Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Windows Authentication IIS 7 CRM 4.0 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I am having a Windows Authentication problem with my new CRM 4.0 site.  I have installed it on IIS 7 on its own site using port 80 with its own IP.

    On most computers in the domain the user is prompted for credentials.  When they enter the credentials it logs them in just fine.  If I add the site to the trusted sites in IE7 then it does not prompt the users.  When the user hits cancel this error displays: "HTTP Error 401.2 - Unauthorized: Access is denied."  The error on the server is "HTTP Error 401.2 - Unauthorized
    You are not authorized to view this page due to invalid authentication headers."

    Normally this would be okay and I would use the workarounds but I am trying to use Scribe 6.3.1 and the CRM adapter needs to authenticate and I believe this is causing an issue with that adapter authenticating.

    My personal computer is the only computer on the domain that I have found so far that does not need any of the workarounds in IE.

    I have played with the applicationHost.config file. No luck.

    The setup the default site on the same server to use Windows Authentication and it works like a charm.

    Any help would be much appreciated.  I am now going in circles.
    Wednesday, August 20, 2008 11:45 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    I'm not sure what you mean, but i'll give it my best shot.

    1. Do you have IE7 autologon to intranet and trusted sites? (To remove: goto tools > options > security > local intranet > click on custom level > then scroll to the bottom last option and click "always ask for username and password"
    2. I have had a similar problem. When i type in the servername or the FQDN in the browser it gets regected and says "Unauthorized", however if i type in localhost it authenticates and works. the way i fixed this was to run this tool from microsoft: http://technet.microsoft.com/en-us/library/cc773257.aspx

     

    Sunday, August 24, 2008 12:36 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Rick,

     

    I have found in the past that adding the CRM URL to the local intranet sites instead of trusted sites have helped me quite a bit.  I also add both the friendly server and FQDN names i.e. http://server and http://server.domain.suffix.  I am not sure that this will resolve your problem but it is at least a start.

     

    Thanks

     

    Thursday, August 21, 2008 7:45 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you for your reply.  I can add it to either the Local Intranet sites or the Trusted Sites and it will stop asking for the credentials on all machines except where CRM is installed.  This is the server where I am trying to install that adapter that is also trying to authenticate.

    An update to my first post: I had *.domain.suffix on my Trusted Sites locally so it was automatically accepting the site.  Now my machine is acting the same with the authentication.  This also means that the Outlook CRM plug-in is not working without authentication either.

    Thursday, August 21, 2008 4:10 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I'm not sure what you mean, but i'll give it my best shot.

    1. Do you have IE7 autologon to intranet and trusted sites? (To remove: goto tools > options > security > local intranet > click on custom level > then scroll to the bottom last option and click "always ask for username and password"
    2. I have had a similar problem. When i type in the servername or the FQDN in the browser it gets regected and says "Unauthorized", however if i type in localhost it authenticates and works. the way i fixed this was to run this tool from microsoft: http://technet.microsoft.com/en-us/library/cc773257.aspx

     

    Sunday, August 24, 2008 12:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    This is a security feature of Windows 2003/IIS - Users are not able to logon to IIS from local server.

    I can be turned off by modifying registry.... can't remember exact URL or registry entries

     

     

     

     

    Jim Syd Oz

     

    Sunday, November 9, 2008 5:55 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I think this is what you are referring to:

    1.      

    281308  (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name

    2.     Click Start, click Run, type regedit, and then click OK.

    3.     In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

    4.     Right-click Lsa, point to New, and then click DWORD Value.

    5.     Type DisableLoopbackCheck, and then press ENTER.

    6.     Right-click DisableLoopbackCheck, and then click Modify.

    7.     In the Value data box, type 1, and then click OK.

    Quit Registry Editor, and then restart your computer

    Thursday, October 21, 2010 1:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Rick,

    I think best solution you should add trusted site on IE and and more url host + IP at hostfile on each machine.

     

    Regards,

    Vinh Nguyen

    Saturday, October 23, 2010 4:48 PM