Solved

Login prompt for RWW and OWA - no login accepted

Posted on 2010-08-18
12
967 Views
Last Modified: 2012-05-10
SBS2008 fresh installl,
Awaiting on SSL cert from verisign, at the min its using self assigned certs,

internally accessing https://mail.domainname.com or /owa displays the RWW and OWA screens fine, user login is accepted and everything works as it should

Externally accessing the same urls gets a Authentication Required prompt before even seeing the certificate error screen and no details entered gets accepted and after 3 attempts ends with:

401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Anon auth is only auth enabled on SBS Web applications site. Bindings all point to correct url on both 80/443.

Connect to internet and Set up your Internet Address wizards have been run.

Anybody point me in the right direction please?

Thanks
0
Comment
Question by:Fulgent
  • 6
  • 5
12 Comments
 
LVL 8

Expert Comment

by:Jessie Gill, CISSP
ID: 33470251
have your tired domain\username
0
 

Author Comment

by:Fulgent
ID: 33470316
yep no combination is accepted
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 50 total points
ID: 33473313
Are you sure the "Authentication Required" prompt you are getting externally is actually from the SBS Server

1. Check External DNS has correct IP for mail.domain.com
2. Check ports properly forwarded on router
0
 

Author Comment

by:Fulgent
ID: 33473846
1. yes we have an A record pointing the "mail prefix" to the puiblic IP of our sbs server
2. 443 and 987 is forwarded to the internal IP of the sbs box.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33474998
Starting with the other obvious Q then.
When setting up the server did you rin the "Connect to Internet" and "Setp your internet Address" wizards?

0
 

Author Comment

by:Fulgent
ID: 33477184
yes both wizards were run.

However i had to rerun both wizrads again as I noticed i had put in the wrong url in the IAW (missed out 1 letter)

However i cannot confirm if the OWA and RWW worked prior to running the wizard again as i had disabled the mail on our firewall as i was installing the new sbs2008 domain as the old 2k3 domain was still running and seriving clients until i swapped them over.

2k3 server is now down and that never had the OWA setup for external access anyway.
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 17

Expert Comment

by:aoakeley
ID: 33481115
Can you please
a) post a screenshot of password dialog box
b) view source of the "401 - Unauthorized" pages you get after 3 prompts
b) post the security failure event from the windows logs when the auth is denied?
0
 

Author Comment

by:Fulgent
ID: 33483488
ok i have sorted the issue.

We are using a Draytek Vigor 2800 router.

Although thge option for remote management was not enabled it was still somehow servicing requests for SSL on 443.

I changed the port to 1443 on the router, tried OWA and RWW again and bingo!

Quite why its still istening on 443 even when the remote management option was not ticked is beyond me but it works now.

0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483574
Yep - that's what I thought was happening - just needed to prove it to you :)
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483659
from earlier post ID: 33473846
2. Check ports properly forwarded on router
0
 

Author Comment

by:Fulgent
ID: 33483696
ports were forwarded properly in the NAT and Open Ports section of the router, thats why i didnt give the ports any more thought and time until this morning.

Its just for some reason the draytek decided to nick 443 for remote management aswell even though it was not enabled!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483715
Yep - seen it before with many different brands of routers....

There was just no reason for IIS to be giving you a logon prompt window, therefore had to be something else in between. I had though that you had probably checked the port forwarding (as you said you had done) so was looking to find proof of what was providing the prompt.

Glad you got it sorted. No more discussion required. Good job.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now