Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: "Anthony [MVP]" <anthony@xxxxxxxxxxxx>
- Date: Thu, 29 May 2008 22:37:04 +0100
Did you look in the logs?
"techtedg@xxxxxxxxx" <techtedgkcrrcom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:2D60AF88-5CA1-42D2-A262-4E322C2D3677@xxxxxxxxxxxxxxxx
I tried digest but it doesnt perform any differently. I am out here right
now
and it appears i can still login to owa/sharepoint while logged in as the
local admin, but if i login as the domain admin or any other domain user
it
doesnt let me connect to owa/sharepoint. Changing to forms based auth also
didnt help, and since we are using phones with activesync i have to leave
it
off anyways. We are starting work in this field office on Monday and i
really
need to get these resolved, having everyone connect to the VPN for
owa/sharepoint wont be possible where we are because of the sat internet
we
are using... any other thoughts????
Thanks in advance for the help.
"Anthony [MVP]" wrote:
I agree, it sounds like the Integrated Authentication is breaking down.
You
can check in the IIS logs whether the request is received, and what
response
the server gives.
You might try changing the OWA authentication, for example:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
Just for fun you could try Digest, which secures the logon without
requiring
an SSL certificate,
Anthony,
http://www.airdesk.co.uk
"techtedg@xxxxxxxxx" <techtedgkcrrcom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:138BD2F7-316C-4607-9214-696790F241AB@xxxxxxxxxxxxxxxx
Yes we are using host headers. owa.domain.net is just a forwarder to
the
default exchange address of www.domain.net/exchange and jobs.domain.net
is
an
actual virtual server with sharepoint extended to it.
This is not SBS and were not using ISA nor SSL. We may implement SSL
down
the road but for now i am just trying to get this to work for external
users....
Also you meantioned the "default" site is working externally for domain
users and the sharepoint&owa sites are not. The default site is a
public
site
tho, no auth required. Of course the sharepoint/owa sites require auth.
Could
this be some sort of NTLM/Kerberos issue with external domain profiles?
Like
the authentication for domain profiles isnt being carried thru to the
server?
Normally when we browse to owa/sharepoint on domain profiles internally
it
doesnt ask for credentials, it just uses the locally logged in
credentials
to
access the site. But when accessing from a non-domain profile it asks
for
username and password... just thoughts....
Anybody got any ideas?
"Anthony [MVP]" wrote:
I don't have an easy answer for you. This is what I have understood so
far:
- DNS resolution seems OK
- The IP address and the default site FQDN are being resolved OK in
all
cases
- The sites that are reached through Host Headers are not resolved. I
assume
they are host headers because you have not mentioned different IP
addresses
and you mentioned the WAN IP address in the singular.
- It seems the failure only happens for domain users on domain
machines
connecting over the Internet, and not for any other combination, and
only
for the host header sites not for the default site.
- Is this SBS? Do you have ISA?
It is not what you asked, but if I were providing access to OWA and
SharePoint authenticated over the net I would be using https.
Anthony,
http://www.airdesk.co.uk
"techtedg@xxxxxxxxx" <techtedgkcrrcom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@xxxxxxxxxxxxxxxx
It never works as the domain admin or any domain profile, it always
works
as
any non-domain profile (such as local admin).
When pinging i get the same results whether i'm logged in to a
domain
profile or non domain, all the sites (i.e. jobs.domain.net &
owa.domain.net)
all resolve back to our WAN ip address.
When i try to connect to the IP address from either a domain profile
or
non
domain i get our main public company webpage by default
(www.domain.net
or
domain.net normally).
When i connect to the name (jobs.domain.net etc) from a domain
profile
it
says page cannot be found. When i browse to the name from a
nondomain
profile
it comes up and asks for credentials and lets me login to the
site(s).
"Anthony [MVP]" wrote:
When the client is outside the WAN, I think you said that it works
as
admin
or as user when unjoined, but not as user when joined to the
domain.
What happens when you ping in those different circs? Also, what
happens
when
in IE you connect to a) the name and b) the ip address?
Anthony,
http://www.airdesk.co.uk
"techtedg@xxxxxxxxx" <techtedgkcrrcom@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@xxxxxxxxxxxxxxxx
Well when i am NOT connected to the VPN all the sites (i.e
jobs.domain.net&owa.domain.net) resolve back to our WAN ip
address
for
both
domain users and nondomain users. When connected to the VPN it
resolves
to
the local ip address of the server itself (ie. 10.1.1.1).
"Anthony [MVP]" wrote:
What happens when you ping the sites?
Anthony,
http://www.airdesk.co.uk
"techtedg@xxxxxxxxx" <techtedgkcrrcom@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message
news:D9490BE3-E37F-4B21-901C-99BC45885AAD@xxxxxxxxxxxxxxxx
No we arent specifying any proxy server inside IE. I did see
an
article
about
something close to this and it suggested running a command
locally
on
ther
server if you DONT run a proxy, and then also specifying a
fake
proxy
inside
the users IE settings. I tried this for one user with no luck,
and
have
now
set the proxy settings back to default "unchecked" inside IE.
I'm
sure
it
has
something to do with the way the domain users get routed
externally
to
the
site(s) but i'm not sure where to start/look. Any other
ideas???
"Anthony [MVP]" wrote:
Are you perhaps specifying a proxy server in the user's
Internet
Explorer
settings?
Anthony,
http://www.airdesk.co.uk
"techtedg@xxxxxxxxx"
<techtedgkcrrcom@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message
news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@xxxxxxxxxxxxxxxx
We are currently running a single domain controller with
exchange
2003
and
sharepoint v2 both installed. We have a VPN setup. When
PCs/laptops
are
here
in the office they can access both OWA/Sharepoint without
any
trouble.
When a
domain PC is external to the local network (i.e. a site
office)
users
CANNOT
access OWA/Sharepoint sites through the std internet
connection.
However
if i
connect those same PCs/Users to the VPN they CAN access
OWA/Sharepoint
while
they are connected, as soon as they disconnect from the VPN
they
lose
the
ability to browse to OWA/Sharepoint they just get the std
"page
cannot
be
found" error in IE. Now whats weird is if i either disjoin
the
pc
from
the
domain AND/OR just login as the local admin i CAN browse to
OWA/Sharepoint
(also my personal PC at home which isnt a domain PC can
always
browse
to
our
sharepoint/owa site).
So basically if you are a domain user and are not in the
office
or
connected to the VPN you CANNOT access OWA/Sharepoint, it
doesnt
even
come
up
and ask for credentials it just says "page cannot be
found".
If
you
are
NOT a
domain user you CAN access OWA/Sharepoint thru the internet
without
VPN
connection.
I'm pretty sure the router, external DNS, etc is correct or
else
the
non-domain users wouldnt be able to access the sites. This
must
be
something
to do with domain config. HELP!!!
How can i fix this?
.
- References:
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: Anthony [MVP]
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: techtedg@kc.rr.com
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: Anthony [MVP]
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: techtedg@kc.rr.com
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: Anthony [MVP]
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: techtedg@kc.rr.com
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: Anthony [MVP]
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: techtedg@kc.rr.com
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: Anthony [MVP]
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- From: techtedg@kc.rr.com
- Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- Prev by Date: Hardware firewall recommendation...
- Next by Date: Installing W2K3 SP2 on application servers such as SQL and MOSS
- Previous by thread: Re: External Domain PCs wont browse to OWA nor Sharepoint sites
- Next by thread: Re: Windows 2003 - can't back up system state
- Index(es):
Relevant Pages
|
Loading
