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 22783403
Did you do all the steps in the To Do List under server Management?
Especially point 2 and 3 are a must to configure your Networking and RWW.
If you use the setup computer wizard and the connectcomputer wizard to join your workstations it should reset your RDP to 3389 and add the correct permisions (using GPO).
Let me know if you need more info on any of these.

Author Comment

ID: 22785440
Yes, I have rerun those 2 wizards but it did not resolve the issue.  Could it be that some things under IIS require basic authentication?  

Accepted Solution

ableinc earned 0 total points
ID: 22787512
I was able to resolve this issue.  The problem was that the password for the anonymous user account was not sychronized.  Here is what I used to resolve the issue:
Taken from site:  http://blogs.msdn.com/saurabh_singh/archive/2007/07/01/troubleshooting-anonymous-authentication-failures-in-iis.aspx

Password Synchronization issues:
I have seen a lot of support calls (I mean a LOT) where password synchronization has been the issue, and this is very very simple to fix.
Anonymous username's password are stored in two places in IIS 6.0: In the IIS metabase and in the SAM database.
If the password at these places are not synchronized (not same), anonymous authentication will fail. They have to be same.
So do this as the first step in troubleshooting:
1) Find out how many places we have the anonymousername set by following the command I mentioned above. Here I mention it again:
<Systemdrive>\Inetpub\Adminscripts>cscript.exe adsutil.vbs find anonymoususername
2) If you have it set at multiple places, find out the specific site you are having problem with. Check the anonymous username for it and then check the password.
<Systemdrive>\Inetpub\Adminscripts>cscript.exe adsutil.vbs get w3svc/<Website Identifier>/anonymoususerpass
[You may find the password in encrypted format like ************. In such a case you need to modify the adsutil.vbs file to get the exact password. Open Adsutil.vbs in notepad from the above location and search for the function "IsSecureProperty(ObjectParameter,MachineName)".
In this function IsSecureProperty(ObjectParameter,MachineName), you will find the following code:
Function IsSecureProperty(ObjectParameter,MachineName)
On Error Resume Next
Dim PropObj,Attribute
Set PropObj = GetObject("IIS://" & MachineName & "/schema/" & ObjectParameter)
If (Err.Number <> 0) Then
ReportError ()
WScript.Echo "Error trying to get the property: " & err.number
WScript.Quit (Err.Number)
End If
Attribute = PropObj.Secure
If (Attribute = True) Then
IsSecureProperty = True              <--------
IsSecureProperty = False
End If
End Function
In the highlighted line above, change the value to False, save and now rerun the adsutil.vbs command and you should see the actual password]
or if you have it set at the global level only, check this:
<Systemdrive>\Inetpub\Adminscripts>cscript.exe adsutil.vbs get w3svc/anonymoususerpass
Copy the password from here and go to Computer management->System Tools->Local Users and Groups->Users
You should find the username (By default, IUSR_<machinename> is used by IIS) [Unless you have Domain controller and Web server running on the same box. In such a case you need to look for the domain user name under Active Directory Users and Computers. I will talk about DC and IIS running on the same box later, this is really important!]
Change the password for Username (or, IUSR_<machinename>), by pasting the password that you got from metabase."

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question