?
Solved

SBS 2008 RWW 'Connect to Computer' otption continuously prompting for authentication

Posted on 2010-08-13
10
Medium Priority
?
2,740 Views
Last Modified: 2012-05-10
Hi there,

Platform: SBS 2008 SP2 with XP SP3 Clients.

Anybody have any ideas as to why when I add a computer name and the mandatory server name to the list under ‘Log On To...’ option (under Active Directory Users and Computers, right click properties on user account / select ‘Account’ tab / click ‘Log On To…’) I am constantly prompted to enter user name and password credentials when trying to ‘Connect to a Computer’ using RWW, but when I remove the computer names from the list I am then successfully able to connect?

Background / Initial Requirement; want to specify a workstation logon restriction that will allow a user to log on only to a specified computer in domain – This was successfully achieved via Active Directory Users and Computers i.e. right click properties on user account / select ‘Account’ tab / click ‘Log On To…’ option and add computer name to the list – user is now able to only logon to the allocated workstation on internal LAN so problem solved here – the user is also a RWW user – user is able to access the initial RWW page but after entering username and password credentials a username / password authentication failure is displayed continuously (even after retries), if I remove the computer name from the ‘Log On To…’ option list, the user is successfully able to access RWW – the fix here was simply to also include the server name in addition to the workstation name to the ‘Log On To…’ list - so, not only is the user only permitted to use the one allocated PC on the LAN but he can also access RWW and is able to access the ‘check E-Mail’ option – The problem I have now is that when I click on the ‘Connect to a Computer’ option I’m displayed with the standard ‘Enter your credentials’ dialog box but upon entering user name (domain\username) and password it redisplays the same ‘Enter your credentials’ dialog box continuously without an error message (even after retries) – any ideas as to why this is happening and how to fix it?

Many Thanks,

Sam.
0
Comment
Question by:sam180y
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33429485
Have you already chosen the user's workstation or is this the initial prompt when click the RWW link?  I know you can click the link to display a list of computer and pick their workstation from the list, THEN connect specifically to it.  What might be happening, since you've added the server, it might be checking security for all the computers in the list.  I'm guessing the users don't have remote access to the server.  If you either removed the server and tested again or gave the security to access the server remotely it would work.  Thoughts?
0
 
LVL 3

Expert Comment

by:comphil
ID: 33429510
Unless I've misunderstood your problem, your user is now set to log on only to their allocated workstation and the server (to allow access to the RWW which makes sense).  What was the reason for doing this?  If it was to stop them taking remote control of other PCs this isn't the best way to do it.

In the Windows SBS Console under User account properties you can select which computers the user has remote access to.  Restrict this to only their PC (not the server) and it's the only one that will appear in the list.

If this isn't the answer, does RWW work OK if you temporarily remove the Log On To restriction?
0
 

Author Comment

by:sam180y
ID: 33429833
Hi comphil

Thanks. Yes, without the 'Log on to' option having any computer restrictions then RWW works. I couldn't even log on without the SBS server being in the list of allowed PCs, which does make sense.

The issue isn't restricting which PC they connect to, but authenticating via RWW when the 'Log on to' option has been set. It just won't log in, and keeps returning the user to the log in screen.

Thanks
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 3

Expert Comment

by:comphil
ID: 33429889
OK, what I'm trying to say is - do you really need the Log On To setting configured under AD?  If you're not bothered about local logins being restricted and only want to stop the user logging on to other PCs via RWW other than their own, the correct way to do this is via the Windows SBS Console.

So really I'm asking, which type of login are you specifically trying to restrict?  Local, remote or both?

If it's local and therefore you do need to keep the AD settings, try logging on to RWW and let it chuck you out as it has been doing, then check the Security event log on the server and see if there's any relevant information in there pertaining to that user's account around the time you tried it.
0
 

Author Comment

by:sam180y
ID: 33430339
Appreciate your rapid reponse comphil - I want to specify workstation logon restrictions that will allow users to log on only to specified computers in the domain - so yes, I am specifically trying to restrict local login - this is working perfectly on my LAN currently using the 'Log On To' option - issue is with the RWW users who have workstations on the LAN.

I will check the security event log on the server as you have suggested and revert.

Thanks again.

Sam.
0
 

Author Comment

by:sam180y
ID: 33436886
Hello again, back with some good news – I’ve managed to resolve the problem (thanks for pointing me in the right direction comphil).

The security event log showed an Audit Failure Event 4625, Failure Reason: User not allowed to logon at this computer / Status: 0xc000006e / Sub Status: 0xc0000070.

This link http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4625 (particularly section heading ‘Failure Information:’) helped me identify where the problem was by using the ‘Sub Status’ information above i.e. identified as ‘workstation restriction’.

The fix was to simply also add the computer name (under the ‘Log On To’ list) of the remote computer trying to access RWW – makes sense when you think about it.

Thanks for your help in resolving this so quickly and appreciate your rapid respone too diqitap.

Sam.
0
 
LVL 3

Accepted Solution

by:
comphil earned 1500 total points
ID: 33438060
Hi Sam,

Well done on finding the fix, glad to help.

So you had to add the name of the PC you were using to access RWW into the Log On To - even though this PC would of course not be listed in AD?  Or am I misunderstanding that bit?

Don't forget to mark the question answered too.

Phil
0
 

Author Comment

by:sam180y
ID: 33438119
Hello Phil,

You have not misunderstood, that's spot on!

Speak soon.

Thanks again.

Sam.

0
 

Author Closing Comment

by:sam180y
ID: 33438153
This was my very first post on this forum and I have to say I was very impressed with how rapidly i received responses to my query which in turn helped me in resolving my issue in a timiely fashion. It was also comforting that the expert (comphil in this case) grasped exactly what my problem was too i.e. i knew i was in good hands. Many thanks, Sam.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33438237
glad you had a good experience.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question