Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

moss 2007 authentication problem

Posted on 2010-08-30
12
Medium Priority
?
996 Views
Last Modified: 2012-05-10
Dear All,
I have the following problem and I hope you can help me.
In a windows 2003 ad forest
User domain1\user1 faild to access to the sharepoint server hosted at domain2
Users from domain2 can normally access to the sharepoint sites hosted in domain 2
Domain1 and domain2 are child domain of the same forest and are connected with a VPN tumnner to the root.

CAn you please help?
Thank you
CArlo




 

forest.jpg
0
Comment
Question by:carlettus
  • 6
  • 6
12 Comments
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559402
take sharepoint out of the picture.  can people from domain1 authenticate to any resources in domain2 ?

if you go to a sharepoint site, can you grant access (or see people) from domain 1?
0
 

Author Comment

by:carlettus
ID: 33559607
Hi,
1) yes user1 from domain1 can access another website on domain2
2) I was able to grant access to user1 from domain1 to sharepoint on domain2
thank you
CArlo


0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33559642
are they failing to resolve the URL, or does the login prompt come up and not accept their passwords?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:carlettus
ID: 33584978
I have more info for you:
I was able to access from a laptop connected to the internet over PSTN but it worked only one time .
I'm attaching the event viewer logs of a success logon and a failure logon to moss.
:

Connection Succes :

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 10:25:04 AM
Event ID:      4624
Task Category: Logon
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account was successfully logged on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
New Logon:
                Security ID:                         DOMAIN1\USER1
                Account Name:                 USER1
                Account Domain:                             DOMAIN1
                Logon ID:                             0xa99de991
                Logon GUID:                      {00000000-0000-0000-0000-000000000000}
 
Process Information:
                Process ID:                          0x0
                Process Name:                  -
 
Network Information:
                Workstation Name:        LAPTOP-2
                Source Network Address:            151.30.54.40
                Source Port:                       1162
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       NTLM V1
                Key Length:                        0
 
Connection Unsuccess:


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          9/2/2010 11:13:22 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      MOSS.DOMAIN2.DOMAIN.ORG
Description:
An account failed to log on.
 
Subject:
                Security ID:                         NULL SID
                Account Name:                 -
                Account Domain:                             -
                Logon ID:                             0x0
 
Logon Type:                                       3
 
Account For Which Logon Failed:
                Security ID:                         NULL SID
                Account Name:                 user1
                Account Domain:                             domain1
 
Failure Information:
                Failure Reason:                 An Error occured during Logon.
                Status:                                  0xc000005e
                Sub Status:                         0x0
 
Process Information:
                Caller Process ID:             0x0
                Caller Process Name:     -
 
Network Information:
                Workstation Name:        PCDOMAIN2-5
                Source Network Address:            172.20.16.10
                Source Port:                       59097
 
Detailed Authentication Information:
                Logon Process:                  NtLmSsp
                Authentication Package:               NTLM
                Transited Services:          -
                Package Name (NTLM only):       -
                Key Length:                        0
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33586172
i'm guessing you have network issues between your web front end server and domain1's DC.  

Is your DC in domain2 a Global Catalog?
0
 

Author Comment

by:carlettus
ID: 33586307
No issues ,
from aduc I can add browse AD objects from domain2 to domain1.
We have 3 domain controllers for each domain and 2 are GC.
0
 
LVL 38

Accepted Solution

by:
Justin Smith earned 1500 total points
ID: 33591387
ports being blocked over the vpn?  i'm putting money on your network being the issue, somewhere.  I see different IP's and ports in the two event logs above.  So I'm guessing routing or port blocking is messed up somewhere.  the problem is probably completely outside of SharePoint.  
0
 

Author Comment

by:carlettus
ID: 33609379
I'm looking for this ... but I can tell you that user1 can login with his workstation on domain2 and viceversa.
Bye
Carlo
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33613891
doesn't matter.  User 1 doesn't necessarily have to contact his home DC when just logging on to a machine.
0
 

Author Comment

by:carlettus
ID: 33787757
found the problem,
MOSS was not able to comunicate over the vpn with the domain controllers on the remote site.
Authentication now works.
Thank you
Carlo
0
 

Author Closing Comment

by:carlettus
ID: 33787782
the IP of moss 2007 was blocked over the vpn.
0
 
LVL 38

Expert Comment

by:Justin Smith
ID: 33788281
LOL at my B rating.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question