Solved

Multiple logins needed for RWW - IIS problems?

Posted on 2008-10-22
3
410 Views
Last Modified: 2013-11-21
I have a customer with a SBS 2003 Server and I am trying to configure Remote Web Workplace.  I am using a Linksys BEFSX41 firewall router.  I am having multiple problems.  
Externally, I can access OWA with no problems.  For RWW, I am prompted to login 3 times.  The first login is a dialog box.  The second is the RWW screen.  The third is another login box.  Once I login all three times, RWW is started.    
Internally, I can access both OWA and RWW with no additional login prompts.

I believe this to be a problem with IIS authentication/permissions.  I compared IIS settings to my server where RWW and OWA work with no issues.  I made numerous changes to IIS to try to fix this issue but nothing has worked thus far.  Here is a summary of what I did with IIS:
-Corrected IP address of companyweb.
-Changed port number for SharePoint Central Administration to 8083.  (McAfee Enterprise was using 8081)
-Unchecked use of "basic authentication" for default website.  When I did this, I was presented with a box for "inheiritance overrides" for other things that were using basic authentication and I selected all.  This broke access to OWA, but I added basic authentication for /Exchange and fixed that issue.

Do I have this in a big knot?  I am not sure what else to check.  Help!

Another issue I am having is that once I connect to RWW, I cannot connect to most of the client computers.  Some are setup up with custom RDP ports which, I guess, I will need to change back to 3389.  On other computers, I have verified that port 3389 is in the registry key but I have confirmed with netstat that port 3389 is not listening.  Can I configure these changes company wide via group policy or do I have to manually make the changes at each station?
0
Comment
Question by:ableinc
  • 2
3 Comments
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 22783403
Did you do all the steps in the To Do List under server Management?
Especially point 2 and 3 are a must to configure your Networking and RWW.
If you use the setup computer wizard and the connectcomputer wizard to join your workstations it should reset your RDP to 3389 and add the correct permisions (using GPO).
Let me know if you need more info on any of these.
Olaf
0
 

Author Comment

by:ableinc
ID: 22785440
Yes, I have rerun those 2 wizards but it did not resolve the issue.  Could it be that some things under IIS require basic authentication?  
0
 

Accepted Solution

by:
ableinc earned 0 total points
ID: 22787512
I was able to resolve this issue.  The problem was that the password for the anonymous user account was not sychronized.  Here is what I used to resolve the issue:
Taken from site:  http://blogs.msdn.com/saurabh_singh/archive/2007/07/01/troubleshooting-anonymous-authentication-failures-in-iis.aspx

Password Synchronization issues:
I have seen a lot of support calls (I mean a LOT) where password synchronization has been the issue, and this is very very simple to fix.
Anonymous username's password are stored in two places in IIS 6.0: In the IIS metabase and in the SAM database.
If the password at these places are not synchronized (not same), anonymous authentication will fail. They have to be same.
So do this as the first step in troubleshooting:
1) Find out how many places we have the anonymousername set by following the command I mentioned above. Here I mention it again:
<Systemdrive>\Inetpub\Adminscripts>cscript.exe adsutil.vbs find anonymoususername
2) If you have it set at multiple places, find out the specific site you are having problem with. Check the anonymous username for it and then check the password.
<Systemdrive>\Inetpub\Adminscripts>cscript.exe adsutil.vbs get w3svc/<Website Identifier>/anonymoususerpass
[You may find the password in encrypted format like ************. In such a case you need to modify the adsutil.vbs file to get the exact password. Open Adsutil.vbs in notepad from the above location and search for the function "IsSecureProperty(ObjectParameter,MachineName)".
In this function IsSecureProperty(ObjectParameter,MachineName), you will find the following code:
 
Function IsSecureProperty(ObjectParameter,MachineName)
On Error Resume Next
Dim PropObj,Attribute
Set PropObj = GetObject("IIS://" & MachineName & "/schema/" & ObjectParameter)
If (Err.Number <> 0) Then
ReportError ()
WScript.Echo "Error trying to get the property: " & err.number
WScript.Quit (Err.Number)
End If
Attribute = PropObj.Secure
If (Attribute = True) Then
IsSecureProperty = True              <--------
Else
IsSecureProperty = False
End If
End Function
 
In the highlighted line above, change the value to False, save and now rerun the adsutil.vbs command and you should see the actual password]
or if you have it set at the global level only, check this:
<Systemdrive>\Inetpub\Adminscripts>cscript.exe adsutil.vbs get w3svc/anonymoususerpass
Copy the password from here and go to Computer management->System Tools->Local Users and Groups->Users
You should find the username (By default, IUSR_<machinename> is used by IIS) [Unless you have Domain controller and Web server running on the same box. In such a case you need to look for the domain user name under Active Directory Users and Computers. I will talk about DC and IIS running on the same box later, this is really important!]
Change the password for Username (or, IUSR_<machinename>), by pasting the password that you got from metabase."
 
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now