Solved

SBS 2008 RWW 'Connect to Computer' otption continuously prompting for authentication

Posted on 2010-08-13
10
2,715 Views
Last Modified: 2012-05-10
Hi there,

Platform: SBS 2008 SP2 with XP SP3 Clients.

Anybody have any ideas as to why when I add a computer name and the mandatory server name to the list under ‘Log On To...’ option (under Active Directory Users and Computers, right click properties on user account / select ‘Account’ tab / click ‘Log On To…’) I am constantly prompted to enter user name and password credentials when trying to ‘Connect to a Computer’ using RWW, but when I remove the computer names from the list I am then successfully able to connect?

Background / Initial Requirement; want to specify a workstation logon restriction that will allow a user to log on only to a specified computer in domain – This was successfully achieved via Active Directory Users and Computers i.e. right click properties on user account / select ‘Account’ tab / click ‘Log On To…’ option and add computer name to the list – user is now able to only logon to the allocated workstation on internal LAN so problem solved here – the user is also a RWW user – user is able to access the initial RWW page but after entering username and password credentials a username / password authentication failure is displayed continuously (even after retries), if I remove the computer name from the ‘Log On To…’ option list, the user is successfully able to access RWW – the fix here was simply to also include the server name in addition to the workstation name to the ‘Log On To…’ list - so, not only is the user only permitted to use the one allocated PC on the LAN but he can also access RWW and is able to access the ‘check E-Mail’ option – The problem I have now is that when I click on the ‘Connect to a Computer’ option I’m displayed with the standard ‘Enter your credentials’ dialog box but upon entering user name (domain\username) and password it redisplays the same ‘Enter your credentials’ dialog box continuously without an error message (even after retries) – any ideas as to why this is happening and how to fix it?

Many Thanks,

Sam.
0
Comment
Question by:sam180y
  • 5
  • 3
  • 2
10 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33429485
Have you already chosen the user's workstation or is this the initial prompt when click the RWW link?  I know you can click the link to display a list of computer and pick their workstation from the list, THEN connect specifically to it.  What might be happening, since you've added the server, it might be checking security for all the computers in the list.  I'm guessing the users don't have remote access to the server.  If you either removed the server and tested again or gave the security to access the server remotely it would work.  Thoughts?
0
 
LVL 3

Expert Comment

by:comphil
ID: 33429510
Unless I've misunderstood your problem, your user is now set to log on only to their allocated workstation and the server (to allow access to the RWW which makes sense).  What was the reason for doing this?  If it was to stop them taking remote control of other PCs this isn't the best way to do it.

In the Windows SBS Console under User account properties you can select which computers the user has remote access to.  Restrict this to only their PC (not the server) and it's the only one that will appear in the list.

If this isn't the answer, does RWW work OK if you temporarily remove the Log On To restriction?
0
 

Author Comment

by:sam180y
ID: 33429833
Hi comphil

Thanks. Yes, without the 'Log on to' option having any computer restrictions then RWW works. I couldn't even log on without the SBS server being in the list of allowed PCs, which does make sense.

The issue isn't restricting which PC they connect to, but authenticating via RWW when the 'Log on to' option has been set. It just won't log in, and keeps returning the user to the log in screen.

Thanks
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Expert Comment

by:comphil
ID: 33429889
OK, what I'm trying to say is - do you really need the Log On To setting configured under AD?  If you're not bothered about local logins being restricted and only want to stop the user logging on to other PCs via RWW other than their own, the correct way to do this is via the Windows SBS Console.

So really I'm asking, which type of login are you specifically trying to restrict?  Local, remote or both?

If it's local and therefore you do need to keep the AD settings, try logging on to RWW and let it chuck you out as it has been doing, then check the Security event log on the server and see if there's any relevant information in there pertaining to that user's account around the time you tried it.
0
 

Author Comment

by:sam180y
ID: 33430339
Appreciate your rapid reponse comphil - I want to specify workstation logon restrictions that will allow users to log on only to specified computers in the domain - so yes, I am specifically trying to restrict local login - this is working perfectly on my LAN currently using the 'Log On To' option - issue is with the RWW users who have workstations on the LAN.

I will check the security event log on the server as you have suggested and revert.

Thanks again.

Sam.
0
 

Author Comment

by:sam180y
ID: 33436886
Hello again, back with some good news – I’ve managed to resolve the problem (thanks for pointing me in the right direction comphil).

The security event log showed an Audit Failure Event 4625, Failure Reason: User not allowed to logon at this computer / Status: 0xc000006e / Sub Status: 0xc0000070.

This link http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4625 (particularly section heading ‘Failure Information:’) helped me identify where the problem was by using the ‘Sub Status’ information above i.e. identified as ‘workstation restriction’.

The fix was to simply also add the computer name (under the ‘Log On To’ list) of the remote computer trying to access RWW – makes sense when you think about it.

Thanks for your help in resolving this so quickly and appreciate your rapid respone too diqitap.

Sam.
0
 
LVL 3

Accepted Solution

by:
comphil earned 500 total points
ID: 33438060
Hi Sam,

Well done on finding the fix, glad to help.

So you had to add the name of the PC you were using to access RWW into the Log On To - even though this PC would of course not be listed in AD?  Or am I misunderstanding that bit?

Don't forget to mark the question answered too.

Phil
0
 

Author Comment

by:sam180y
ID: 33438119
Hello Phil,

You have not misunderstood, that's spot on!

Speak soon.

Thanks again.

Sam.

0
 

Author Closing Comment

by:sam180y
ID: 33438153
This was my very first post on this forum and I have to say I was very impressed with how rapidly i received responses to my query which in turn helped me in resolving my issue in a timiely fashion. It was also comforting that the expert (comphil in this case) grasped exactly what my problem was too i.e. i knew i was in good hands. Many thanks, Sam.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33438237
glad you had a good experience.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question