Solved

sbs2008 (company keeps asking for username and password)

Posted on 2010-08-19
16
432 Views
Last Modified: 2012-05-10
All of a sudden users are prompted for username and password when accessing the companyweb from within the office. If cancel is clicked, no error message of denial is displayed, the page just goes blank. if I am logged on to the server, I can access the companyweb without a prompt. Now here is the strange thing. My internal domain is taylorbateman.local, or actual domain is taylor-bateman.com (observe hyphen). when prompted for password, the dialog box displays TAYLORBATEMAN\ZAY, so I type in my password, it rejects it. if I change it to taylor-bateman\zay, it takes my password. Help guys.
0
Comment
Question by:xzay1967
  • 9
  • 6
16 Comments
 
LVL 17

Expert Comment

by:aoakeley
ID: 33481512
Although your internal FQDN is taylorbateman.local it is possible (not sure how you would manage to do it on SBS though, but anyway) for you netbios domain mane to be taylor-bateman. Please humour me and confirm this is not the case?
- AD users and computers
  - right click taylorbateman.local
   - properties
    - what is in "Domain Name (Pre windows 2000)" field
0
 

Author Comment

by:xzay1967
ID: 33487039
Thanks for the response, the Domain Name as shown  is TAYLORBATEMAN. I setup and configured this domain more than a yr ago, and it has been working fine as is until yesterday during and after windows updates. Sometimes I feel like it is Russian roulette with these updates. They either break, fix or improve your systems.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33489970
I am struggling to get my head around this right now, I just cannot see how specifying an incorrect domain name allows authentication to work. If the domain name is taylorbateman then "taylor-bateman\zay" should fail, just as "mymadeupdomin\zay" should also fail.

Please try "mymadeupdomin\zay" with your password
0
 

Author Comment

by:xzay1967
ID: 33489985
I think you are missing something here. Our internal domain is taylorbateman, but our external domain is taylor-bateman. Since this is sbs2008 and exchange is included, exchange is setup as taylor-bateman.com so users can still log on with taylor-bateman. hope this helps you grasp the setup.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33490089
I got that perfectly. But authentication aginst AD is authentication against AD, which has the name TAYLORBATEMAN not TAYLOR-BATEMAN. So there is no way that taylor-bateman\user should work, regardless of taylor-bateman being the email domain name, this should have as much chance of working as loadofcrap\zay or make-me-rich\zay or tay-lor-bate-man\zay

What I am getting at by getting you to test with "mymadeupdomin\zay" with your password is to determine if the server is actually paying any attention to the domain part of the domain\username combination.
0
 

Author Comment

by:xzay1967
ID: 33490261
OK I am really worried now, I did your test with mymadeupdomain, and it let me in. see screenshots.
first-logon-screen.jpg
0
 

Author Comment

by:xzay1967
ID: 33490264
Here is the screenshot with the dummy domain name that worked.
dummy-logon.jpg
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33490284
Man that's weird.... From what you were telling me I thought it would work, that's why I asked you to do it. But there is no logical reason why it should.

1. anything in the windows event logs that look relevant?
2. have you rebooted the server since the issue started?
3. please confirm workstations hav the SBS Serevr ONLY as their DNS Server
4. any userenv or seccli errors in the workstation event logs
5. did you change any authentication settings on the sharepoint site?
6. are you using a FQDN or INTRANET url when accessing the site (i.e http://sharepoint/ or http://sharepoint.yourdomain.local/)?

Andy
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:xzay1967
ID: 33490294
I haven't made any changes to the sharpoint authentication settings, yes I have reboot the server since then. I was waiting on the update to fininsh when one of the agents asked me if I was working on the server because she was prompted with the dialog box. I will look at the event viewer in the morning when I wake up. I am still at work trying to repair a server. Thanks for your input so far. I sure wish there was some sort of system restore for servers lol.
0
 

Author Comment

by:xzay1967
ID: 33490347
To access the intranet, I use a url http://companyweb. I looked at the event viewer, and I did not see anything relating to sharepoint. There a lot of dcom errors concering protocols, but that related to the server trying to communicate with a workstation
0
 

Author Comment

by:xzay1967
ID: 33490368
Here is a screenshot of my authentication settings.
sharepoint-settings.jpg
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 500 total points
ID: 33490398
Try this:
1. Add http://companyweb/ into intranet sites list
Test
2. If still not working change auth to NTLM
iisreset on server
Test

Won't be infront of a pc for a bit. Exercising my democratic right to be forced to vote for a selection of gooses who could not run a monopoly board let alone a country.
0
 
LVL 5

Expert Comment

by:rebejones
ID: 33500329
What version of windows are you running on the pcs. If you are running Vista you made need to add the intranet site to your trusted sites under Internet Explorer. If you go to tools -> Internet Options -> then go to the security tab. From there click on local intranet and then sites and then the advanced tab. Add the intranet site. You will also need to check and make sure that under custom level and user authentication that the radio button is on Automatic logon  in Intranet Zone. The last part is a registry fix that you can find here.: http://support.microsoft.com/kb/943280
Hope this helps
0
 

Author Comment

by:xzay1967
ID: 33500406
The environment is xp and windows 7. That would be a possible solution if this was happening outside the network, or if it was the first time they are attempting to access the intranet. As I mentioned in my prior post, this system has been up and running for more than a yr. The issue did not start happening till last week during and after the last sbs2008 update (rollup). If I am on the actual server, it does not prompt me for any credentials. From the last test rendered, whereby I used a totally random domain\my name, and it allowed me to access the site, seems to be some sort of disconnect betweent the sharepoint and the DC/AD. In the past it would accept taylorbateman\myname, now it is not. If I put somemadeupdomain\myname, it allows me access.............weird.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33500830
Did you test as per my last post?
0
 

Author Closing Comment

by:xzay1967
ID: 33506119
Not sure how or why it either changed or worked, but it did. Thanks for your input. I wonder if the update some how changed it, if so, seems a like a warning need to go out.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now