Re: RWW authentication

Susan:
Thanx for your concern about the lack of security. but the Isa firewall
was only disabled for a few minutes in order to test. Actually It wasn't
disabled. we just added a filter that allowed everything both in and out.
It's actually quite easy and you just log all traffic for that period.
The answer to your queston about administrator is that it doesn't work
either. No account will authenticate thru RWW. There is clearly a registry
entry somewhere that specifies acceptable ip ranges that is not just thru the
GUI for IIS, but I do not have any reference material for RWW to be able to
check the registry.

I have tried to establish connections even from the internal side of the LAN
without success.


"Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:

Didn't say you were I was just ensuring the foundations were in place.

Given that you have disabled ISA, you have an external firewall I hope?
4125 is the control port is why we always double check that.

But let's check the iis log files and establish if there are any users
that can log in.

Does admin work?

SBS-HOOP wrote:

I'm not stupid; of course the workstations are joined to the domain and all
of the necessary ports are opened. The problem presents itself even with the
firewall turned off and ISA Server disabled. Not a port issue as far as I
can tell.



"Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:



Are the workstations joined to the domain and you have port 4125 open at
the router?

SBS-HOOP wrote:



We have SBS2003 SP1 with ISA2004 installed and at current fix levels thru
2/22/2006. Client machines are all running XP sp2 with up to date patches.

When we try to sign into RWW at https://servername/remote everything moves
smoothly until we actually try to login into the RWW login page. All of the
SSL authentication seems to work just fine however on the actual RWW login
page we always seem to get the following error message:

"The user name or password is incorrect. Verify that CAPS LOCK is not on,
and then retype the current user name and password. If you receive this
message again, contact your system administrator to ensure that you have the
correct permissions to use the Remote Web Workplace."

We have checked the user name and password, all of the AD permissions, group
membership, Directory security allows all computers and all authenticated
users.

Any clues would be helpful. Thank you





.

Relevant Pages

  • RES: ISA firewall
    ... If we want to judge ISA as a firewall product (or if you want to judge ... Linux) were compromised by a security hole that was identified days ago, ... flaws, so does every single bit of line of code out there. ...
    (Security-Basics)
  • Re: Must I be forced to Upgrade from SBS 4.5?
    ... Just sometimes with security you need to be political, a NAT only customer ... "wrong" if no "industrial strength" firewall is not installed, ... The good thing about ISA is that it can be updated ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Firewall recommendation ?
    ... When attending an ISA security workshop some time ago the instructor pointed ... > firewall will most likely get caught on the second one. ... > have redundant firewalls and separate firewall types in layers. ...
    (microsoft.public.windows.server.sbs)
  • RE: suggestions on a good firewall
    ... Keep your active directory far from your firewall. ... security product and shouldn't be integrated into your internal network ... >made pressure to have MS ISA server as a firewall. ... tight Active Directory integration. ...
    (Security-Basics)
  • Re: Firewall recommendation ?
    ... I am confident in ISA doing it's job, ... a result I have a very high standard security wise, ... Most of the SBS clients I have use a hardware ... >> Adding a hardware firewall does increase security, ...
    (microsoft.public.windows.server.sbs)