Error Validating Web Components Server Functionality

All replies

• 

  

  0

  Sign in to vote

  What happens when you go to that URL in your browser?

   

  Did you already apply a certificate to the default website in IIS?

  I believe there's something about that in the admin guide.

   

  Tuesday, October 23, 2007 7:36 PM
• 

  

  0

  Sign in to vote

  Yes the cert is applied and working properly.

   

  When I manually put the URL in a browser it prompts me for credentials (nothing I put it works), then gives me the same HTTP Error 401.1. The default site loads fine, it's at GroupExpansion where it starts giving that error. GroupExpansion is set for Integrated Windows Authentication only. The perms on GroupExpansion has RTC Component Local Group set to read. If I set GroupExpansion to allow Anonymous, it works fine. Can someone verify the perms on their GroupExpansion folder?

   

  Either way I think it is something deeper than just permissions because of the Kerberos error I'm getting. It seems like the DC can't translate the SPN's for some reason. Should I have registered those SPN's on the OCS server or on my DC?

   

  -Seth

   

  Tuesday, October 23, 2007 8:42 PM
• 

  

  0

  Sign in to vote

  Seth Scardefield wrote:

  Yes the cert is applied and working properly.   When I manually put the URL in a browser it prompts me for credentials (nothing I put it works), then gives me the same HTTP Error 401.1. The default site loads fine, it's at GroupExpansion where it starts giving that error. GroupExpansion is set for Integrated Windows Authentication only. The perms on GroupExpansion has RTC Component Local Group set to read. If I set GroupExpansion to allow Anonymous, it works fine. Can someone verify the perms on their GroupExpansion folder?   Either way I think it is something deeper than just permissions because of the Kerberos error I'm getting. It seems like the DC can't translate the SPN's for some reason. Should I have registered those SPN's on the OCS server or on my DC?   -Seth

  
  
  Hi Seth,
  
  Mine is set to Anonymous and Basic Authentication (with the domain and realm filled in with my fqdn).
  
  I have a similar environment set up but didn't have to register any SPN's. Have you tried using the Office Communicator client or Live Meeting client against your environment yet? If so, have you encountered issues or are you just trying to run the validation checks?
  
  -Jason
  

  Wednesday, October 24, 2007 2:24 PM
• 

  

  0

  Sign in to vote

  Hi Seth,

   

  We had the same problem. Everything seemed to be working fine, but the validation check for Web Components was failing with the error message you received. We had someone from Microsoft come out to look at the problem and they provided the following solution / work around (not sure which term to use yet).

   

  I hope the problem you're experiencing is the same we had.

   

  http://support.microsoft.com/kb/896861/en-us

   

  Extract...

   

  This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

   

  The article contains a couple of methods to resolve the issue to a point where the validation check will succeed.

   

  Rgds,

   

  Morris

   

  Friday, October 26, 2007 12:11 AM