locked
Unable to authenticate to Communicator Web Access RRS feed

  • Question

  • We have deployed CWA internally (no external access) and until now have been able to sign in no problem.  Now it seems we cannot.  We are prompted for credentials but they do not pass authentication.  There are no entries in the Event Log.

     

    We have verified our certificates.  All are issued from the same root CA.  The CA chain is installed on the CWA machine.

     

    Has anybody seen this behaviour?  Thoughts?

     

    Thanks,

    Mark

    Tuesday, January 8, 2008 8:09 PM

Answers

  • Thanks for your posts everyone.

     

    We verified all the usual suspects...

    • Pools running
    • CWAServer password not expired
    • IIS looks good
    • Etc.

    This is in VM.  We took down the "bad" VM and started up a backup and everything worked fine.  We started up the "bad" VM again and checked for inconsistencies.  There were none apparent.  We then removed the computer from the domain, removed the AD record for the machine, and re-added the machine to the domain ... this solved the problem.

     

    So I'm not thrilled with the "solution" and I still don't know what was happening at this point, but in the end it could all come down to "funky VM problems!"

     

    If it happens again and I learn more I'll re-post.  Otherwise, hopefully this helps someone if it happens to you!

     

    Thanks,

    Mark

    Friday, January 11, 2008 2:57 PM

All replies

  • If this worked previoulsy and has all of a sudden stopped functioning correctly, then I'd start with the obvious (reboot the server?) and take a look at anything they have have changed in your configuration recently.  There could be any number of reasons for authentication failure; do you have any more specifics?
    Tuesday, January 8, 2008 8:44 PM
    Moderator
  • What kind of authentication are you using? Forms-based or integrated? If it's integrated you'll need to make sure your IE settings are configured properly to pass the credentials. Try following this post: http://www.confusedamused.com/notebook/communicator-web-access-integrated-authentication/

    And if you're trying to sign in from the machine CWA is actually installed on you'll need to address some loopback security issues before you can login: http://www.confusedamused.com/notebook/communicator-web-access-loopback-issues/
    Wednesday, January 9, 2008 6:08 PM
  • Have you checked that all the application pools are started. Often it is is workign then stops the application pool account has become locked out or disabled
    Thursday, January 10, 2008 10:35 AM
  • I would also make sure the CWAService account has not been disabled. By default these accounts do not have the "Password never expires" option selected.
    Thursday, January 10, 2008 5:19 PM
  • Thanks for your posts everyone.

     

    We verified all the usual suspects...

    • Pools running
    • CWAServer password not expired
    • IIS looks good
    • Etc.

    This is in VM.  We took down the "bad" VM and started up a backup and everything worked fine.  We started up the "bad" VM again and checked for inconsistencies.  There were none apparent.  We then removed the computer from the domain, removed the AD record for the machine, and re-added the machine to the domain ... this solved the problem.

     

    So I'm not thrilled with the "solution" and I still don't know what was happening at this point, but in the end it could all come down to "funky VM problems!"

     

    If it happens again and I learn more I'll re-post.  Otherwise, hopefully this helps someone if it happens to you!

     

    Thanks,

    Mark

    Friday, January 11, 2008 2:57 PM
  • Glad you got it working. I know I use VMs for my labs and even in a couple production environments, but in case you didn't hear the hilariously succint Microsoft stance on OCS 2007 virtualization:

    Virtualization:

    Virtualization is not supported for any server role in a production environment.


    I'm curious if that will change with Hyper-V, but I guess we'll see soon enough.
    Friday, January 11, 2008 4:53 PM