Re: RWW

Robert,

I have replied to your e-mail....

Basically, the only difference is the NTFS permissions on the
c:\inetpub\remote folder is that 1) they were not inherited (makes
sense...someone modified them before we took over) and 2) the 'Interactive'
account was there (with 'special' permissions).

I e-mailed you the URL so that you can see what I see (the initial
pop-up...).

I am not sure that I understand how this would be a user setting as - when
attempting to connect remotely - there is no "user" involved until we get to
that FBA logon page. I am getting the pop-up directly after I enter the
URL....then I enter the credentials and I am brought to the FBA logon page
(where I normally would enter credentials for the first and only time) but
then I am asked for credentials again (via that pop-up).

This would indicate to me that it is a permissions issue somewhere up or
down the line.

Cary

--
Cary W. Shultz
Roanoke, VA 24012
"Robert Li [MSFT]" <v-robeli@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:GbBNG7s9HHA.6140@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Cary,

Thanks for your reply.

In fact the metabase need password only when restore to local server. When
I research the metabase in IIS Metabase Exporer, a password prompt will
appear, I click Skip and the metabase will open automatically.

The problem may be caused by corrupt Remote virtual directory, please
delete and then recreate this directory as the following steps:

1. Go to IIS and expand servername -> Web Sites -> Default Web Site. Right
click Remote and select All Tasks\Save Configuration to a File. Input the
file and delete the Remote Virtual Directory.

2. Right-click on Default Web Site in IIS, choose New -> Virtual
Directory.

3. In the Alias field, type in Remote and click Next.

4. In the path box, browse to C:\Inetpub\Remote.

5. Click Next through the wizard, the default permissions are the default
for Remote.

6. Once it is completed, right-click on Remote and select Properties.

7. On the Virtual Drictory tab, Click Create. Now the Application name
becomes to Remote. Change Execute Permission to Script only, Application
pool: Default ApplicationPool.

8. Click on the Directory Security tab, click Edit for "Authentication
and access control". Check "Integrated Windows authentication" and "Enable
anonymous access", click OK.

9 .Click Edit under Secure Communications, select Requre Secure Channel
(SSL).

If the problem persists, please zip C:\Inetpub\Remote folder and send to
me. Also let me know your internal Domain name.

Also I notice your certificate is issue to mail.domain.com, by you visit
RWW via https://mail.va.domain.com/remote. The Public Domain name here are
not same, this will cause a certificate warning. To resolve this, you need
to rerun the CEICW wizard.

Please rerun the CEICW, this helps us to cofigure network successfully:

1. Click Start, click Server Management. Click To Do List and then click
"Connect to the Internet". Click Next, and go through the Internet option.
2. Select Enable firewall and click Next.
3. On the Web Services Configuration page shows, make sure Remote Work
Webplace is selected. Click Next.
Note: You can select other items according to your needs, for example:
Outlook Web Access, Business Website (wwwroot) and so on.
4. On the Web Server Certificate page shows. Select "Create a new Web
server certificate", and type your FQDN (mail.va.domain.com) in the "Web
server name" text box. Click Next.

5. Go through the steps to finish the wizard.

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Hope this helps.

I am looking forward to hear from you.

