Companyweb: users prompted for credentials [Small Business Server]

Prev: Branch Office Setup
Next: Can't get on Internet...

From: Roland Hall on 19 Apr 2010 16:02

because using the DNS didn't resolve the problem. The HOSTS file was the
only way to allow for the connection. Doesn't make any sense to me but it
works. If that were the issue, then no clients could connect and one can.

I just noticed today the one that can connect is XP SP2, all the others are
SP3. This doesn't help the terminal server 2008 connection but might give
some insight into the XP clients.

"Russ SBITS.Biz [SBS-MVP]" wrote:

> Instead of using a Hosts file why aren't you using the DNS on the SBS to set
> things up?
> (IMO Hosts Files on PC's just creates an administrative nightmare.)
>
> Russ
>
> --
> Russell Grover - SBITS.Biz [SBS-MVP]
> MCP, MCPS, MCNPS, SBSC
> Small Business Server/Computer Support - www.SBITS.Biz
> Question or Second Opinion - www.PersonalITConsultant.com
> BPOS - Microsoft Online Services - www.Microsoft-Online-Services.com
> http://www.twitter.com/SBITSdotBiz

From: Roland Hall on 19 Apr 2010 18:40

Also, I'm only using the HOSTS file to put in an external address for the
public FQDN. If I don't do it that way, the RDP client cannot connect to the
terminal server. It's NOT the same server and it makes no sense but it does
work. The one client that can connect to the SBS sever (http://companyweb/)
also has this entry in it's HOSTS file. I doubt these are related.

I've been networking for decades and started originally with Sun and this
makes no sense. It also doesn't make sense why MSFT would put in a forward
lookup zone for the SBS server using the public FQDN. However, I think we're
getting off topic.

I can ping the FQDN for companyweb and it returns the SBS server address.

I ran a sniffer and see initially I'm getting a HTTP/1.1 401 unauthorized.
It then tries a Kerberos connection and I get this returned: KRB Error:
KRB5KRB_AP_ERR_MODIFIED

Looking that up, I found this document and I am going through it now to see
if it will be of any help.

http://blogs.technet.com/askds/archive/2008/06/11/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx

"Roland Hall" wrote:

> because using the DNS didn't resolve the problem. The HOSTS file was the
> only way to allow for the connection. Doesn't make any sense to me but it
> works. If that were the issue, then no clients could connect and one can.
>
> I just noticed today the one that can connect is XP SP2, all the others are
> SP3. This doesn't help the terminal server 2008 connection but might give
> some insight into the XP clients.
>
>
> "Russ SBITS.Biz [SBS-MVP]" wrote:
>
> > Instead of using a Hosts file why aren't you using the DNS on the SBS to set
> > things up?
> > (IMO Hosts Files on PC's just creates an administrative nightmare.)
> >
> > Russ
> >
> > --
> > Russell Grover - SBITS.Biz [SBS-MVP]
> > MCP, MCPS, MCNPS, SBSC
> > Small Business Server/Computer Support - www.SBITS.Biz
> > Question or Second Opinion - www.PersonalITConsultant.com
> > BPOS - Microsoft Online Services - www.Microsoft-Online-Services.com
> > http://www.twitter.com/SBITSdotBiz
>

From: Roland Hall on 19 Apr 2010 18:41

From: Roland Hall on 20 Apr 2010 10:55

That document did not help, or I don't think it was much help because it
reflects on this fact that two systems have the same name or both are being
called and the wrong one is responding, thus, access denied.

I ran method one and two. One was not documented very well and a bit
overwhelming to what I was actually looking for. Two returned the values for
the SBS server but the entries were duplicated, one for the NetBIOS name of
the server and one for DNS name of the server (server.domain.local). Since I
can ping the server with either name, I doubt that is the issue. It really
isn't that clear.

I know these forums are not MSFT supported unless I use my partnership
address but I'd hate to have to restart this to just to get some responses.
It appears I am now just talking to myself.

