cannot access companyweb from SBS domain controller

I am unable to connect to the company web from our SBS 2003 domain controller using the regular URL http://www.ourdomain.com/companyweb
However, the site runs fine from client machines in our network.
I have Integrated Windows Authentication turned on for the site, and run the website under a specific user identity (identity impersonate), so that it can access our SQL server database (stored on another server).
When trying to log onto the site from the domain controller, it prompts for username and password, but it doesn't authenticate. The event log has following errors:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      MyName
       Domain:            OurDomain
       Logon Type:      8
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      GFSBS
       Caller User Name:      NETWORK SERVICE
       Caller Domain:      NT AUTHORITY
       Caller Logon ID:      (0x0,0x3E4)
       Caller Process ID:      4304
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -

The strange thing is, if I connect using the URL:
https://companyweb:444/
then the site DOES work! This is not good though, because I need to access web services in code, sometimes from outside the network, so I need an absolute URL that will work anywhere.

I also found the following error earlier, althuogh this doesn't seem to happen every time I try to log on:
Logon Failure:
       Reason:      The user has not been granted the requested
             logon type at this machine
       User Name:      aspUser [used with identity impersonate]
       Domain:            GLOBAL
       Logon Type:      5
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      GFSBS
       Caller User Name:      NETWORK SERVICE
       Caller Domain:      NT AUTHORITY
       Caller Logon ID:      (0x0,0x3E4)
       Caller Process ID:      4304
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -

I also notice that the Sharepoint service isn't running on the SBS box, and refuses to start. I get a message every day that it's stopped and as a result I won't receive the daily monitoring emails. If I try to restart the sharepoint service, it just says
---------------------------
Services
---------------------------
Could not start the MSSQL$SHAREPOINT service on Local Computer.

Error 1053: The service did not respond to the start or control request in a timely fashion.

Any suggestions? As I say, the companyweb works fine from client workstations, it's only
LVL 3
Billy_LondonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Billy_LondonAuthor Commented:
interesting, but it won't install the update 961143 on my server
i don't think it's picking it up because sharepoint isn't running on the machine. i have overwritten the default companyweb website, which might have something to do with it.
can i force the update on the machine somehow?
0
Cris HannaSr IT Support EngineerCommented:
Well, Companyweb is a sharepoint site, so if you aren't running sharepoint, not of that applies.   That info would have been helpful in your original posting.
If you can't get to it, it's most likely a DNS issue, but I wouldn't have a clue where to point you because it's not standard.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Billy_LondonAuthor Commented:
sorry should have been clearer.
I tried with a completely new site - not sharepoint. I created virtual directory on IIS and left windows authentication checked. it will not run - it keeps asking for credentials. If I tick "allow anonymous connections" and specify a valid account, it will let me browse to the site, which suggests it can find it on DNS. So somehow, the authentication isn't working on the local box. could it be a kerberos issue?
any ideas?

thanks
joel
0
Cris HannaSr IT Support EngineerCommented:
I'm not an IIS wizard by any means, but it suggests that security on the Virtual Directory needs to be modified to allow Authenicated Users
0
Billy_LondonAuthor Commented:
following article solved it:
http://kbalertz.com/Feedback.aspx?kbNumber=896861
I followed the link to "Microsoft Fix it 50306" where it downloads the fix from microsoft.com and resets the registry values for you. I didn't need to restart - it worked straight away.
If you don't trust the microsoft fix it (it is straight from microsoft, not a fake site) you can follow their instructions:
To set the DisableLoopbackCheck  registry key yourself, follow these steps:

   1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
      281308Â  (http://kbalertz.com/Feedback.aspx?kbNumber=281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
   2. Click Start, click Run, type regedit, and then click OK.
   3. In Registry Editor, locate and then click the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
   4. Right-click Lsa, point to New, and then click DWORD Value.
   5. Type DisableLoopbackCheck, and then press ENTER.
   6. Right-click DisableLoopbackCheck, and then click Modify.
   7. In the Value data box, type 1, and then click OK.
   8. Quit Registry Editor, and then restart your computer.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.