Solved

Login prompt for RWW and OWA - no login accepted

Posted on 2010-08-18
12
966 Views
Last Modified: 2012-05-10
SBS2008 fresh installl,
Awaiting on SSL cert from verisign, at the min its using self assigned certs,

internally accessing https://mail.domainname.com or /owa displays the RWW and OWA screens fine, user login is accepted and everything works as it should

Externally accessing the same urls gets a Authentication Required prompt before even seeing the certificate error screen and no details entered gets accepted and after 3 attempts ends with:

401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Anon auth is only auth enabled on SBS Web applications site. Bindings all point to correct url on both 80/443.

Connect to internet and Set up your Internet Address wizards have been run.

Anybody point me in the right direction please?

Thanks
0
Comment
Question by:Fulgent
  • 6
  • 5
12 Comments
 
LVL 8

Expert Comment

by:Jessie Gill, CISSP
ID: 33470251
have your tired domain\username
0
 

Author Comment

by:Fulgent
ID: 33470316
yep no combination is accepted
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 50 total points
ID: 33473313
Are you sure the "Authentication Required" prompt you are getting externally is actually from the SBS Server

1. Check External DNS has correct IP for mail.domain.com
2. Check ports properly forwarded on router
0
 

Author Comment

by:Fulgent
ID: 33473846
1. yes we have an A record pointing the "mail prefix" to the puiblic IP of our sbs server
2. 443 and 987 is forwarded to the internal IP of the sbs box.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33474998
Starting with the other obvious Q then.
When setting up the server did you rin the "Connect to Internet" and "Setp your internet Address" wizards?

0
 

Author Comment

by:Fulgent
ID: 33477184
yes both wizards were run.

However i had to rerun both wizrads again as I noticed i had put in the wrong url in the IAW (missed out 1 letter)

However i cannot confirm if the OWA and RWW worked prior to running the wizard again as i had disabled the mail on our firewall as i was installing the new sbs2008 domain as the old 2k3 domain was still running and seriving clients until i swapped them over.

2k3 server is now down and that never had the OWA setup for external access anyway.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 17

Expert Comment

by:aoakeley
ID: 33481115
Can you please
a) post a screenshot of password dialog box
b) view source of the "401 - Unauthorized" pages you get after 3 prompts
b) post the security failure event from the windows logs when the auth is denied?
0
 

Author Comment

by:Fulgent
ID: 33483488
ok i have sorted the issue.

We are using a Draytek Vigor 2800 router.

Although thge option for remote management was not enabled it was still somehow servicing requests for SSL on 443.

I changed the port to 1443 on the router, tried OWA and RWW again and bingo!

Quite why its still istening on 443 even when the remote management option was not ticked is beyond me but it works now.

0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483574
Yep - that's what I thought was happening - just needed to prove it to you :)
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483659
from earlier post ID: 33473846
2. Check ports properly forwarded on router
0
 

Author Comment

by:Fulgent
ID: 33483696
ports were forwarded properly in the NAT and Open Ports section of the router, thats why i didnt give the ports any more thought and time until this morning.

Its just for some reason the draytek decided to nick 443 for remote management aswell even though it was not enabled!
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33483715
Yep - seen it before with many different brands of routers....

There was just no reason for IIS to be giving you a logon prompt window, therefore had to be something else in between. I had though that you had probably checked the port forwarding (as you said you had done) so was looking to find proof of what was providing the prompt.

Glad you got it sorted. No more discussion required. Good job.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now