"Roland Hall" wrote:

> I ran a sniffer and see initially I'm getting a HTTP/1.1 401 unauthorized.
> It then tries a Kerberos connection and I get this returned: KRB Error:
> KRB5KRB_AP_ERR_MODIFIED
>
> Looking that up, I found this document and I am going through it now to see
> if it will be of any help.
>
> http://blogs.technet.com/askds/archive/2008/06/11/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx
>
>
> "Roland Hall" wrote:
>
> > because using the DNS didn't resolve the problem. The HOSTS file was the
> > only way to allow for the connection. Doesn't make any sense to me but it
> > works. If that were the issue, then no clients could connect and one can.
> >
> > I just noticed today the one that can connect is XP SP2, all the others are
> > SP3. This doesn't help the terminal server 2008 connection but might give
> > some insight into the XP clients.
> >
> >
> > "Russ SBITS.Biz [SBS-MVP]" wrote:
> >
> > > Instead of using a Hosts file why aren't you using the DNS on the SBS to set
> > > things up?
> > > (IMO Hosts Files on PC's just creates an administrative nightmare.)
> > >
> > > Russ
>

From: Russ SBITS.Biz [SBS-MVP] on 20 Apr 2010 23:58

Are you using the wizards to configure network settings?
Russ

--
Russell Grover - SBITS.Biz [SBS-MVP]
MCP, MCPS, MCNPS, SBSC
Small Business Server/Computer Support - www.SBITS.Biz
Question or Second Opinion - www.PersonalITConsultant.com
BPOS - Microsoft Online Services - www.BPOSMadeEasy.com
http://www.twitter.com/SBITSdotBiz

"Roland Hall" <RolandHall(a)discussions.microsoft.com> wrote in message
news:38D9272C-7268-49C4-9F49-84F2D0698FB9(a)microsoft.com...
> That document did not help, or I don't think it was much help because it
> reflects on this fact that two systems have the same name or both are
> being
> called and the wrong one is responding, thus, access denied.
>
> I ran method one and two. One was not documented very well and a bit
> overwhelming to what I was actually looking for. Two returned the values
> for
> the SBS server but the entries were duplicated, one for the NetBIOS name
> of
> the server and one for DNS name of the server (server.domain.local).
> Since I
> can ping the server with either name, I doubt that is the issue. It
> really
> isn't that clear.
>
> I know these forums are not MSFT supported unless I use my partnership
> address but I'd hate to have to restart this to just to get some
> responses.
> It appears I am now just talking to myself.
>
> "Roland Hall" wrote:
>
>> I ran a sniffer and see initially I'm getting a HTTP/1.1 401
>> unauthorized.
>> It then tries a Kerberos connection and I get this returned: KRB Error:
>> KRB5KRB_AP_ERR_MODIFIED
>>
>> Looking that up, I found this document and I am going through it now to
>> see
>> if it will be of any help.
>>
>> http://blogs.technet.com/askds/archive/2008/06/11/kerberos-authentication-problems-service-principal-name-spn-issues-part-3.aspx
>>
>>
>> "Roland Hall" wrote:
>>
>> > because using the DNS didn't resolve the problem. The HOSTS file was
>> > the
>> > only way to allow for the connection. Doesn't make any sense to me but
>> > it
>> > works. If that were the issue, then no clients could connect and one
>> > can.
>> >
>> > I just noticed today the one that can connect is XP SP2, all the others
>> > are
>> > SP3. This doesn't help the terminal server 2008 connection but might
>> > give
>> > some insight into the XP clients.
>> >
>> >
>> > "Russ SBITS.Biz [SBS-MVP]" wrote:
>> >
>> > > Instead of using a Hosts file why aren't you using the DNS on the SBS
>> > > to set
>> > > things up?
>> > > (IMO Hosts Files on PC's just creates an administrative nightmare.)
>> > >
>> > > Russ
>>

First | Prev | Next | Last
Pages: 1 2 3
Prev: Branch Office Setup
Next: Can't get on Internet...