Solved

Authentication Errors through SBS 2008 Remote Web Workplace

Posted on 2010-11-14
37
823 Views
Last Modified: 2012-05-10
Greetings all.

I hope someone will be able to help with a problem that's making me extract my hair in great chunks! I'm relatively technical, so please do not hold back with offers of a solution - but my experience with IIS and MS Exchange is little. (Please read on to see how these are relevant with the RWW problems..)

Short story - I have recently built a new server (due to go into production tomorrow - hurrah..) with Windows SBS 2008. I have the Remote Web Workplace running, and users can login, check their e-mails, etc.. However, I am having problems with them using the remote-connect menu to remote machines on the network. Upon selecting a computer from the list, an authentication box appears, and I cannot authenticate to the machine. It just returns with authentication failure errors. (I've tried domain\user and all that..)

The machines *can* be accessed on the local network via RDP. No problems whatsoever. It seems to me like there is something missing between IIS > The TS Service > The machine. I have been researching this like crazy, and it would seem that some component of Exchange 2007 can change the RPC authentication options in IIS, and this argues with the way the details get passed back to be authenticated (slap me if this makes no sense).

If this is related or not - Outlook constantly pops up asking for authentication - even *if* you are logged into a machine with a domain account. From some of the links I’ve read, I have a feeling this could be related - but I'm not entirely sure how.

I *think* this is close to my problem, and some have suggested it as a fix - however, I do not seem to be able to download anything other than a Vista x64 hotfix - which will not apply to the SBS system..

http://support.microsoft.com/kb/954034 - Hotfix I tried (doesn’t apply)

http://itknowledgeexchange.techtarget.com/sbs/sbs-2003-to-sbs-2008-migration-part-4/ - This person has the same problems I have, but his fixes do not work

I fear at this stage I am in over my head, and can mess around with IIS authentication settings until the cows come home, but I fear I will just make it worse.

Hope someone can help, and if you need any more information, please let me know

Kind Regards,

T
0
Comment
Question by:AmacusIT
  • 13
  • 11
  • 10
  • +1
37 Comments
 

Author Comment

by:AmacusIT
ID: 34134305
Anyone? :-(

Update - I have narrowed down why I think this is happening. when logging into the computer through RWW fails, if I check IIS's permissions, it would seem that "Windows Authentication" in OWA is set to disabled. If I turn it on, and run "iisreset" then I can authenticate fine - for a small period of time. After this, it looks like something decides to disables it - and nothing will work until I reset it again.

Another point of interest - the "fix my network" wizard sees no problems - accept with a DCHP scope, which I know is correct.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34135282
Have you looked at #3 in the following (would likely not affect OWA but sounds similar to your RWW problem):
http://blogs.technet.com/b/sbs/archive/2009/06/19/common-remote-web-workplace-rww-connect-to-a-computer-issues-in-sbs-2008.aspx
0
 

Author Comment

by:AmacusIT
ID: 34135524
Hi - Thanks for that. The authentication settings on that page are exactly as they should be - i.e the "Client Computer Group Membership" field is blank.

However, I do think the problem could be to do with point no3 on that page. However, the indicated fix does not work.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34135552
What are you using for a certificate, a purchased cert or the self signed one? If the latter have you deployed it to remote machines? It should be automatically installed on domain joined machines.
0
 

Author Comment

by:AmacusIT
ID: 34135605
As it's only a small org. I'm using the default SBS self-signed one. I've installed it on the machines that are not joined to the domain, and do not get any certificate errors. :-)
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34136340
so is this error when attempting to connect to a workstation on the lan from a PC outside the lan.  Or when you are trying to do this from the SBS console on the SBS Server?

0
 

Author Comment

by:AmacusIT
ID: 34136448
Sorry - I don't think I'm being very clear.

This is when accessing any device on the domain using the "connect to computer" menu from the SBS Remote Web Workplace. I can access the devices just fine from the console on the server, as well as just fine from any device (domain member or not) using RDP.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34136460
What is the OS of the machines you are connecting to?
0
 

Author Comment

by:AmacusIT
ID: 34136469
Both XP Pro SP3.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34136484
Have you also installed the latest remote desktop client? This is built into Vista and Win7 but you need to download from Microsoft for XP
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34136497
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34136509
In addition to Robs comments also insure Active X is working properly  http://msmvps.com/blogs/bradley/archive/2008/05/06/xp-sp3-rww-and-active-x-messages.aspx
0
 

Author Comment

by:AmacusIT
ID: 34136547
Thanks both of you. Mstsc version shows that I'm currently running v6.0. Let me download the latest one. I think Active-X is ok, but I'll check that too :-)

Please hold!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34136588
May as well go all the way and add the site as a trusted site to the connecting PC. That has been known to be an issue in a few cases as well.
0
 

Author Comment

by:AmacusIT
ID: 34137519
Ok. That made no difference whatsoever unfortunately. Still getting authentication errors. Active X is working properly, the clients have the most recent version of RDC, and the domain is forced as a trusted site to the PC.

Any other thoughts, perhaps, kind people?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34137549
My suggestion is to run the "Fix My Network" wizard on the SBS console.
Have you also run the SBS BPA (www.sbsbpa.com)
0
 

Author Comment

by:AmacusIT
ID: 34137672
Ok - so. I've run the "fix my network wizard" before - and it comes up with a misconfigured DHCP scope ( it's not misconfigured, I'm just giving out a special option..) However, this time it said that a networking component (Component 4) was misconfigured. I've let it fix the problem, but it's had no effect.

