Re: [ActiveDir] authentication problem

Mon, 28 Nov 2005 19:44:17 -0800

Should be error messages in your IIS log files though and if you have a system state backup from before the changes that would have those [or should have those] old AD values?
When if fails to log in what's the resulting error code? 401.1? Something like that? 


Also I've seen permiission changes to web sites, .NET framework will 
screw things up and start asking for passwords.  Did he mess with any of 
the accounts that the aspnet and CRM services are running in?  So 
exactly what was he doing again?


Google Groups : microsoft.public.crm:
http://groups.google.com/group/microsoft.public.crm/tree/browse_frm/thread/e780a75e03330399/21602ba7ff5148b1?rnum=1&q=prompted+by+username+crm&_done=%2Fgroup%2Fmicrosoft.public.crm%2Fbrowse_frm%2Fthread%2Fe780a75e03330399%2Ff4c11fb795df5768%3Flnk%3Dst%26q%3Dprompted+by+username+crm%26rnum%3D1%26#doc_f4c11fb795df5768

I'd look at some of these threads.

And on the off chance... try this too and see if this value is checked....
In IE, go to Tools menu >> Internet Options >> Advanced and
scroll down through the list until you see the Enable Integrated Windows
Authentication option near the bottom of the list.  Uncheck this value.

And check the security level for IE...put the web sites in the trusted zone.




Remember you can always call Microsoft product support.  Try the 
appropriate group or community, but if you need something working and in 
a hurry, and newsgroups are not cutting it, I grab the credit card and 
I'll call product support if I need things working.


Katrin Wilhelm wrote:

It's CRM 1.2 as far I know he didn't change anything in IIS and I do not
get any error messages in regards to this. My feeling tells me that it
must be the Service principal names with which he was working on are the
reasons for the problem. As I never done any work with it I have no idea
where to start looking. So far used setspn -R to reset the host SPN and
added with setspn -A the HOST SPN to the user accounts which earlier
created an event ID 11 (KDC) on DC's. Not sure where to go from here.

Regards,

Katrin Wilhelm (MCSA)
CVGT Employment & Training Specialists
Australia
E-mail: [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, 29 November 2005 2:02 PM
To: [email protected]
Subject: Re: [ActiveDir] authentication problem

What are the errors you are getting in the error logs? IIS access logs?

CRM 1.2 or 3.0? {I'm assuming 1.2 since 3.0 is just out}


CRM uses integrated authentication on that web app if memory serves me 
right...given that its both your CRM and your intranet what IIS changes 
did he/she make? I think it's supposed to be set for basic and 
integrated security enabled, but I know enough about CRM to be 
dangerous.... there are CRM yahoogroups and newsgroups that I'd head off


to if you don't hear from here.

Katrin Wilhelm wrote:

  

Hello,


I got a weird problem on a member server (2003) running MS CRM, SQL 
and our intranet.



Every time you are accessing the intranet or the CRM site you get a 
pop up window for identification. It then does not accept any user 
name and password. Everything worked fine until last week and I am not
    



  

sure what has changed. I believe the other admin used adsiedit to 
change SPN for 'host as it was registered to several user accounts. I 
found a work around that way that I allowed anonyms access and granted
    



  

the everyone group read access but do not want to leave it like this. 
Does anybody know how I can fix this? I have no idea about SPN and had
    



  

a look around but I am stuck an my CRM is not working as the access is

    



  

not granted. Any suggestions?

Thanks for this.

*Katrin Wilhelm **(MCSA)
*CVGT Employment & Training Specialists
Australia
E-mail:_ [EMAIL PROTECTED]

_Confidentiality:_


The contents contain privileged and/or confidential information 
intended for the named recipient of this email.



CVGT does not warrant that the contents of any electronically 
transmitted information will remain confidential.



If the reader of this email is not the intended recipient you are 
hereby notified that any use, reproduction, disclosure or distribution
    



  

of the information contained in the email is prohibited.

If you receive this email in error, please reply to us immediately and

    



  

delete the document.

_Viruses:_


It is the recipient/client's duties to virus scan and otherwise test 
the information provided before loading onto any computer system.



No warranty is made that this material is free from computer virus or 
any other defect or error.



Any loss/damage incurred by using this material is not the sender's 
responsibility. CVGT's entire liability will be limited to resupplying
    



  

the material.


Please contact us at www.cvgt.com.au <http://www.cvgt.com.au> for 
further information regarding this disclaimer.



    



  


--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/






















					Reply via email to