Re: RWW

Hi Cary,

Thanks for your reply.

Based on my research on the logs, the settings for Default Website and
Remote virtual directories are exactly the same as mine machine. Please
take the following steps to see if the problem can be resolved.

Step 1: Please check C:\Inetpub\Remote NTFS permission.

Administrators - Full control
Users(Domain Users) - Read and execute, List folder contents, Read, Special
permissions
Creator Owner - Special permissions
NETWork -List folder contents, Special permissions
System - Full control

Step 2: Please create a new user by running the add user wizard, then test
with new user again.

1. Open Server Management and then go to User node.
2. Click Add a User and then click Next.
3. Input Username and then click Next.
4. Input Password and then click Next.
5. Select a User Temp and then click Next.
6. Click Finish.

If the new user works, this is related to the user permission. Please run
the change user permission wizard.

Note: Suppose this user is domain user.

1. Open Server Management and click Users.
2. Click Change User Permission and then click Next.
3. Click User Template and Replace any previous permissions granted to the
users. Click Next.
4. Click problematic user account, click Add,
5. Click Next and then click Finish.

If the problem persists, please help me collect the following information
for further research:

1. Zip C:\Inetpub\Remote folder and send to me.
2. Visit from both internal or on SBS server, will the problem be
reproduced?

I am looking forward to hear from you.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Reply-To: "Cary Shultz" <cwshultz@xxxxxxxx>
<From: "Cary Shultz" <cwshultz@xxxxxxxx>
<References: <OxI0c498HHA.4612@xxxxxxxxxxxxxxxxxxxx>
<TdP6c8S9HHA.428@xxxxxxxxxxxxxxxxxxxxxx>
<Subject: Re: RWW
<Date: Wed, 12 Sep 2007 10:56:28 -0400
<Lines: 296
<Organization: outsourceIT, Inc.
<X-Priority: 3
<X-MSMail-Priority: Normal
<X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<X-RFC2646: Format=Flowed; Original
<Message-ID: <#N7iw0U9HHA.4712@xxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<NNTP-Posting-Host: ip24-254-181-132.rn.hr.cox.net 24.254.181.132
<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:62453
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Robert,
<
<in-line.....
<
<--
<Cary W. Shultz
<Roanoke, VA 24012
<"Robert Li [MSFT]" <v-robeli@xxxxxxxxxxxxxxxxxxxx> wrote in message
<news:TdP6c8S9HHA.428@xxxxxxxxxxxxxxxxxxxxxxxxx
<> Hello Cary,
<>
<> Thanks for posting in our newsgroup.
<>
<> From your description, I know that when you visit RWW, you get pop up for
<> username and password. You need to input the domain\username or username
<> many times to access the website. If that's not right, please don't
<> hesitate to let me know.
<>
<> Please let me know the following to make the situation more clearly:
<>
<> 1. Do all users or only the new created customers have such issue? Did
you
<> use the SBS Add user wizard to create new user?
<
<
<We inheirited this client and, like all the others, none of the user
account
<objects were created with with Add User wizard. They were all done the
<"normal" Windows Server 2003 way...
<
<
<> 2. Does the same issue occur visiting OWA?
<
<
<No, simply opening up IE and going to https://mail.mydomain.com/exchange
<takes me to the FBA logon page and I am able to enter the credentials only
<once and am then taken to that user's Inbox.....
<
<
<> 3. What important change did you made before the problem first occurred?
<
<
<I am not aware of any changes that were made before we noticed this error.
<My other colleague was on-site some two weeks ago (as they have one office
<in Richmond and one office in Salem...I am down the street from the Salem
<office and my colleague is about one hour away from the Richmond
office...I
<would have to ask him what, if any, changes were made). My colleague is
not
<really SBS2003-aware! It is kinda scary when I am the "expert" when it
<comes to SBS2003....
<
<
<> 4. Where did you visit RWW, please external or internal?
<
<
<I initially attempted it remotely (externally). I was able to remotely
<access the server (both via RDP and via the management software that we
put
<on all of the computers that we manage) and I was able to access the
