|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Strange issue with Integrated authentication and 3G(I am hoping for some inspiration here) We have a problem which has appeared in the past few weeks where our laptop users remotely connect with XP SP1 and SP2 laptops to Windows 2003 SP1 AD network using Cisco VPN client. Transport is one of: 1) modem PSTN connection 2) broadband connection 3) Vodaphone 3G datacard connection. They connect to Cisco VPN before logging onto Windows so the Windows login process completes cleanly and scripts run etc...They then launch IE which has our https intranet page as home page and which is configured to use integrated authentication (hosted on IIS 6 + Windows server 2003 SP1). HERE is the problem - when the connection is made over 1) or 2) then the integrated authentication works correctly but when 3) is used then the user is prompted for credentials which must be entered in the format domain\username + password before the page is displayed. We have tried security auditing on DC, IIS server and on laptop but only get success and failures for logons when correct / incorrect credentials are entered at the pop-up box after integrated authentication has failed. Anyone got any ideas how I could get to the bottom of this? Why would it be different with a 3G card - it does not make sense? any IIS log files or traces I could run (I have tried packet sniffing with Ethereal but can't see unencrypted VPN traffic) Thx, S Hi,
Have you checked this KB article yet to verify that all the conditions for an IE auto-logon attempt are in place? http://support.microsoft.com/?id=258063 Cheers Ken Show quoteHide quote "Sunny" <sunnyb***@gmail.com> wrote in message news:1145999598.376696.15860@i39g2000cwa.googlegroups.com... > Hi All, > > (I am hoping for some inspiration here) > > We have a problem which has appeared in the past few weeks where our > laptop users remotely connect with XP SP1 and SP2 laptops to Windows > 2003 SP1 AD network using Cisco VPN client. Transport is one of: > > 1) modem PSTN connection > 2) broadband connection > 3) Vodaphone 3G datacard connection. > > They connect to Cisco VPN before logging onto Windows so the Windows > login process completes cleanly and scripts run etc...They then launch > IE which has our https intranet page as home page and which is > configured to use integrated authentication (hosted on IIS 6 + Windows > server 2003 SP1). HERE is the problem - when the connection is made > over 1) or 2) then the integrated authentication works correctly but > when 3) is used then the user is prompted for credentials which must be > entered in the format domain\username + password before the page is > displayed. > > We have tried security auditing on DC, IIS server and on laptop but > only get success and failures for logons when correct / incorrect > credentials are entered at the pop-up box after integrated > authentication has failed. > > Anyone got any ideas how I could get to the bottom of this? Why would > it be different with a 3G card - it does not make sense? any IIS log > files or traces I could run (I have tried packet sniffing with Ethereal > but can't see unencrypted VPN traffic) > > Thx, S > Thanks Ken -
The article has helped me to solve the issue. Basically the 3G connection was not resolving the Intranet address to local Intranet zone and this is because we had different by-pass proxy settings on the 3G connection in IE. Thanks again for the pointer Ken Schaefer wrote: Show quoteHide quote > Hi, > > Have you checked this KB article yet to verify that all the conditions for > an IE auto-logon attempt are in place? > http://support.microsoft.com/?id=258063 > > Cheers > Ken > > "Sunny" <sunnyb***@gmail.com> wrote in message > news:1145999598.376696.15860@i39g2000cwa.googlegroups.com... > > Hi All, > > > > (I am hoping for some inspiration here) > > > > We have a problem which has appeared in the past few weeks where our > > laptop users remotely connect with XP SP1 and SP2 laptops to Windows > > 2003 SP1 AD network using Cisco VPN client. Transport is one of: > > > > 1) modem PSTN connection > > 2) broadband connection > > 3) Vodaphone 3G datacard connection. > > > > They connect to Cisco VPN before logging onto Windows so the Windows > > login process completes cleanly and scripts run etc...They then launch > > IE which has our https intranet page as home page and which is > > configured to use integrated authentication (hosted on IIS 6 + Windows > > server 2003 SP1). HERE is the problem - when the connection is made > > over 1) or 2) then the integrated authentication works correctly but > > when 3) is used then the user is prompted for credentials which must be > > entered in the format domain\username + password before the page is > > displayed. > > > > We have tried security auditing on DC, IIS server and on laptop but > > only get success and failures for logons when correct / incorrect > > credentials are entered at the pop-up box after integrated > > authentication has failed. > > > > Anyone got any ideas how I could get to the bottom of this? Why would > > it be different with a 3G card - it does not make sense? any IIS log > > files or traces I could run (I have tried packet sniffing with Ethereal > > but can't see unencrypted VPN traffic) > > > > Thx, S > > 
Other interesting topics
Certificates on .local domain
Problem Configure my Web Site to Use SSL New Virus or Something default scripts and manuals IIS auth. problem with 2003 SP1 Access denied logging to event log on Windows Server 2003 Integrated windows authentication problems IE prompts for username password when saving excel file opened in Active Directory check with login details on DB integrated authentication only work when I use ip address |
|||||||||||||||||||||||
