• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 983
  • Last Modified:

Login prompt for RWW and OWA - no login accepted

SBS2008 fresh installl,
Awaiting on SSL cert from verisign, at the min its using self assigned certs,

internally accessing https://mail.domainname.com or /owa displays the RWW and OWA screens fine, user login is accepted and everything works as it should

Externally accessing the same urls gets a Authentication Required prompt before even seeing the certificate error screen and no details entered gets accepted and after 3 attempts ends with:

401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Anon auth is only auth enabled on SBS Web applications site. Bindings all point to correct url on both 80/443.

Connect to internet and Set up your Internet Address wizards have been run.

Anybody point me in the right direction please?

Thanks
0
Fulgent
Asked:
Fulgent
  • 6
  • 5
1 Solution
 
Jessie Gill, CISSPTechnical ArchitectCommented:
have your tired domain\username
0
 
FulgentAuthor Commented:
yep no combination is accepted
0
 
Andrew OakeleyConsultantCommented:
Are you sure the "Authentication Required" prompt you are getting externally is actually from the SBS Server

1. Check External DNS has correct IP for mail.domain.com
2. Check ports properly forwarded on router
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
FulgentAuthor Commented:
1. yes we have an A record pointing the "mail prefix" to the puiblic IP of our sbs server
2. 443 and 987 is forwarded to the internal IP of the sbs box.
0
 
Andrew OakeleyConsultantCommented:
Starting with the other obvious Q then.
When setting up the server did you rin the "Connect to Internet" and "Setp your internet Address" wizards?

0
 
FulgentAuthor Commented:
yes both wizards were run.

However i had to rerun both wizrads again as I noticed i had put in the wrong url in the IAW (missed out 1 letter)

However i cannot confirm if the OWA and RWW worked prior to running the wizard again as i had disabled the mail on our firewall as i was installing the new sbs2008 domain as the old 2k3 domain was still running and seriving clients until i swapped them over.

2k3 server is now down and that never had the OWA setup for external access anyway.
0
 
Andrew OakeleyConsultantCommented:
Can you please
a) post a screenshot of password dialog box
b) view source of the "401 - Unauthorized" pages you get after 3 prompts
b) post the security failure event from the windows logs when the auth is denied?
0
 
FulgentAuthor Commented:
ok i have sorted the issue.

We are using a Draytek Vigor 2800 router.

Although thge option for remote management was not enabled it was still somehow servicing requests for SSL on 443.

I changed the port to 1443 on the router, tried OWA and RWW again and bingo!

Quite why its still istening on 443 even when the remote management option was not ticked is beyond me but it works now.

0
 
Andrew OakeleyConsultantCommented:
Yep - that's what I thought was happening - just needed to prove it to you :)
0
 
Andrew OakeleyConsultantCommented:
from earlier post ID: 33473846
2. Check ports properly forwarded on router
0
 
FulgentAuthor Commented:
ports were forwarded properly in the NAT and Open Ports section of the router, thats why i didnt give the ports any more thought and time until this morning.

Its just for some reason the draytek decided to nick 443 for remote management aswell even though it was not enabled!
0
 
Andrew OakeleyConsultantCommented:
Yep - seen it before with many different brands of routers....

There was just no reason for IIS to be giving you a logon prompt window, therefore had to be something else in between. I had though that you had probably checked the port forwarding (as you said you had done) so was looking to find proof of what was providing the prompt.

Glad you got it sorted. No more discussion required. Good job.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now