single
<workstation in question - from the server - via RDP. I wanted to make
sure
<that this worked before trying RWW in this environment. Now, I did need
to
<enable Remote Desktop first and to add to the local Remote Desktop Users
<security group on the workstation in question. Once I did this I
<attempted - via https://mail.mydomain.com/remote - to access that specific
<workstation. I was not able to (but that was because Port 4125 was not
open
<on the Firewall. Once I changed this I was able to immediately access
that
<specific workstation). However, I found it odd that I was prompted twice
<(the pop-up) as well as entering credentials on the FBA logon page. Thus,
<this post!
<
<
<> 5. Do you have ISA installed?
<
<
<Nope, this is SBS2003 Standard and ISA was not installed after-the-fact.
<
<
<>
<> First, this is not normal behavior. When users navigate their browsers to
<> the Remote Web Workplace web site, they are first presented with a
<> forms-based authentication logon page, not pop up box. Users are required
<> to enter a valid domain user name and password. The page does not request
<> the domain name; during the authentication process, the existing SBS
<> domain
<> name will be forwarded with the user's log on credentials.
<>
<> Based on my research on this issue, please take the following steps to
<> narrow down this issue:
<>
<> Step 1: Please test on SBS server, can the problem be reproduced?
<
<
<Nope, when I am remoted into the server (either via RDP or our management
<software...I did both) when I enter https://servername/remote I am taken
to
<the RWW FBA logon page (without being prompted for credentials by the
<pop-up). I am able to enter the credentials on that FBA logon page and am
<brought to her dynamically genereated page (and, not prompted for
<credentials again). I can click on "read my e-mail" and am instantly
taken
<to her Inbox (which I naturally quickly close as I do not need to read
her
<e-mail) and I can click on "connect to computer at work" and am taken to
the
<correct screen (all without being prompted by the pop-up). Additionally,
I
<tried this using just http://servername/remote. Same results!
<
<
<>
<> Step 2: Please rerun the CEICW, this helps us to configure network and
IIS
<> setting correctly:
<
<
<I will do this in a bit....
<
<
<>
<> More info:
<>
<> 825763 How to configure Internet access in Windows Small Business Server
<> 2003
<> http://support.microsoft.com/?id=825763
<>
<> Step 3: The problem may be caused incorrect IIS setting, please check the
<> following:
<>
<> 1. Check Default Web Site setting under IIS
<> 1) Open Server Management console, go to Advanced Management\Internet
<> Information Services.
<> 2) Under Website, right click Default Website, select Properties
<> 3) In Virtual Directory tab, make sure it is using DefaultAppPool. Go
<> to
<> Directory Security tab, click Edit button, make sure that only Anonymous
<> and Integrated access are enabled.
<> The Default domain and Realm box are empty.
<
<
<Yep! That would be the settings that I see....
<
<
<>
<> 2. Check Virtual Server Remote setting
<>
<> 1) Open Server Management console, go to Advanced Management\Internet
<> Information Services.
<> 2) Under Web Sites\Default Web Sites\Remote, right click the Remote
<> directory, select Properties.
<> 3) In Virtual Directory tab, make sure it is using DefaultAppPool, go
<> to Directory Security tab, click Edit button, make sure that only
<> Anonymous
<> and Integrated access are enabled.
<> The Default domain and Realm box are empty.
<
<
<Yeppers! These are the settings that I see...
<
<
<> If the problem persist, please help me collect the following information
<> for further research:
<>
<> 1. Please create a test account for me, give me the url of RWW, username,
<> password and I need to test on my side.
<
<
<I have no problem doing this, Robert. But let's save this as a last
resort.
<
<
<> 2. Gather IIS log:
<>
<> 1) Open IIS snap-in.
<> 2) Right click Default Web Site and click Properties.
<> 3) Uncheck the "Enable Logging" box and click Apply.
<> 4) Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files
to
<> a backup location.
<> 5) Check "Enable Logging" box and click OK.
<> 6) Run IISReset command.