If you need further assistance, please don't hesitate to let me know.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
<X-Tomcat-ID: 212031808
<References: <OxI0c498HHA.4612@xxxxxxxxxxxxxxxxxxxx>
<TdP6c8S9HHA.428@xxxxxxxxxxxxxxxxxxxxxx>
<#N7iw0U9HHA.4712@xxxxxxxxxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain
<Content-Transfer-Encoding: 7bit
<From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
<Organization: Microsoft
<Date: Thu, 13 Sep 2007 13:25:08 GMT
<Subject: Re: RWW
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<Message-ID: <PHOLCmg9HHA.428@xxxxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<Lines: 379
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:62680
<NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
<
<Hi Cary,
<
<Thanks for your reply.
<
<Based on my research on the logs, the settings for Default Website and
<Remote virtual directories are exactly the same as mine machine. Please
<take the following steps to see if the problem can be resolved.
<
<Step 1: Please check C:\Inetpub\Remote NTFS permission.
<
<Administrators - Full control
<Users(Domain Users) - Read and execute, List folder contents, Read,
Special
<permissions
<Creator Owner - Special permissions
<NETWork -List folder contents, Special permissions
<System - Full control
<
<Step 2: Please create a new user by running the add user wizard, then
test
<with new user again.
<
<1. Open Server Management and then go to User node.
<2. Click Add a User and then click Next.
<3. Input Username and then click Next.
<4. Input Password and then click Next.
<5. Select a User Temp and then click Next.
<6. Click Finish.
<
<If the new user works, this is related to the user permission. Please run
<the change user permission wizard.
<
<Note: Suppose this user is domain user.
<
<1. Open Server Management and click Users.
<2. Click Change User Permission and then click Next.
<3. Click User Template and Replace any previous permissions granted to
the
<users. Click Next.
<4. Click problematic user account, click Add,
<5. Click Next and then click Finish.
<
<If the problem persists, please help me collect the following information
<for further research:
<
<1. Zip C:\Inetpub\Remote folder and send to me.
<2. Visit from both internal or on SBS server, will the problem be
<reproduced?
<
<I am looking forward to hear from you.
<
<If you need further assistance, please don't hesitate to let me know.
<
<Best regards,
<
<Robert Li(MSFT)
<
<Microsoft CSS Online Newsgroup Support
<
<Get Secure! - www.microsoft.com/security
<
<=====================================================
<
<This newsgroup only focuses on SBS technical issues. If you have issues
<regarding other Microsoft products, you'd better post in the
corresponding
<newsgroups so that they can be resolved in an efficient and timely
manner.
<You can locate the newsgroup here:
<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<
<When opening a new thread via the web interface, we recommend you check
the
<"Notify me of replies" box to receive e-mail notifications when there are
<any updates in your thread. When responding to posts via your newsreader,
<please "Reply to Group" so that others may learn and benefit from your
<issue.
<
<Microsoft engineers can only focus on one issue per thread. Although we
<provide other information for your reference, we recommend you post
<different incidents in different threads to keep the thread clean. In
doing
<so, it will ensure your issues are resolved in a timely manner.
<
<For urgent issues, you may want to contact Microsoft CSS directly. Please
<check http://support.microsoft.com for regional support phone numbers.
<
<Any input or comments in this thread are highly appreciated.
<
<=====================================================
<
<This posting is provided "AS IS" with no warranties, and confers no
rights.
<
<--------------------
<<Reply-To: "Cary Shultz" <cwshultz@xxxxxxxx>
<<From: "Cary Shultz" <cwshultz@xxxxxxxx>
<<References: <OxI0c498HHA.4612@xxxxxxxxxxxxxxxxxxxx>
<<TdP6c8S9HHA.428@xxxxxxxxxxxxxxxxxxxxxx>
<<Subject: Re: RWW
<<Date: Wed, 12 Sep 2007 10:56:28 -0400
<<Lines: 296
<<Organization: outsourceIT, Inc.
<<X-Priority: 3
<<X-MSMail-Priority: Normal
<<X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<<X-RFC2646: Format=Flowed; Original
<<Message-ID: <#N7iw0U9HHA.4712@xxxxxxxxxxxxxxxxxxxx>
<<Newsgroups: microsoft.public.windows.server.sbs
<<NNTP-Posting-Host: ip24-254-181-132.rn.hr.cox.net 24.254.181.132
<<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
<<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:62453
<<X-Tomcat-NG: microsoft.public.windows.server.sbs
<<
<<Robert,
<<
<<in-line.....
<<
<<--
<<Cary W. Shultz
<<Roanoke, VA 24012
<<"Robert Li [MSFT]" <v-robeli@xxxxxxxxxxxxxxxxxxxx> wrote in message
<<news:TdP6c8S9HHA.428@xxxxxxxxxxxxxxxxxxxxxxxxx
<<> Hello Cary,
<<>
<<> Thanks for posting in our newsgroup.
<<>
<<> From your description, I know that when you visit RWW, you get pop up
for
<<> username and password. You need to input the domain\username or
username
<<> many times to access the website. If that's not right, please don't
<<> hesitate to let me know.
<<>
