Solved

Login prompt for RWW and OWA - no login accepted

Posted on 2010-08-18
12
974 Views
Last Modified: 2012-05-10
SBS2008 fresh installl,
Awaiting on SSL cert from verisign, at the min its using self assigned certs,

internally accessing https://mail.domainname.com or /owa displays the RWW and OWA screens fine, user login is accepted and everything works as it should

Externally accessing the same urls gets a Authentication Required prompt before even seeing the certificate error screen and no details entered gets accepted and after 3 attempts ends with:

401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Anon auth is only auth enabled on SBS Web applications site. Bindings all point to correct url on both 80/443.

Connect to internet and Set up your Internet Address wizards have been run.

Anybody point me in the right direction please?

Thanks
0
Comment
Question by:Fulgent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 8

Expert Comment

by:Jessie Gill, CISSP
ID: 33470251
have your tired domain\username
0
 

Author Comment

by:Fulgent
ID: 33470316
yep no combination is accepted
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 50 total points
ID: 33473313
Are you sure the "Authentication Required" prompt you are getting externally is actually from the SBS Server

1. Check External DNS has correct IP for mail.domain.com
2. Check ports properly forwarded on router
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:Fulgent
ID: 33473846
1. yes we have an A record pointing the "mail prefix" to the puiblic IP of our sbs server
2. 443 and 987 is forwarded to the internal IP of the sbs box.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33474998
Starting with the other obvious Q then.
When setting up the server did you rin the "Connect to Internet" and "Setp your internet Address" wizards?

0
 

Author Comment

by:Fulgent
ID: 33477184
yes both wizards were run.

However i had to rerun both wizrads again as I noticed i had put in the wrong url in the IAW (missed out 1 letter)

However i cannot confirm if the OWA and RWW worked prior to running the wizard again as i had disabled the mail on our firewall as i was installing the new sbs2008 domain as the old 2k3 domain was still running and seriving clients until i swapped them over.

2k3 server is now down and that never had the OWA setup for external access anyway.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33481115
Can you please
a) post a screenshot of password dialog box
b) view source of the "401 - Unauthorized" pages you get after 3 prompts
b) post the security failure event from the windows logs when the auth is denied?
0
 

Author Comment

by:Fulgent
ID: 33483488
ok i have sorted the issue.

We are using a Draytek Vigor 2800 router.

Although thge option for remote management was not enabled it was still somehow servicing requests for SSL on 443.

I changed the port to 1443 on the router, tried OWA and RWW again and bingo!

Quite why its still istening on 443 even when the remote management option was not ticked is beyond me but it works now.

0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483574
Yep - that's what I thought was happening - just needed to prove it to you :)
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483659
from earlier post ID: 33473846
2. Check ports properly forwarded on router
0
 

Author Comment

by:Fulgent
ID: 33483696
ports were forwarded properly in the NAT and Open Ports section of the router, thats why i didnt give the ports any more thought and time until this morning.

Its just for some reason the draytek decided to nick 443 for remote management aswell even though it was not enabled!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483715
Yep - seen it before with many different brands of routers....

There was just no reason for IIS to be giving you a logon prompt window, therefore had to be something else in between. I had though that you had probably checked the port forwarding (as you said you had done) so was looking to find proof of what was providing the prompt.

Glad you got it sorted. No more discussion required. Good job.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question