Interestingly - the SBS BPA reports 2 things

1. An incorrect A record for the server?!?!

"The host (A) resource record points to the incorrect IP address 10.1.0.1169.254.183.29. The record should point to 10.1.0.1"

For some reason, it seems to think that a windows autoconfig IP Address has mashed with the IP Address of the server, but all the A Records in DNS look fine to me? All pointing straight back to the correct IP address - I see no sign of the 169.254 address.

2. Hyper-V role is not supported. (Running a proxy in a VM) - A red herring perhaps?

Thanks all.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 34137703
You cannot install Hyper-V on SBS have you done so?
If so it will enable a virtual NIC. SBS does not support multiple NIC's it will also play havoc with DHCP.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34137718
Are you running Hype V ON the SBS Box with SBS as the Host...or is SBS the guest?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34137728
ps- are there multiple NIC's present on the SBS? Physical or virtual? All but 1 must be disabled, not just connected.
You mention a "special" DHCP scope option, may we ask what.

Perhaps the output of IPConfig /all from the server and 1 client would be beneficial.
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 250 total points
ID: 34137744
Here is the KB article which spells out the issues with HyperV running ON SBS  http://support.microsoft.com/default.aspx?scid=kb;EN-US;958829
0
 

Author Comment

by:AmacusIT
ID: 34137780
The physical box is a Dell Poweredge with 2 physical NICs. SBS 2008 is installed on the host, so Hyper-V is running as a service (I have only just realised this isn't "offically" supported on SBS!) :-o

The secondary NIC is disabled. I am, however running the Hyper-V service, with the primary NIC bridged to the VMs. So - yes, there is a virtual NIC. Lemme run and get an ipconfig/all....
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34137792
Not only "not officialy supported" it will break your SBS.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34137872
Ipconfig results are likely not needed. With hyper-v installed DHCP will not work properly as pointed out by Cris's article, and client <=> server communications is affected. I am surprised you haven't had more issues.

I really question why Hyper-V is present in the roles on SBS, or at least there isn't a big popup warning you when you try to install, as it is definitely not supported and it's easy to make the mistake of installing it.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34137874
yup..agree with Rob...you are going to have to take HyperV off there..RWW is just one of the issues you will have going forward.
0
 

Author Comment

by:AmacusIT
ID: 34137993
Ok. This is slightly worryingn now :-(

I accept that I've (apparently) utterly missed that Hyper-V does not work properly on SBS (frigging heck, why doesn't it warn you when you install the role, as you do on any other S2k8 install!)

I should imagine that DHCP is working, because I've set the binding in the DHCP console to the correct interface already.. I guess this could explain some of the problems I've been having with the repeated requests for authentication in Outlook as well :-(

I was planning to run a couple of virtual workstations on the server, so that people could access them via the RWW portal. How nice an "all in one" package that would be.

I prepare to be shot-down here, But before I dedicate another machine to running VMs :'-( :'-( Has anyone successfully got this working? The only "major" problem I am having is the ability to connect to the machines via RWW. What else can I expect? Or is this just now wasting everyone's time, as it's not supported?

Thanks guys :-(

0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34138040
You will simply have a box in a totally unsupported state...sorry.  
If you install Hyper V first..the SBS as a Guest with workstations as a guest...supported..lots of folks doing it..works well.

Lots of folks have tried and failed to get this to work...as noted by the KB article.

Sorry for the bad news.    And the Outlook issue is not related...Install Exchange 2007 SP3 on the SBS server and that will go away
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34138116
Agree, it is not possible.
The ideal configuration is SBS premium which comes with licensing to have:
a Server 2008 Hyper-v host
SBS 2008 VM
Server 2008 VM
and SQL.
You can also add additional VM's, assuming you have the horsepower.
0
 

Author Comment

by:AmacusIT
ID: 34138137
Ok. So I guess my options are..

1. Cry.

2. Dedicated network machine to run VMs - uninstall the Hyper-V role, re-run the "fix my network" wizards, and hope it irons itself out. (Thanks for the Exchange SP3 tip by the way! Ironically I haven't done that because I was scared of breaking the "standard" SBS install..)

3. Run rather un-supported, and get users to access the virtual workstations via RDP from the LAN, or a p2p VPN product like Hamachi to connect from the wider world. Hope I have no on-going problems.

4. Run SBS alongside the Virtual workstations in Hyper-v with Server 2008 as a Host. Does anyone know if Hyper-V has the ability to convert a physical OS to a virtual one? This might save me setting up the whole damn thing again. Might struggle with the BHP at that stage, however.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34138139
The following may be of some help outlining virtualization scenarios:
http://blogs.technet.com/b/sbs/archive/2008/09/15/sbs-2008-and-virtualization.aspx
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34138164
1 always a good option  :-)
2 good option
3 not an option, this will come back to haunt you over and over with wizards, patches, and services
4 you can convert physical to virtual with disk2vhd  http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34138306
What Rob said...LOL  he just got there faster...
You absolutely do not want to be in an unsupported condition......as soon as you post stuff here or if you contacted MS for support...and they find out you're running Hyper V Role with SBS...the first thing you will be told is to get rid of the Hyper V role because it's not supported
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34768630
RobWill and I have both posted essentially the same and correct resolution.  The author must remove the Hyper V role from the SBS server to get back to a configuration which will work and is supported
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34768653
I definitely agree. Not only is it unsupported, but guaranteed to have issues for eternity.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34869069
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now