<<> Please let me know the following to make the situation more clearly:
<<>
<<> 1. Do all users or only the new created customers have such issue? Did
<you
<<> use the SBS Add user wizard to create new user?
<<
<<
<<We inheirited this client and, like all the others, none of the user
<account
<<objects were created with with Add User wizard. They were all done the
<<"normal" Windows Server 2003 way...
<<
<<
<<> 2. Does the same issue occur visiting OWA?
<<
<<
<<No, simply opening up IE and going to https://mail.mydomain.com/exchange
<<takes me to the FBA logon page and I am able to enter the credentials
only
<<once and am then taken to that user's Inbox.....
<<
<<
<<> 3. What important change did you made before the problem first
occurred?
<<
<<
<<I am not aware of any changes that were made before we noticed this
error.
<<My other colleague was on-site some two weeks ago (as they have one
office
<<in Richmond and one office in Salem...I am down the street from the
Salem
<<office and my colleague is about one hour away from the Richmond
<office...I
<<would have to ask him what, if any, changes were made). My colleague is
<not
<<really SBS2003-aware! It is kinda scary when I am the "expert" when it
<<comes to SBS2003....
<<
<<
<<> 4. Where did you visit RWW, please external or internal?
<<
<<
<<I initially attempted it remotely (externally). I was able to remotely
<<access the server (both via RDP and via the management software that we
<put
<<on all of the computers that we manage) and I was able to access the
<single
<<workstation in question - from the server - via RDP. I wanted to make
<sure
<<that this worked before trying RWW in this environment. Now, I did need
<to
<<enable Remote Desktop first and to add to the local Remote Desktop Users
<<security group on the workstation in question. Once I did this I
<<attempted - via https://mail.mydomain.com/remote - to access that
specific
<<workstation. I was not able to (but that was because Port 4125 was not
<open
<<on the Firewall. Once I changed this I was able to immediately access
<that
<<specific workstation). However, I found it odd that I was prompted
twice
<<(the pop-up) as well as entering credentials on the FBA logon page.
Thus,
<<this post!
<<
<<
<<> 5. Do you have ISA installed?
<<
<<
<<Nope, this is SBS2003 Standard and ISA was not installed after-the-fact.
<<
<<
<<>
<<> First, this is not normal behavior. When users navigate their browsers
to
<<> the Remote Web Workplace web site, they are first presented with a
<<> forms-based authentication logon page, not pop up box. Users are
required
<<> to enter a valid domain user name and password. The page does not
request
<<> the domain name; during the authentication process, the existing SBS
<<> domain
<<> name will be forwarded with the user's log on credentials.
<<>
<<> Based on my research on this issue, please take the following steps to
<<> narrow down this issue:
<<>
<<> Step 1: Please test on SBS server, can the problem be reproduced?
<<
<<
<<Nope, when I am remoted into the server (either via RDP or our
management
<<software...I did both) when I enter https://servername/remote I am taken
<to
<<the RWW FBA logon page (without being prompted for credentials by the
<<pop-up). I am able to enter the credentials on that FBA logon page and
am
<<brought to her dynamically genereated page (and, not prompted for
<<credentials again). I can click on "read my e-mail" and am instantly
<taken
<<to her Inbox (which I naturally quickly close as I do not need to read
<her
<<e-mail) and I can click on "connect to computer at work" and am taken to
<the
<<correct screen (all without being prompted by the pop-up).
Additionally,
<I
<<tried this using just http://servername/remote. Same results!
<<
<<
<<>
<<> Step 2: Please rerun the CEICW, this helps us to configure network and
<IIS
<<> setting correctly:
<<
<<
<<I will do this in a bit....
<<
<<
<<>
<<> More info:
<<>
<<> 825763 How to configure Internet access in Windows Small Business
Server
<<> 2003
<<> http://support.microsoft.com/?id=825763
<<>
<<> Step 3: The problem may be caused incorrect IIS setting, please check
the
<<> following:
<<>
<<> 1. Check Default Web Site setting under IIS
<<> 1) Open Server Management console, go to Advanced
Management\Internet
<<> Information Services.
<<> 2) Under Website, right click Default Website, select Properties
<<> 3) In Virtual Directory tab, make sure it is using DefaultAppPool.
Go
<<> to
<<> Directory Security tab, click Edit button, make sure that only
Anonymous
<<> and Integrated access are enabled.
<<> The Default domain and Realm box are empty.
<<
<<
<<Yep! That would be the settings that I see....
<<
<<
<<>
<<> 2. Check Virtual Server Remote setting
<<>
<<> 1) Open Server Management console, go to Advanced
Management\Internet
<<> Information Services.
<<> 2) Under Web Sites\Default Web Sites\Remote, right click the
Remote
<<> directory, select Properties.
<<> 3) In Virtual Directory tab, make sure it is using DefaultAppPool,
go
<<> to Directory Security tab, click Edit button, make sure that only
<<> Anonymous
<<> and Integrated access are enabled.
<<> The Default domain and Realm box are empty.
<<
<<
