Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Login prompt for RWW and OWA - no login accepted

Posted on 2010-08-18
12
Medium Priority
?
976 Views
Last Modified: 2012-05-10
SBS2008 fresh installl,
Awaiting on SSL cert from verisign, at the min its using self assigned certs,

internally accessing https://mail.domainname.com or /owa displays the RWW and OWA screens fine, user login is accepted and everything works as it should

Externally accessing the same urls gets a Authentication Required prompt before even seeing the certificate error screen and no details entered gets accepted and after 3 attempts ends with:

401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Anon auth is only auth enabled on SBS Web applications site. Bindings all point to correct url on both 80/443.

Connect to internet and Set up your Internet Address wizards have been run.

Anybody point me in the right direction please?

Thanks
0
Comment
Question by:Fulgent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 8

Expert Comment

by:Jessie Gill, CISSP
ID: 33470251
have your tired domain\username
0
 

Author Comment

by:Fulgent
ID: 33470316
yep no combination is accepted
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 200 total points
ID: 33473313
Are you sure the "Authentication Required" prompt you are getting externally is actually from the SBS Server

1. Check External DNS has correct IP for mail.domain.com
2. Check ports properly forwarded on router
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Fulgent
ID: 33473846
1. yes we have an A record pointing the "mail prefix" to the puiblic IP of our sbs server
2. 443 and 987 is forwarded to the internal IP of the sbs box.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33474998
Starting with the other obvious Q then.
When setting up the server did you rin the "Connect to Internet" and "Setp your internet Address" wizards?

0
 

Author Comment

by:Fulgent
ID: 33477184
yes both wizards were run.

However i had to rerun both wizrads again as I noticed i had put in the wrong url in the IAW (missed out 1 letter)

However i cannot confirm if the OWA and RWW worked prior to running the wizard again as i had disabled the mail on our firewall as i was installing the new sbs2008 domain as the old 2k3 domain was still running and seriving clients until i swapped them over.

2k3 server is now down and that never had the OWA setup for external access anyway.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33481115
Can you please
a) post a screenshot of password dialog box
b) view source of the "401 - Unauthorized" pages you get after 3 prompts
b) post the security failure event from the windows logs when the auth is denied?
0
 

Author Comment

by:Fulgent
ID: 33483488
ok i have sorted the issue.

We are using a Draytek Vigor 2800 router.

Although thge option for remote management was not enabled it was still somehow servicing requests for SSL on 443.

I changed the port to 1443 on the router, tried OWA and RWW again and bingo!

Quite why its still istening on 443 even when the remote management option was not ticked is beyond me but it works now.

0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483574
Yep - that's what I thought was happening - just needed to prove it to you :)
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483659
from earlier post ID: 33473846
2. Check ports properly forwarded on router
0
 

Author Comment

by:Fulgent
ID: 33483696
ports were forwarded properly in the NAT and Open Ports section of the router, thats why i didnt give the ports any more thought and time until this morning.

Its just for some reason the draytek decided to nick 443 for remote management aswell even though it was not enabled!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483715
Yep - seen it before with many different brands of routers....

There was just no reason for IIS to be giving you a logon prompt window, therefore had to be something else in between. I had though that you had probably checked the port forwarding (as you said you had done) so was looking to find proof of what was providing the prompt.

Glad you got it sorted. No more discussion required. Good job.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question