Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 770
  • Last Modified:

401 error

Users connecting to the office LAN by VPN are getting a 401 error when they try to log in to CRM 2011. Local users login successfully.  This problem has only been occurring for a week having been working fine until then. I am not aware that anything has changed. Previously remote users would open the CRM url and domain login credentials were requested. Local users log in to CRM automatically as the current windows user.

The error in the IIS log is 401 5

IIS is version 7 on Server 2008

Suggestions please?....

Thanks,
Jo
0
jostick
Asked:
jostick
  • 5
  • 2
  • 2
  • +1
1 Solution
 
Ronnel dela LuzAnalystCommented:
In a given change, there is equivalent change. The question is what changed?

Try to ask the security guy?

Do you have any logs that can help EE people assist you?
At first glance, you seem to have an auto-rejection connection problem.
0
 
jostickAuthor Commented:
from IIS:

GET /default.aspx +OnBeginRequest:06/28/2013-10:17:00.572+LogEntries:0+SqlCalls:0+SqlCallsMs:0+GC:2+OnEndRequest:10:17:00.572 80 - 192.168.64.71 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.1;+Trident/6.0) 401 5 0 78

The problem is not browser dependant. It is just on remote PCs that require user to login to website. This is also for users that are logged into their remote PC using cached domain credentials that would work locally.
0
 
Ronnel dela LuzAnalystCommented:
What happens if the user use IE?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
b_levittCommented:
I would guess this is an IE zoning problem.  When on the internal network, the site is correctly being detected in the local intranet zone, but while connecting via vpn it's being detected as an Internet site.  IIRC, IE only pushes domain credentials if a site is in the intranet zone.  You can start by manually adding the site to the intranet zone and see if that fixes that one computer.  If this is the issue, then you can start looking at it globally.  When we have problems like this, it's typically a proxy configuration issue.  Either a proxy was not configured or the domain was not included in the proxy bypass list (which automatically adds the site to the local intranet zone: http://msdn.microsoft.com/en-us/library/bb250483%28v=vs.85%29.aspx.

There are other issues, such as lack of connectivity to the domain controller, but the zoning and the proxy config is where I'd start.  Do internal and VPN users access the site in the same manner (same URL?).
0
 
Sanjay SantokiCommented:
Hello,

As far as CRM is working fine locally there should not be any major issue. Make sure that the DNS record is pointing appropriate IP address while accessing website through VPN.

Also, try accessing using with alternate web browser.

Regards,
Sanjay Santoki
0
 
jostickAuthor Commented:
Sorry, misinformation. Problem occurs on some PCs only and is with IE not Firefox. Possibly it is IE9 problem. Site is local intranet zone
0
 
jostickAuthor Commented:
Login to other local web servers (e.g. SharePoint) is OK.
0
 
Sanjay SantokiCommented:
Hello,

It could be browser specific issue. You can compare browser setting between the computers where it is working.

Regards,
Sanjay Santoki
0
 
jostickAuthor Commented:
The problem is to do with Kerberos and IE. I have resolved it by deselecting IE option to use windows autentication
0
 
b_levittCommented:
If kerberos is the problem, you could configure the server to use NTLM instead.  I see this all the time when sites are upgraded from windows 2003 to windows 2008, but I'm surprised it suddenly happened here.
0
 
jostickAuthor Commented:
provides a workaround but does not resolve root cause
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now