<<Yeppers! These are the settings that I see...
<<
<<
<<> If the problem persist, please help me collect the following
information
<<> for further research:
<<>
<<> 1. Please create a test account for me, give me the url of RWW,
username,
<<> password and I need to test on my side.
<<
<<
<<I have no problem doing this, Robert. But let's save this as a last
<resort.
<<
<<
<<> 2. Gather IIS log:
<<>
<<> 1) Open IIS snap-in.
<<> 2) Right click Default Web Site and click Properties.
<<> 3) Uncheck the "Enable Logging" box and click Apply.
<<> 4) Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all
files
<to
<<> a backup location.
<<> 5) Check "Enable Logging" box and click OK.
<<> 6) Run IISReset command.
<<> 7) Reproduce the problem and send the log file in
<<> C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.
<<
<<
<<Reproduced....log file to follow
<<
<<
<<>
<<> 3. Gather IIS Metabase:
<<>
<<> 1) Download the IIS Resource Kit tools from the following page:
<<>
<http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73
-
<<> B628-ADE629C89499&displaylang=en
<<> 2) Install it, run MBExplorer (Metabase Explorer)
<<> 3) Right click the "LM" node and choose "Export to file".
<<> 4) Specify a file name, specify the password and finish the export.
<<> 5) Send the file and the password to v-robeli@xxxxxxxxxxxxx with
subject:
<<> 40416855-rww.
<<
<<
<<Done...it is on its way...Thanks!
<<
<<
<<>
<<> I am looking forward to hear from you.
<<>
<<> If you need further assistance, please don't hesitate to let me know.
<<>
<<> Best regards,
<<>
<<> Robert Li(MSFT)
<<>
<<> Microsoft CSS Online Newsgroup Support
<<>
<<> Get Secure! - www.microsoft.com/security
<<>
<<> =====================================================
<<>
<<> This newsgroup only focuses on SBS technical issues. If you have
issues
<<> regarding other Microsoft products, you'd better post in the
<corresponding
<<> newsgroups so that they can be resolved in an efficient and timely
<manner.
<<> You can locate the newsgroup here:
<<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<<>
<<> When opening a new thread via the web interface, we recommend you
check
<<> the
<<> "Notify me of replies" box to receive e-mail notifications when there
are
<<> any updates in your thread. When responding to posts via your
newsreader,
<<> please "Reply to Group" so that others may learn and benefit from your
<<> issue.
<<>
<<> Microsoft engineers can only focus on one issue per thread. Although
we
<<> provide other information for your reference, we recommend you post
<<> different incidents in different threads to keep the thread clean. In
<<> doing
<<> so, it will ensure your issues are resolved in a timely manner.
<<>
<<> For urgent issues, you may want to contact Microsoft CSS directly.
Please
<<> check http://support.microsoft.com for regional support phone numbers.
<<>
<<> Any input or comments in this thread are highly appreciated.
<<>
<<> =====================================================
<<>
<<> This posting is provided "AS IS" with no warranties, and confers no
<<> rights.
<<>
<<> --------------------
<<> <Reply-To: "Cary Shultz" <cwshultz@xxxxxxxx>
<<> <From: "Cary Shultz" <cwshultz@xxxxxxxx>
<<> <Subject: RWW
<<> <Date: Mon, 10 Sep 2007 15:08:53 -0400
<<> <Lines: 29
<<> <Organization: outsourceIT, Inc.
<<> <X-Priority: 3
<<> <X-MSMail-Priority: Normal
<<> <X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<<> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<<> <X-RFC2646: Format=Flowed; Original
<<> <Message-ID: <OxI0c498HHA.4612@xxxxxxxxxxxxxxxxxxxx>
<<> <Newsgroups: microsoft.public.windows.server.sbs
<<> <NNTP-Posting-Host: ip24-254-181-132.rn.hr.cox.net 24.254.181.132
<<> <Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
<<> <Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.sbs:61997
<<> <X-Tomcat-NG: microsoft.public.windows.server.sbs
<<> <
<<> <Good afternoon!
<<> <
<<> <Taking a bit of a vacation for the next three days...not that anyone
<<> cares!
<<> <But, I thought that I would clear up a few things in my head.
<<> <
<<> <Regarding RWW (Remote Web Workplace) in SBS2003 Standard....I have it
<set
<<> up
<<> <at a new customer and everything is working just swell. Well, I
think!
<<> It
<<> <seems that users are asked for credentials too many times. Maybe it
is
<<> how
<<> <things are set up on the /remote folder in IIS...
<<> <
<<> <Anyway, the user enters http://mail.mydomain.com/remote and the first
<<> pop-up
<<> <appears (the usual pop up when basic authentication is
<<> configured....title
<<> <bar indicates 'connecting to mail.mydomain.com'). We enter the
<<> credentials
<<> <in the domainname\username format and then the password. We are then
<<> <brought to the web page where we enter user name (without the domain
<<> name)
<<> <and password and hit enter and then that popup windows appears again
<<> <('connecting to mail.mydomain.com'...domainname\user name and then
<<> <password). Once we enter the user name and password (again...) we
come
<<> to
<<> <the page with the links.
<<> <
<<> <Is this *normal*?
<<> <
<<> <Thanks,
<<> <
<<> <--
<<> <Cary W. Shultz
<<> <Roanoke, VA 24012
<<> <
<<> <
<<> <
<<>
<<
<<
<<
<
<



.