Solved

moss 2007 authentication problem

Posted on 2010-08-30
12
986 Views
Last Modified: 2012-05-10
Dear All,
I have the following problem and I hope you can help me.
In a windows 2003 ad forest
User domain1\user1 faild to access to the sharepoint server hosted at domain2
Users from domain2 can normally access to the sharepoint sites hosted in domain 2
Domain1 and domain2 are child domain of the same forest and are connected with a VPN tumnner to the root.

CAn you please help?
Thank you
CArlo




 

forest.jpg
0
Comment
Question by:carlettus
  • 6
  • 6
12 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559402
take sharepoint out of the picture.  can people from domain1 authenticate to any resources in domain2 ?

if you go to a sharepoint site, can you grant access (or see people) from domain 1?
0
 

Author Comment

by:carlettus
ID: 33559607
Hi,
1) yes user1 from domain1 can access another website on domain2
2) I was able to grant access to user1 from domain1 to sharepoint on domain2
thank you
CArlo


0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559642
are they failing to resolve the URL, or does the login prompt come up and not accept their passwords?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:carlettus
ID: 33584978
I have more info for you:
I was able to access from a laptop connected to the internet over PSTN but it worked only one time .
I'm attaching the event viewer logs of a success logon and a failure logon to moss.
:

Connection Succes :

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 10:25:04 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account was successfully logged on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
New Logon:
                Security ID:                         DOMAIN1\USER1
                Account Name:                 USER1
                Account Domain:                             DOMAIN1
                Logon ID:                             0xa99de991
                Logon GUID:                      {00000000-0000-0000-0000-000000000000}
 
Process Information:
                Process ID:                          0x0
                Process Name:                  -
 
Network Information:
                Workstation Name:        LAPTOP-2
                Source Network Address:            151.30.54.40
                Source Port:                       1162
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       NTLM V1
                Key Length:                        0
 
Connection Unsuccess:


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 11:13:22 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account failed to log on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
Account For Which Logon Failed:
                Security ID:                         NULL SID
                Account Name:                 user1
                Account Domain:                             domain1
 
Failure Information:
                Failure Reason:                 An Error occured during Logon.
                Status:                                  0xc000005e
                Sub Status:                         0x0
 
Process Information:
                Caller Process ID:             0x0
                Caller Process Name:     -
 
Network Information:
                Workstation Name:        PCDOMAIN2-5
                Source Network Address:            172.20.16.10
                Source Port:                       59097
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       -
                Key Length:                        0
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33586172
i'm guessing you have network issues between your web front end server and domain1's DC.  

Is your DC in domain2 a Global Catalog?
0
 

Author Comment

by:carlettus
ID: 33586307
No issues ,
from aduc I can add browse AD objects from domain2 to domain1.
We have 3 domain controllers for each domain and 2 are GC.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 33591387
ports being blocked over the vpn?  i'm putting money on your network being the issue, somewhere.  I see different IP's and ports in the two event logs above.  So I'm guessing routing or port blocking is messed up somewhere.  the problem is probably completely outside of SharePoint.  
0
 

Author Comment

by:carlettus
ID: 33609379
I'm looking for this ... but I can tell you that user1 can login with his workstation on domain2 and viceversa.
Bye
Carlo
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33613891
doesn't matter.  User 1 doesn't necessarily have to contact his home DC when just logging on to a machine.
0
 

Author Comment

by:carlettus
ID: 33787757
found the problem,
MOSS was not able to comunicate over the vpn with the domain controllers on the remote site.
Authentication now works.
Thank you
Carlo
0
 

Author Closing Comment

by:carlettus
ID: 33787782
the IP of moss 2007 was blocked over the vpn.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33788281
LOL at my B rating.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question