Solved

moss 2007 authentication problem

Posted on 2010-08-30
12
989 Views
Last Modified: 2012-05-10
Dear All,
I have the following problem and I hope you can help me.
In a windows 2003 ad forest
User domain1\user1 faild to access to the sharepoint server hosted at domain2
Users from domain2 can normally access to the sharepoint sites hosted in domain 2
Domain1 and domain2 are child domain of the same forest and are connected with a VPN tumnner to the root.

CAn you please help?
Thank you
CArlo




 

forest.jpg
0
Comment
Question by:carlettus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559402
take sharepoint out of the picture.  can people from domain1 authenticate to any resources in domain2 ?

if you go to a sharepoint site, can you grant access (or see people) from domain 1?
0
 

Author Comment

by:carlettus
ID: 33559607
Hi,
1) yes user1 from domain1 can access another website on domain2
2) I was able to grant access to user1 from domain1 to sharepoint on domain2
thank you
CArlo


0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559642
are they failing to resolve the URL, or does the login prompt come up and not accept their passwords?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:carlettus
ID: 33584978
I have more info for you:
I was able to access from a laptop connected to the internet over PSTN but it worked only one time .
I'm attaching the event viewer logs of a success logon and a failure logon to moss.
:

Connection Succes :

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 10:25:04 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account was successfully logged on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
New Logon:
                Security ID:                         DOMAIN1\USER1
                Account Name:                 USER1
                Account Domain:                             DOMAIN1
                Logon ID:                             0xa99de991
                Logon GUID:                      {00000000-0000-0000-0000-000000000000}
 
Process Information:
                Process ID:                          0x0
                Process Name:                  -
 
Network Information:
                Workstation Name:        LAPTOP-2
                Source Network Address:            151.30.54.40
                Source Port:                       1162
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       NTLM V1
                Key Length:                        0
 
Connection Unsuccess:


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 11:13:22 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account failed to log on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
Account For Which Logon Failed:
                Security ID:                         NULL SID
                Account Name:                 user1
                Account Domain:                             domain1
 
Failure Information:
                Failure Reason:                 An Error occured during Logon.
                Status:                                  0xc000005e
                Sub Status:                         0x0
 
Process Information:
                Caller Process ID:             0x0
                Caller Process Name:     -
 
Network Information:
                Workstation Name:        PCDOMAIN2-5
                Source Network Address:            172.20.16.10
                Source Port:                       59097
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       -
                Key Length:                        0
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33586172
i'm guessing you have network issues between your web front end server and domain1's DC.  

Is your DC in domain2 a Global Catalog?
0
 

Author Comment

by:carlettus
ID: 33586307
No issues ,
from aduc I can add browse AD objects from domain2 to domain1.
We have 3 domain controllers for each domain and 2 are GC.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 33591387
ports being blocked over the vpn?  i'm putting money on your network being the issue, somewhere.  I see different IP's and ports in the two event logs above.  So I'm guessing routing or port blocking is messed up somewhere.  the problem is probably completely outside of SharePoint.  
0
 

Author Comment

by:carlettus
ID: 33609379
I'm looking for this ... but I can tell you that user1 can login with his workstation on domain2 and viceversa.
Bye
Carlo
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33613891
doesn't matter.  User 1 doesn't necessarily have to contact his home DC when just logging on to a machine.
0
 

Author Comment

by:carlettus
ID: 33787757
found the problem,
MOSS was not able to comunicate over the vpn with the domain controllers on the remote site.
Authentication now works.
Thank you
Carlo
0
 

Author Closing Comment

by:carlettus
ID: 33787782
the IP of moss 2007 was blocked over the vpn.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33788281
LOL at my B rating.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot take ownership of a folder 8 88
FTP welcome message 7 59
How to share an InfoPath Form on-line 2 35
Sharepoint list value updated via access or Excel 3 25
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question