Solved

SBS 2008 RWW 'Connect to Computer' otption continuously prompting for authentication

Posted on 2010-08-13
10
2,685 Views
Last Modified: 2012-05-10
Hi there,

Platform: SBS 2008 SP2 with XP SP3 Clients.

Anybody have any ideas as to why when I add a computer name and the mandatory server name to the list under ‘Log On To...’ option (under Active Directory Users and Computers, right click properties on user account / select ‘Account’ tab / click ‘Log On To…’) I am constantly prompted to enter user name and password credentials when trying to ‘Connect to a Computer’ using RWW, but when I remove the computer names from the list I am then successfully able to connect?

Background / Initial Requirement; want to specify a workstation logon restriction that will allow a user to log on only to a specified computer in domain – This was successfully achieved via Active Directory Users and Computers i.e. right click properties on user account / select ‘Account’ tab / click ‘Log On To…’ option and add computer name to the list – user is now able to only logon to the allocated workstation on internal LAN so problem solved here – the user is also a RWW user – user is able to access the initial RWW page but after entering username and password credentials a username / password authentication failure is displayed continuously (even after retries), if I remove the computer name from the ‘Log On To…’ option list, the user is successfully able to access RWW – the fix here was simply to also include the server name in addition to the workstation name to the ‘Log On To…’ list - so, not only is the user only permitted to use the one allocated PC on the LAN but he can also access RWW and is able to access the ‘check E-Mail’ option – The problem I have now is that when I click on the ‘Connect to a Computer’ option I’m displayed with the standard ‘Enter your credentials’ dialog box but upon entering user name (domain\username) and password it redisplays the same ‘Enter your credentials’ dialog box continuously without an error message (even after retries) – any ideas as to why this is happening and how to fix it?

Many Thanks,

Sam.
0
Comment
Question by:sam180y
  • 5
  • 3
  • 2
10 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33429485
Have you already chosen the user's workstation or is this the initial prompt when click the RWW link?  I know you can click the link to display a list of computer and pick their workstation from the list, THEN connect specifically to it.  What might be happening, since you've added the server, it might be checking security for all the computers in the list.  I'm guessing the users don't have remote access to the server.  If you either removed the server and tested again or gave the security to access the server remotely it would work.  Thoughts?
0
 
LVL 3

Expert Comment

by:comphil
ID: 33429510
Unless I've misunderstood your problem, your user is now set to log on only to their allocated workstation and the server (to allow access to the RWW which makes sense).  What was the reason for doing this?  If it was to stop them taking remote control of other PCs this isn't the best way to do it.

In the Windows SBS Console under User account properties you can select which computers the user has remote access to.  Restrict this to only their PC (not the server) and it's the only one that will appear in the list.

If this isn't the answer, does RWW work OK if you temporarily remove the Log On To restriction?
0
 

Author Comment

by:sam180y
ID: 33429833
Hi comphil

Thanks. Yes, without the 'Log on to' option having any computer restrictions then RWW works. I couldn't even log on without the SBS server being in the list of allowed PCs, which does make sense.

The issue isn't restricting which PC they connect to, but authenticating via RWW when the 'Log on to' option has been set. It just won't log in, and keeps returning the user to the log in screen.

Thanks
0
 
LVL 3

Expert Comment

by:comphil
ID: 33429889
OK, what I'm trying to say is - do you really need the Log On To setting configured under AD?  If you're not bothered about local logins being restricted and only want to stop the user logging on to other PCs via RWW other than their own, the correct way to do this is via the Windows SBS Console.

So really I'm asking, which type of login are you specifically trying to restrict?  Local, remote or both?

If it's local and therefore you do need to keep the AD settings, try logging on to RWW and let it chuck you out as it has been doing, then check the Security event log on the server and see if there's any relevant information in there pertaining to that user's account around the time you tried it.
0
 

Author Comment

by:sam180y
ID: 33430339
Appreciate your rapid reponse comphil - I want to specify workstation logon restrictions that will allow users to log on only to specified computers in the domain - so yes, I am specifically trying to restrict local login - this is working perfectly on my LAN currently using the 'Log On To' option - issue is with the RWW users who have workstations on the LAN.

I will check the security event log on the server as you have suggested and revert.

Thanks again.

Sam.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:sam180y
ID: 33436886
Hello again, back with some good news – I’ve managed to resolve the problem (thanks for pointing me in the right direction comphil).

The security event log showed an Audit Failure Event 4625, Failure Reason: User not allowed to logon at this computer / Status: 0xc000006e / Sub Status: 0xc0000070.

This link http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4625 (particularly section heading ‘Failure Information:’) helped me identify where the problem was by using the ‘Sub Status’ information above i.e. identified as ‘workstation restriction’.

The fix was to simply also add the computer name (under the ‘Log On To’ list) of the remote computer trying to access RWW – makes sense when you think about it.

Thanks for your help in resolving this so quickly and appreciate your rapid respone too diqitap.

Sam.
0
 
LVL 3

Accepted Solution

by:
comphil earned 500 total points
ID: 33438060
Hi Sam,

Well done on finding the fix, glad to help.

So you had to add the name of the PC you were using to access RWW into the Log On To - even though this PC would of course not be listed in AD?  Or am I misunderstanding that bit?

Don't forget to mark the question answered too.

Phil
0
 

Author Comment

by:sam180y
ID: 33438119
Hello Phil,

You have not misunderstood, that's spot on!

Speak soon.

Thanks again.

Sam.

0
 

Author Closing Comment

by:sam180y
ID: 33438153
This was my very first post on this forum and I have to say I was very impressed with how rapidly i received responses to my query which in turn helped me in resolving my issue in a timiely fashion. It was also comforting that the expert (comphil in this case) grasped exactly what my problem was too i.e. i knew i was in good hands. Many thanks, Sam.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33438237
glad you had a good experience.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now