?
Solved

401 error

Posted on 2013-06-28
11
Medium Priority
?
758 Views
Last Modified: 2013-07-06
Users connecting to the office LAN by VPN are getting a 401 error when they try to log in to CRM 2011. Local users login successfully.  This problem has only been occurring for a week having been working fine until then. I am not aware that anything has changed. Previously remote users would open the CRM url and domain login credentials were requested. Local users log in to CRM automatically as the current windows user.

The error in the IIS log is 401 5

IIS is version 7 on Server 2008

Suggestions please?....

Thanks,
Jo
0
Comment
Question by:jostick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:truinx
ID: 39283974
In a given change, there is equivalent change. The question is what changed?

Try to ask the security guy?

Do you have any logs that can help EE people assist you?
At first glance, you seem to have an auto-rejection connection problem.
0
 

Author Comment

by:jostick
ID: 39283985
from IIS:

GET /default.aspx +OnBeginRequest:06/28/2013-10:17:00.572+LogEntries:0+SqlCalls:0+SqlCallsMs:0+GC:2+OnEndRequest:10:17:00.572 80 - 192.168.64.71 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.1;+Trident/6.0) 401 5 0 78

The problem is not browser dependant. It is just on remote PCs that require user to login to website. This is also for users that are logged into their remote PC using cached domain credentials that would work locally.
0
 
LVL 5

Expert Comment

by:truinx
ID: 39283999
What happens if the user use IE?
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 11

Expert Comment

by:b_levitt
ID: 39284095
I would guess this is an IE zoning problem.  When on the internal network, the site is correctly being detected in the local intranet zone, but while connecting via vpn it's being detected as an Internet site.  IIRC, IE only pushes domain credentials if a site is in the intranet zone.  You can start by manually adding the site to the intranet zone and see if that fixes that one computer.  If this is the issue, then you can start looking at it globally.  When we have problems like this, it's typically a proxy configuration issue.  Either a proxy was not configured or the domain was not included in the proxy bypass list (which automatically adds the site to the local intranet zone: http://msdn.microsoft.com/en-us/library/bb250483%28v=vs.85%29.aspx.

There are other issues, such as lack of connectivity to the domain controller, but the zoning and the proxy config is where I'd start.  Do internal and VPN users access the site in the same manner (same URL?).
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 39286511
Hello,

As far as CRM is working fine locally there should not be any major issue. Make sure that the DNS record is pointing appropriate IP address while accessing website through VPN.

Also, try accessing using with alternate web browser.

Regards,
Sanjay Santoki
0
 

Author Comment

by:jostick
ID: 39289312
Sorry, misinformation. Problem occurs on some PCs only and is with IE not Firefox. Possibly it is IE9 problem. Site is local intranet zone
0
 

Author Comment

by:jostick
ID: 39289316
Login to other local web servers (e.g. SharePoint) is OK.
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 39289717
Hello,

It could be browser specific issue. You can compare browser setting between the computers where it is working.

Regards,
Sanjay Santoki
0
 

Accepted Solution

by:
jostick earned 0 total points
ID: 39289805
The problem is to do with Kerberos and IE. I have resolved it by deselecting IE option to use windows autentication
0
 
LVL 11

Expert Comment

by:b_levitt
ID: 39290016
If kerberos is the problem, you could configure the server to use NTLM instead.  I see this all the time when sites are upgraded from windows 2003 to windows 2008, but I'm surprised it suddenly happened here.
0
 

Author Closing Comment

by:jostick
ID: 39303671
provides a workaround but does not resolve root cause
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
On Sep 22nd 2014 Microsoft released Update Rollup 1 for Microsoft Dynamics CRM 2013 Service Pack 1 and back in July Update Rollup 3 was released.  So we now have:   Update Rollup 1Update Rollup 2Update Rollup 3Service Pack 1Update Rollup 1 for S…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month10 days, 2 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question