Re: RWW

Robert,

in-line.....

--
Cary W. Shultz
Roanoke, VA 24012
"Robert Li [MSFT]" <v-robeli@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:TdP6c8S9HHA.428@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello Cary,

Thanks for posting in our newsgroup.

From your description, I know that when you visit RWW, you get pop up for
username and password. You need to input the domain\username or username
many times to access the website. If that's not right, please don't
hesitate to let me know.

Please let me know the following to make the situation more clearly:

1. Do all users or only the new created customers have such issue? Did you
use the SBS Add user wizard to create new user?


We inheirited this client and, like all the others, none of the user account
objects were created with with Add User wizard. They were all done the
"normal" Windows Server 2003 way...


2. Does the same issue occur visiting OWA?


No, simply opening up IE and going to https://mail.mydomain.com/exchange
takes me to the FBA logon page and I am able to enter the credentials only
once and am then taken to that user's Inbox.....


3. What important change did you made before the problem first occurred?


I am not aware of any changes that were made before we noticed this error.
My other colleague was on-site some two weeks ago (as they have one office
in Richmond and one office in Salem...I am down the street from the Salem
office and my colleague is about one hour away from the Richmond office...I
would have to ask him what, if any, changes were made). My colleague is not
really SBS2003-aware! It is kinda scary when I am the "expert" when it
comes to SBS2003....


4. Where did you visit RWW, please external or internal?


I initially attempted it remotely (externally). I was able to remotely
access the server (both via RDP and via the management software that we put
on all of the computers that we manage) and I was able to access the single
workstation in question - from the server - via RDP. I wanted to make sure
that this worked before trying RWW in this environment. Now, I did need to
enable Remote Desktop first and to add to the local Remote Desktop Users
security group on the workstation in question. Once I did this I
attempted - via https://mail.mydomain.com/remote - to access that specific
workstation. I was not able to (but that was because Port 4125 was not open
on the Firewall. Once I changed this I was able to immediately access that
specific workstation). However, I found it odd that I was prompted twice
(the pop-up) as well as entering credentials on the FBA logon page. Thus,
this post!


5. Do you have ISA installed?


Nope, this is SBS2003 Standard and ISA was not installed after-the-fact.



First, this is not normal behavior. When users navigate their browsers to
the Remote Web Workplace web site, they are first presented with a
forms-based authentication logon page, not pop up box. Users are required
to enter a valid domain user name and password. The page does not request
the domain name; during the authentication process, the existing SBS
domain
name will be forwarded with the user's log on credentials.

Based on my research on this issue, please take the following steps to
narrow down this issue:

Step 1: Please test on SBS server, can the problem be reproduced?


Nope, when I am remoted into the server (either via RDP or our management
software...I did both) when I enter https://servername/remote I am taken to
the RWW FBA logon page (without being prompted for credentials by the
pop-up). I am able to enter the credentials on that FBA logon page and am
brought to her dynamically genereated page (and, not prompted for
credentials again). I can click on "read my e-mail" and am instantly taken
to her Inbox (which I naturally quickly close as I do not need to read her
e-mail) and I can click on "connect to computer at work" and am taken to the
correct screen (all without being prompted by the pop-up). Additionally, I
tried this using just http://servername/remote. Same results!



Step 2: Please rerun the CEICW, this helps us to configure network and IIS
setting correctly:


I will do this in a bit....



More info:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Step 3: The problem may be caused incorrect IIS setting, please check the
following:

1. Check Default Web Site setting under IIS
1) Open Server Management console, go to Advanced Management\Internet
Information Services.
2) Under Website, right click Default Website, select Properties
3) In Virtual Directory tab, make sure it is using DefaultAppPool. Go
to
Directory Security tab, click Edit button, make sure that only Anonymous
and Integrated access are enabled.
The Default domain and Realm box are empty.


Yep! That would be the settings that I see....



2. Check Virtual Server Remote setting

1) Open Server Management console, go to Advanced Management\Internet
Information Services.
2) Under Web Sites\Default Web Sites\Remote, right click the Remote
directory, select Properties.
3) In Virtual Directory tab, make sure it is using DefaultAppPool, go
to Directory Security tab, click Edit button, make sure that only
Anonymous
and Integrated access are enabled.
The Default domain and Realm box are empty.


Yeppers! These are the settings that I see...


If the problem persist, please help me collect the following information
for further research:

1. Please create a test account for me, give me the url of RWW, username,
password and I need to test on my side.


I have no problem doing this, Robert. But let's save this as a last resort.


2. Gather IIS log:

1) Open IIS snap-in.
2) Right click Default Web Site and click Properties.
3) Uncheck the "Enable Logging" box and click Apply.
4) Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files to
a backup location.
5) Check "Enable Logging" box and click OK.
6) Run IISReset command.
7) Reproduce the problem and send the log file in
C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.


Reproduced....log file to follow



3. Gather IIS Metabase:

1) Download the IIS Resource Kit tools from the following page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en
2) Install it, run MBExplorer (Metabase Explorer)
3) Right click the "LM" node and choose "Export to file".
4) Specify a file name, specify the password and finish the export.
5) Send the file and the password to v-robeli@xxxxxxxxxxxxx with subject:
40416855-rww.


Done...it is on its way...Thanks!



I am looking forward to hear from you.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
<Reply-To: "Cary Shultz" <cwshultz@xxxxxxxx>
<From: "Cary Shultz" <cwshultz@xxxxxxxx>
<Subject: RWW
<Date: Mon, 10 Sep 2007 15:08:53 -0400
<Lines: 29
<Organization: outsourceIT, Inc.
<X-Priority: 3
<X-MSMail-Priority: Normal
<X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<X-RFC2646: Format=Flowed; Original
<Message-ID: <OxI0c498HHA.4612@xxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<NNTP-Posting-Host: ip24-254-181-132.rn.hr.cox.net 24.254.181.132
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:61997
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Good afternoon!
<
<Taking a bit of a vacation for the next three days...not that anyone
cares!
<But, I thought that I would clear up a few things in my head.
<
<Regarding RWW (Remote Web Workplace) in SBS2003 Standard....I have it set
up
<at a new customer and everything is working just swell. Well, I think!
It
<seems that users are asked for credentials too many times. Maybe it is
how
<things are set up on the /remote folder in IIS...
<
<Anyway, the user enters http://mail.mydomain.com/remote and the first
pop-up
<appears (the usual pop up when basic authentication is
configured....title
<bar indicates 'connecting to mail.mydomain.com'). We enter the
credentials
<in the domainname\username format and then the password. We are then
<brought to the web page where we enter user name (without the domain
name)
<and password and hit enter and then that popup windows appears again
<('connecting to mail.mydomain.com'...domainname\user name and then
<password). Once we enter the user name and password (again...) we come
to
<the page with the links.
<
<Is this *normal*?
<
<Thanks,
<
<--
<Cary W. Shultz
<Roanoke, VA 24012
<
<
<



.