Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

moss 2007 authentication problem

Posted on 2010-08-30
12
Medium Priority
?
993 Views
Last Modified: 2012-05-10
Dear All,
I have the following problem and I hope you can help me.
In a windows 2003 ad forest
User domain1\user1 faild to access to the sharepoint server hosted at domain2
Users from domain2 can normally access to the sharepoint sites hosted in domain 2
Domain1 and domain2 are child domain of the same forest and are connected with a VPN tumnner to the root.

CAn you please help?
Thank you
CArlo




 

forest.jpg
0
Comment
Question by:carlettus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559402
take sharepoint out of the picture.  can people from domain1 authenticate to any resources in domain2 ?

if you go to a sharepoint site, can you grant access (or see people) from domain 1?
0
 

Author Comment

by:carlettus
ID: 33559607
Hi,
1) yes user1 from domain1 can access another website on domain2
2) I was able to grant access to user1 from domain1 to sharepoint on domain2
thank you
CArlo


0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559642
are they failing to resolve the URL, or does the login prompt come up and not accept their passwords?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:carlettus
ID: 33584978
I have more info for you:
I was able to access from a laptop connected to the internet over PSTN but it worked only one time .
I'm attaching the event viewer logs of a success logon and a failure logon to moss.
:

Connection Succes :

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 10:25:04 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account was successfully logged on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
New Logon:
                Security ID:                         DOMAIN1\USER1
                Account Name:                 USER1
                Account Domain:                             DOMAIN1
                Logon ID:                             0xa99de991
                Logon GUID:                      {00000000-0000-0000-0000-000000000000}
 
Process Information:
                Process ID:                          0x0
                Process Name:                  -
 
Network Information:
                Workstation Name:        LAPTOP-2
                Source Network Address:            151.30.54.40
                Source Port:                       1162
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       NTLM V1
                Key Length:                        0
 
Connection Unsuccess:


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 11:13:22 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account failed to log on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
Account For Which Logon Failed:
                Security ID:                         NULL SID
                Account Name:                 user1
                Account Domain:                             domain1
 
Failure Information:
                Failure Reason:                 An Error occured during Logon.
                Status:                                  0xc000005e
                Sub Status:                         0x0
 
Process Information:
                Caller Process ID:             0x0
                Caller Process Name:     -
 
Network Information:
                Workstation Name:        PCDOMAIN2-5
                Source Network Address:            172.20.16.10
                Source Port:                       59097
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       -
                Key Length:                        0
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33586172
i'm guessing you have network issues between your web front end server and domain1's DC.  

Is your DC in domain2 a Global Catalog?
0
 

Author Comment

by:carlettus
ID: 33586307
No issues ,
from aduc I can add browse AD objects from domain2 to domain1.
We have 3 domain controllers for each domain and 2 are GC.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 1500 total points
ID: 33591387
ports being blocked over the vpn?  i'm putting money on your network being the issue, somewhere.  I see different IP's and ports in the two event logs above.  So I'm guessing routing or port blocking is messed up somewhere.  the problem is probably completely outside of SharePoint.  
0
 

Author Comment

by:carlettus
ID: 33609379
I'm looking for this ... but I can tell you that user1 can login with his workstation on domain2 and viceversa.
Bye
Carlo
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33613891
doesn't matter.  User 1 doesn't necessarily have to contact his home DC when just logging on to a machine.
0
 

Author Comment

by:carlettus
ID: 33787757
found the problem,
MOSS was not able to comunicate over the vpn with the domain controllers on the remote site.
Authentication now works.
Thank you
Carlo
0
 

Author Closing Comment

by:carlettus
ID: 33787782
the IP of moss 2007 was blocked over the vpn.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33788281
LOL at my B rating.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Learn about cloud computing and its benefits for small business owners.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question