RE: Company Web Kerberos Error


1. Have you tried all the suggestion I have provided in my previous reply?

As I stated before: "> | I have attempted all of the requested steps to no
change.


2. Please make sure IIS_WPG, Local Service and Network Service accounts
have Read & Execute, List Folder Contents, and Read permissions to
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322.
3. Ensure IIS_WPG, Local Service and Network Service accounts have Full
Control permission to
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files.

Ok, I did this but have no idea why this would be relevant. The problem only
occurs in IE. It works fine in firefox and on RWW. If it was a server
security issue this would not be the case. According to the only error
message I am receiving it is a Kerberos Security issue between the client and
the server. Why arent we dealing with this part of the problem?

I changed the permisions as you requested but there is no change. The
problem is exactly as it was before after doing everything you have asked me
to do.

Shane





Thanks for your time and I look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Company Web Kerberos Error
| thread-index: Aca2Pr4smfsKgZP3S1Or8pCz7cWpXw==
| X-WBNR-Posting-Host: 69.15.11.10
| From: =?Utf-8?B?U2hhbmU=?= <Shane@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <97CFD6AD-670F-49D5-A078-A71B293F010B@xxxxxxxxxxxxx>
<cJqV4BftGHA.1992@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Company Web Kerberos Error
| Date: Wed, 2 Aug 2006 07:20:02 -0700
| Lines: 78
| Message-ID: <BE3D9758-78A8-42CD-A90E-2B887E13AF20@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:286339
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
|
|
| ""Crina Li"" wrote:
|
| > To narrow down the problem, would you please help me collect the
following
| > information?
| >
| > 1. Are you accessing companyweb from internet or internal LAN?
|
| We are attempting to access companyweb from internal LAN. We can
| successfully access it from RWW remotely but not from internal.
|
| > 2. Does the situation occur if you access companyweb via
http://companyweb
| > from internal network?
|
| Yes that is when the situation occurs. It also occurs if you go to the
| default website by using the IP address and clicking on My Company's
Internal
| Website.
|
| > 3. Does the situation occur on all users or only one user account?
|
| The situation occurs on all users.
|
|
| > 4. Are you using ISA 2000 or ISA 2004?
|
| ISA2004
|
|
| > 5. What is the detailed error message when you access companyweb?
|
| When you attempt to go to companyweb, we receive a pop up log in box. It
| will not accept any credentials and then after 3 attempts states:
| You are not authorized to view this page
| You do not have permission to view this directory or page using the
| credentials that you supplied.
----------------------------------------------------------------------------
----
|
| Please try the following:
|
| Contact the Web site administrator if you believe you should be able to
view
| this directory or page.
| Click the Refresh button to try again with different credentials.
| HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
| Internet Information Services (IIS)
|
----------------------------------------------------------------------------
----
|
| Technical Information (for support personnel)
|
| Go to Microsoft Product Support Services and perform a title search for
the
| words HTTP and 401.
| Open IIS Help, which is accessible in IIS Manager (inetmgr), and search
for
| topics titled Authentication, Access Control, and About Custom Error
| Messages.
|
| > 6. Does the situation occur if you access companyweb on SBS?
|
| No, Companyweb on the SBS server works fine. It also works via browsing
| through IIS.
|
| I have attempted all of the requested steps to no change. I am still
logging
| Kerberos error 4 in the System Event Log that states the following:
|
| The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
| host/litespeed.rms.local. This indicates that the password used to
encrypt
| the kerberos service ticket is different than that on the target server.
| Commonly, this is due to identically named machine accounts in the
target
| realm (RMS.LOCAL), and the client realm. Please contact your system
| administrator.
|
| This error only occurs on the client PC but is occuring on all client
PC's
| when first attempting to access companyweb.
|
| Thank you for your assistance.
|
| Shane
|
|


.