<> 7) Reproduce the problem and send the log file in
<> C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.
<
<
<Reproduced....log file to follow
<
<
<>
<> 3. Gather IIS Metabase:
<>
<> 1) Download the IIS Resource Kit tools from the following page:
<>
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
<> B628-ADE629C89499&displaylang=en
<> 2) Install it, run MBExplorer (Metabase Explorer)
<> 3) Right click the "LM" node and choose "Export to file".
<> 4) Specify a file name, specify the password and finish the export.
<> 5) Send the file and the password to v-robeli@xxxxxxxxxxxxx with subject:
<> 40416855-rww.
<
<
<Done...it is on its way...Thanks!
<
<
<>
<> I am looking forward to hear from you.
<>
<> If you need further assistance, please don't hesitate to let me know.
<>
<> Best regards,
<>
<> Robert Li(MSFT)
<>
<> Microsoft CSS Online Newsgroup Support
<>
<> Get Secure! - www.microsoft.com/security
<>
<> =====================================================
<>
<> This newsgroup only focuses on SBS technical issues. If you have issues
<> regarding other Microsoft products, you'd better post in the
corresponding
<> newsgroups so that they can be resolved in an efficient and timely
manner.
<> You can locate the newsgroup here:
<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> When opening a new thread via the web interface, we recommend you check
<> the
<> "Notify me of replies" box to receive e-mail notifications when there are
<> any updates in your thread. When responding to posts via your newsreader,
<> please "Reply to Group" so that others may learn and benefit from your
<> issue.
<>
<> Microsoft engineers can only focus on one issue per thread. Although we
<> provide other information for your reference, we recommend you post
<> different incidents in different threads to keep the thread clean. In
<> doing
<> so, it will ensure your issues are resolved in a timely manner.
<>
<> For urgent issues, you may want to contact Microsoft CSS directly. Please
<> check http://support.microsoft.com for regional support phone numbers.
<>
<> Any input or comments in this thread are highly appreciated.
<>
<> =====================================================
<>
<> This posting is provided "AS IS" with no warranties, and confers no
<> rights.
<>
<> --------------------
<> <Reply-To: "Cary Shultz" <cwshultz@xxxxxxxx>
<> <From: "Cary Shultz" <cwshultz@xxxxxxxx>
<> <Subject: RWW
<> <Date: Mon, 10 Sep 2007 15:08:53 -0400
<> <Lines: 29
<> <Organization: outsourceIT, Inc.
<> <X-Priority: 3
<> <X-MSMail-Priority: Normal
<> <X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<> <X-RFC2646: Format=Flowed; Original
<> <Message-ID: <OxI0c498HHA.4612@xxxxxxxxxxxxxxxxxxxx>
<> <Newsgroups: microsoft.public.windows.server.sbs
<> <NNTP-Posting-Host: ip24-254-181-132.rn.hr.cox.net 24.254.181.132
<> <Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
<> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:61997
<> <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> <
<> <Good afternoon!
<> <
<> <Taking a bit of a vacation for the next three days...not that anyone
<> cares!
<> <But, I thought that I would clear up a few things in my head.
<> <
<> <Regarding RWW (Remote Web Workplace) in SBS2003 Standard....I have it
set
<> up
<> <at a new customer and everything is working just swell. Well, I think!
<> It
<> <seems that users are asked for credentials too many times. Maybe it is
<> how
<> <things are set up on the /remote folder in IIS...
<> <
<> <Anyway, the user enters http://mail.mydomain.com/remote and the first
<> pop-up
<> <appears (the usual pop up when basic authentication is
<> configured....title
<> <bar indicates 'connecting to mail.mydomain.com'). We enter the
<> credentials
<> <in the domainname\username format and then the password. We are then
<> <brought to the web page where we enter user name (without the domain
<> name)
<> <and password and hit enter and then that popup windows appears again
<> <('connecting to mail.mydomain.com'...domainname\user name and then
<> <password). Once we enter the user name and password (again...) we come
<> to
<> <the page with the links.
<> <
<> <Is this *normal*?
<> <
<> <Thanks,
<> <
<> <--
<> <Cary W. Shultz
<> <Roanoke, VA 24012
<> <
<> <
<> <
<>
<
<
<

.