Solved

moss 2007 authentication problem

Posted on 2010-08-30
12
991 Views
Last Modified: 2012-05-10
Dear All,
I have the following problem and I hope you can help me.
In a windows 2003 ad forest
User domain1\user1 faild to access to the sharepoint server hosted at domain2
Users from domain2 can normally access to the sharepoint sites hosted in domain 2
Domain1 and domain2 are child domain of the same forest and are connected with a VPN tumnner to the root.

CAn you please help?
Thank you
CArlo




 

forest.jpg
0
Comment
Question by:carlettus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559402
take sharepoint out of the picture.  can people from domain1 authenticate to any resources in domain2 ?

if you go to a sharepoint site, can you grant access (or see people) from domain 1?
0
 

Author Comment

by:carlettus
ID: 33559607
Hi,
1) yes user1 from domain1 can access another website on domain2
2) I was able to grant access to user1 from domain1 to sharepoint on domain2
thank you
CArlo


0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559642
are they failing to resolve the URL, or does the login prompt come up and not accept their passwords?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:carlettus
ID: 33584978
I have more info for you:
I was able to access from a laptop connected to the internet over PSTN but it worked only one time .
I'm attaching the event viewer logs of a success logon and a failure logon to moss.
:

Connection Succes :

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 10:25:04 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account was successfully logged on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
New Logon:
                Security ID:                         DOMAIN1\USER1
                Account Name:                 USER1
                Account Domain:                             DOMAIN1
                Logon ID:                             0xa99de991
                Logon GUID:                      {00000000-0000-0000-0000-000000000000}
 
Process Information:
                Process ID:                          0x0
                Process Name:                  -
 
Network Information:
                Workstation Name:        LAPTOP-2
                Source Network Address:            151.30.54.40
                Source Port:                       1162
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       NTLM V1
                Key Length:                        0
 
Connection Unsuccess:


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 11:13:22 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account failed to log on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
Account For Which Logon Failed:
                Security ID:                         NULL SID
                Account Name:                 user1
                Account Domain:                             domain1
 
Failure Information:
                Failure Reason:                 An Error occured during Logon.
                Status:                                  0xc000005e
                Sub Status:                         0x0
 
Process Information:
                Caller Process ID:             0x0
                Caller Process Name:     -
 
Network Information:
                Workstation Name:        PCDOMAIN2-5
                Source Network Address:            172.20.16.10
                Source Port:                       59097
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       -
                Key Length:                        0
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33586172
i'm guessing you have network issues between your web front end server and domain1's DC.  

Is your DC in domain2 a Global Catalog?
0
 

Author Comment

by:carlettus
ID: 33586307
No issues ,
from aduc I can add browse AD objects from domain2 to domain1.
We have 3 domain controllers for each domain and 2 are GC.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 500 total points
ID: 33591387
ports being blocked over the vpn?  i'm putting money on your network being the issue, somewhere.  I see different IP's and ports in the two event logs above.  So I'm guessing routing or port blocking is messed up somewhere.  the problem is probably completely outside of SharePoint.  
0
 

Author Comment

by:carlettus
ID: 33609379
I'm looking for this ... but I can tell you that user1 can login with his workstation on domain2 and viceversa.
Bye
Carlo
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33613891
doesn't matter.  User 1 doesn't necessarily have to contact his home DC when just logging on to a machine.
0
 

Author Comment

by:carlettus
ID: 33787757
found the problem,
MOSS was not able to comunicate over the vpn with the domain controllers on the remote site.
Authentication now works.
Thank you
Carlo
0
 

Author Closing Comment

by:carlettus
ID: 33787782
the IP of moss 2007 was blocked over the vpn.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33788281
LOL at my B rating.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question