locked
Communicator Single Signon does not work on all workstations RRS feed

  • Question

  • The problem is the following:
    Machine F: I start Communicator, SSO fails, I need to type in my (domain account) password.
    Machine W: I start Communicator, SSO works, no problems.

    Machine F: In the log it shows:
    12/01/2008|10:03:40.859 A90:C68 INFO  :: SIP/2.0 403 Forbidden
    Authentication-Info: NTLM rspauth="0100000038156A04E8314A20448F8BAA", srand="3DA8037F", snum="1",
    opaque="826A3D30", qop="auth", targetname="bu-s070.mycompany.net", realm="SIP Communications Service"
    From: <sip:firstname.lastname@mycompany.com>;tag=cb43e5585a;epid=a14417d6c3
    To: <sip:firstname.lastname@mycompany.com>;tag=BE437E6D2447E825C601B836D87DB277
    Call-ID: 12d172f6480b4fd38dd04370c39d6f88
    CSeq: 3 REGISTER
    Via: SIP/2.0/TLS 10.1.20.18:1219;ms-received-port=1219;ms-received-cid=40F000
    ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from
    URI";source="bu-s070.mycompany.net";AuthenticatedIdentity="BU-S070\Administrator"
    ms-diagnostics-public: 4004;reason="Credentials provided are not authorized to act as specified from
    URI";AuthenticatedIdentity="BU-S070\Administrator"
    Content-Length: 0
    12/01/2008|10:03:40.859 A90:C68 INFO  :: End of Data Received - 10.1.1.70:5061 (To Local Address:
    10.1.20.18:1219) 861 bytes

    Machine F: WinXP SP3 Communicator 2.0.6362.0 DE
    Machine W: WinXP SP3 Communicator 2.0.6362.0 DE

    What does "Credentials provided are not authorized to act as specified from URI" mean?
    Rejoining the domain did not make a difference. Changing from Kerberos to NTLM only changes the error message in the log. Any suggestions beside reinstalling the machine ?
    Thanks

    Monday, December 1, 2008 10:42 AM

Answers

  • Hi Tonino,

    thank you for your reply but i need to clarify a little further: on both machines I do logon with my domain account where the SIP URI belongs to. The BU-S070 is the OCS Frontend. The question is now why it uses the Administrator account of the server and my SIP URI. Very strange.

    But I think I just found a solution / workaround:
    * Start->Run->control userpasswords2
    * In Advanced tab, go "Manage Passwords".
    * Remove the stored credentials that Communicator uses instead of yours (BU-S070 in this case)
    * Reopen Communicator, SSO should work now

    Any explanations? Is this a bug?

    Maurice.
    Tuesday, December 2, 2008 9:23 AM

All replies

  • Hi,

    it seems you are using the credentials of
    BU-S070\Administrator to logon to the SIP URI firstname.lastname@mycompany.com.

    I am guessing from your log that BU-S070 is the workstation name which would indicate that you have logged on to the workstation using the local administrator account. In this case SSO won't work as you noticed, you have to be logged on with a domain user and connect to the right SIP URI.

    basically that's what the message "
    Credentials provided are not authorized to act as specified from URI" means, you are trying to connect to SIP Address for which you don't have the proper credentials for.

    Sincerely,
    Tonino Bruno
    Monday, December 1, 2008 9:03 PM
  • Hi Tonino,

    thank you for your reply but i need to clarify a little further: on both machines I do logon with my domain account where the SIP URI belongs to. The BU-S070 is the OCS Frontend. The question is now why it uses the Administrator account of the server and my SIP URI. Very strange.

    But I think I just found a solution / workaround:
    * Start->Run->control userpasswords2
    * In Advanced tab, go "Manage Passwords".
    * Remove the stored credentials that Communicator uses instead of yours (BU-S070 in this case)
    * Reopen Communicator, SSO should work now

    Any explanations? Is this a bug?

    Maurice.
    Tuesday, December 2, 2008 9:23 AM