Repeated Failure Audits - related to RPC over HTTPS
- From: "SPU-Joel" <SPU-Joel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 Aug 2005 14:41:17 -0700
I recently upgraded both of our front end servers. One of them is dedicated
for OWA and one is dedicated for RPC over HTTPS. HTTPS works flawlessly, but
I was getting repeated failure audits in the security logs on both the
front-end and back-end servers. Every failure audit was related to the fact
that a remote client was trying to authenticate using integrated, but since
it wasn't part of the domain it couldn't. Here are the details of an example
log entry:
Source: Security
Category: Account Logon
Type: Failure Aud
Event ID: 680
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: user@xxxxxxxxxx
Source Workstation: USERNPC
Error Code: 0xC0000064
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
I read conflicting bits of information from various MS docs, one said to
enabled Windows Integrated and one said not to:
According to the “Exchange Server 2003 RPC over HTTP Deployment Scenario”
documentation we are supposed to configure the RPC virtual server this way:
1. On the Authentication Methods window, verify that the check box
next to Enable anonymous access is cleared.
Note RPC over HTTP does not allow anonymous access by default despite what
the user interface shows.
2. On the Authentication Methods window, under Authenticated access,
select the check box next to Basic authentication (password is sent in clear
text), and ensure the check box next to Integrated Windows authentication
(NTLM) is checked, and then click OK.
Here's the conflicting article which I found at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;827330#XSLTH4211121123120121120120
It says:
“Integrated Windows authentication does not work over HTTP proxy
connections. Additionally, integrated Windows authentication takes precedence
over basic authentication.”
And it tells me to configure it this way (note, it does not say to use
integrated authentication):
4. Click to clear the Enable anonymous access check box if it is selected.
5. Click to select the Basic authentication (password is sent in clear text)
check box. You receive the following message:
The authentication option you have selected results in passwords being
transmitted over the network without data encryption. Someone attempting to
compromise your system security could use a protocol analyzer to examine user
passwords during the authentication process. For more detail on user
authentication, consult the online help. This warning does not apply to
HTTPS(orSSL) connections.
Are you sure you want to continue?
Note In this message, the word "HTTPS(or SSL)" is a misspelling for the
words "HTTPS (or SSL)."
Click Yes.
6. Click OK two times.
After turning off integrated authentication the errors went away on the
front-end server, but they persist on the back-end server. I can't turn off
integrated on those or my internal Outlook clients will be forced to enter in
username/password information after logging in.
Any help would be very appreciated!!!
.
- Prev by Date: Re: I keep getting the error you are not autherised to send mail
- Next by Date: Re: Verizon issue
- Previous by thread: I keep getting the error you are not autherised to send mail
- Next by thread: OWA and Forms Based Authentication
- Index(es):
Relevant Pages
|
