[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1611
  • Last Modified:

Sharepoint Ports To Open? Can't access My Company's Internal Website

There's a problem accessing My Company's Internal Website on SBS 2003, not just remotely but also from inside the network. When I go to click it, it pops up a login credientials box, and when I put in my credientials, it does nto work and will eventually pop up with a "You are not authorized to view this page". RWW works internally, and I'm completely stumped on the issue. Also, on the site, it was created to go through port 80 with SSL port 444.
We have an ASA firewall and I went into the configuration and added a nat statement to forward the port 444 to the IP address and even put in a Access List statement to allow the traffic through. Is there something that I'm missing not just on the firewall side, but in general? What makes me wonder is the fact that its a problem internally as well. This just started happening a few days ago... Any help would be appreciated.
0
joe_edmond
Asked:
joe_edmond
  • 13
  • 10
  • 3
2 Solutions
 
Justin SmithSr. System EngineerCommented:
What are you inputting as your user name?   MUST be in the form of domain\username.
0
 
joe_edmondAuthor Commented:
yes i did that right
0
 
Justin SmithSr. System EngineerCommented:
When you created the web application, did you choose Kerberos as the authentication method?  You can check via Central Admin - Manage Web Applications.  Highlight the right one and look at the Authentication Providers button in the ribbon.
0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
joe_edmondAuthor Commented:
Update: I haven't changed a thing, but when I tried to access this through the web on the server that hosts the site, this happens. But if I try to access this through a workstation on the domain, then it works....This is really confusing me.
0
 
Justin SmithSr. System EngineerCommented:
Oh, well that is another story.  You need to disable Loopback on the server.

Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
0
 
joe_edmondAuthor Commented:
I went into Central Administration> Application Management> Authentication Providers> Edit Authentication. Under IIS Authentication Settings, it was NTLM. I can change it to Kerberos.
0
 
joe_edmondAuthor Commented:
@Ach1lles, the registry issue worked on the local host. THanks for the heads up. will this solve the problem on remotely accessing the site? I'm about to test on a remote workstation...
0
 
Rob WilliamsCommented:
If internally works and you are loosing the connection after entering credentials externally it sounds like port 444 is blocked.  Authentication takes place over 443, and then Sharepoint is displayed ove 444, no need at all for 80.

I have bloged about configuring an ASA5505 for SBS 2008.  Same applies to 2003 only 2008/201 do not use 444.  Just follow the instructions for port 987 (but use 444).
http://blog.lan-tech.ca/2012/01/22/configure-cisco-asa-for-sbs-20082011-network/
0
 
joe_edmondAuthor Commented:
Ok I will try this now and give an update. Do I need to change the authentication to Kerberos?
0
 
Justin SmithSr. System EngineerCommented:
No, friend.  The loopback alone will solve your issue.
0
 
joe_edmondAuthor Commented:
@RobWill, I put this in there....It's running off of 6.2 so I dont think your commands worked.

object network obj-SharePoint444
 host 192.168.1.250

access-list outsidein extended permit tcp any any eq 444

object network obj-SharePoint444
 nat (inside,failover) static interface service tcp 444 444
0
 
Justin SmithSr. System EngineerCommented:
Joe.  I can assure you, the problem you face is the loopback.
0
 
joe_edmondAuthor Commented:
ACH1LLES, you're saying the Loopback can cause the issue from a remote workstation as well? If so, then I'll verify that as well.
0
 
Justin SmithSr. System EngineerCommented:
Loopback is for fixing site access FROM the server.  Above you said from a remote workstation it was working, but from the server it was not.
0
 
joe_edmondAuthor Commented:
No, it was working for a workstation on the domain, which is not remotely. It's in the internal network. I don't know if it is working on a workstation outside the network yet, I am verifying that now. But as far as the server itself, the Loopback issue solved that portion. Thanks Ach1lles!
0
 
Justin SmithSr. System EngineerCommented:
Ok. Do users inside and outside the firewall use the same URL?
0
 
joe_edmondAuthor Commented:
no, they use different ones. The URL's seem to  work. its just the issue accessing the companys internal website.
0
 
Rob WilliamsCommented:
If you test port 444 from the server using  www.canyouseeme.org ,  does it show as successful?
0
 
joe_edmondAuthor Commented:
yes it does show successful.
0
 
Rob WilliamsCommented:
Then at least your router config should be correct.
0
 
Justin SmithSr. System EngineerCommented:
And you have an Alternate Access Mapping set for each URL on the web app?
0
 
joe_edmondAuthor Commented:
Ok this is weird, The site came up (I'm assuming from the port forwarding). But when i go to any link inside the website, it will ask for credientials and then they will not take. I know for a fact I am typing them correctly. As for Alternate Access Mapping, idk what that is. Do I need to change the authentication to Kerberos?
0
 
joe_edmondAuthor Commented:
Alright, I'm sorry for the confusion and lack of complete information everyone. Please bear with me. On the remote workstation, The site does come up and it says I'm logged in as the credential that I am on the workstation. When I go to sign as a different user as choose my domain credential( remember this is a remote machine) it continues to pop up as if it doesn't work. I'm trying to use domain credentials.
0
 
Justin SmithSr. System EngineerCommented:
No, you don't need to switch to Kerb.

Are you absolutely positive you are inputting the correct user/password?  That is the problem 95% of the time when the logon prompt continues to come up.

Alternate Access Mappings are how you tell SharePoint what URL should be registered to your web app.  In Central Admin - App Management - Configure Alt Access Mappings
0
 
joe_edmondAuthor Commented:
Here's the current issue now: I can get to the site, but I am now presented with an access denied page, which I didnt before, so progress is made. When I click the link "Sign in as a different user", I'm presented with credentials pop up. I am absolutely sure that I am using the correct credentials. It then does not take the credentials and continues to pop them up as if they are not correct. As far as App Management, I can't seem to find this anywhere. I'm extremely lost.
0
 
Justin SmithSr. System EngineerCommented:
0

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

  • 13
  • 10
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now