Re: Integrated Authentication - one way cross forest trust
From: mpriess (mpriess_at_directalliance.com)
Date: 02/06/04
- Next message: Aaron Bertrand - MVP: "Re: Server object, ASP 0177 (0x8007000E) Ran out of memory"
- Previous message: Umashankar: "Server object, ASP 0177 (0x8007000E) Ran out of memory"
- In reply to: doug: "Integrated Authentication - one way cross forest trust"
- Next in thread: Carroll P. MacDonald: "Re: Integrated Authentication - one way cross forest trust"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 6 Feb 2004 07:39:32 -0700
Thanks for replying Doug, but I found this article a few days ago and none
of the solutions apply to our particular scenario.
"doug" <anonymous@discussions.microsoft.com> wrote in message
news:bdaf01c3ecbd$d9698090$a501280a@phx.gbl...
> Does this help?
>
> http://www.eventid.net/display.asp?eventid=537&source=
>
> doug
> >-----Original Message-----
> >Hello everyone...here is my issue:
> >
> >When attempting to access a website on IIS6 we receive a
> dialog box to enter
> >username and password. If we enter a domain\username
> and password of an
> >account that is in the same forest that the web server
> is in...we are
> >authenticated fine and the web page comes up.
> >
> >However, if, from the same machine we enter in an
> account (prefixed with the
> >correct domain name) from the trusted domain (an account
> that is not in the
> >same forest as the web server...but does have
> permissions on the web site
> >and is in the trusted domain) we are unable to get past
> the authentication
> >pop up dialog box.
> >
> >Some other important info:
> >There is a one way trust in place. All other
> authentication to the trusting
> >domain is fine. So, this would lead me to believe it is
> specific to IIS.
> >Another web server has been brought up and we are
> receiving the same auth
> >issues. Sharepoint is running on this IIS server but
> the proper permission
> >have been given to the user we are attempting to
> authenticate with so we do
> >not believe this has anything to do with the problem.
> Also, the firewall
> >between both subnets is being monitored and no traffic
> related to the
> >authentication or web requests is being dropped.
> >
> >The security event log on the web server shows the
> following: (the domain
> >name has been changed here)
> >
> >Event Type: Failure Audit
> >Event Source: Security
> >Event Category: Logon/Logoff
> >Event ID: 537
> >Date: 2/6/2004
> >Time: 6:17:13 AM
> >User: NT AUTHORITY\SYSTEM
> >Computer: DAC-NMS
> >Description:
> >Logon Failure:
> > Reason: An error occurred during logon
> > User Name: mpriess
> > Domain: dom123
> > Logon Type: 3
> > Logon Process: NtLmSsp
> > Authentication Package: NTLM
> > Workstation Name: DAC3812
> > Status code: 0xC0000413
> > Substatus code: 0x0
> > Caller User Name: -
> > Caller Domain: -
> > Caller Logon ID: -
> > Caller Process ID: -
> > Transited Services: -
> > Source Network Address: 172.31.7.55
> > Source Port: 4200
> >
> >For more information, see Help and Support Center at
> >http://go.microsoft.com/fwlink/events.asp.
> >
> >
> >.
> >
- Next message: Aaron Bertrand - MVP: "Re: Server object, ASP 0177 (0x8007000E) Ran out of memory"
- Previous message: Umashankar: "Server object, ASP 0177 (0x8007000E) Ran out of memory"
- In reply to: doug: "Integrated Authentication - one way cross forest trust"
- Next in thread: Carroll P. MacDonald: "Re: Integrated Authentication - one way cross forest trust"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
