cancel
Showing results for 
Search instead for 
Did you mean: 

Archive Explorer authentication issues.

portabletelly
Level 4
When browsing Archive Explorer I keep getting prompted for a password. No matter what method of authentication I put in eg domain\usersname  or fqdn\username or username password or username@domainname the ev will never authenticate. OWA doesnt work either.
 
Ill get a 401.1 error with access denied due to invalid credentials. this happens on every account.
 
I can successfully authenticate via kerbros to the default web site. The acls appear to be the same on the default website and ev web directorys.
 
This action leaves two events in the security event log of ev. any ideas on how I can fix this?
 
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date:  3/03/2008
Time:  10:50:11 PM
User:  NT AUTHORITY\SYSTEM
Computer: SVRBNE02
Description:
Logon Failure:
  Reason:  An error occurred during logon
  User Name: 
  Domain:  
  Logon Type: 3
  Logon Process: Kerberos
  Authentication Package: Kerberos
  Workstation Name: -
  Status code: 0xC000006D
  Substatus code: 0xC000006D
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: -
  Transited Services: -
  Source Network Address: 192.168.1.3
  Source Port: 1591

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
and
 
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 553
Date:  3/03/2008
Time:  10:50:11 PM
User:  NT AUTHORITY\SYSTEM
Computer: SVRBNE02
Description:
 User Name: EvDelUsers
  Domain: %%tdomain.LOCAL
  Request Type: KRB_AP_REQ
  Logon Process: Kerberos
  Authentication Package: Kerberos
  Workstation Name: -
  Caller User Name: SVRBNE02$
  Caller Domain: domain
  Caller Logon ID: (0x0,0x3E7)
  Caller Process ID: 0x22B4
  Transited Services: -

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
6 REPLIES 6

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified
Are you able to access the EV Search page?

A_Z_rcher
Level 5
Partner Accredited
Hi
check the local intranet zone: the ev server should be listed there on the client.
Do you use a proxy? check this setting to bypass the credentials. (config manual)
Then you should not be prompted for logon credentials when Outtlook is already started.
 
Can you store/restore/view/search archived items without logon creds?

portabletelly
Level 4
To Tony,
 
No I cant access the EV Search page either. I have tried
cname.fqdn/enterprisevault
cname/enterprisevault
servername.fqdn/enterprisevault
servername/enterprisevault
 
and
 
cname.fqdn/enterprisevault/search.asp
cname/enterprisevault//search.asp
servername.fqdn/enterprisevault//search.asp
servername/enterprisevault//search.asp
 
So to recap. I can't view any of the ie components of ev. eg archive explorer, owa archived emails, search page and so forth. from a users perspective I can archive their email then restore from vault and successfully view the restored item. But I cannot double click on an archived email and view it I get the page not found.
 
To make sure IIS is working I successfully created a test.htm page under the default web site and kerbos let me straight through.
 
When browsing the iis ev directorys I always get prompted for a password. Checking the secuirty settings they are Bascic auth and intergrated.


Message Edited by portabletelly on 03-03-2008 02:54 PM

portabletelly
Level 4
I bypassed the proxy and still get the same issue.
Furthermore when checking zone settings. the everserver1; evserver1.fqdn; evsite1; evsite1.fqdn are in the local intranet zone.
 
 

A_Z_rcher
Level 5
Partner Accredited
this seems to be a "microsoft" problem. If I understand you correct you can only access the top dirs under the default website. As soons as Integrated Windows Auth. is called, it fails. This can have several causes. Check you IIS logs and Event logs. Also make sure the time/date is synced.
Could this be the case?
 
Without more information about your environment it's hard to help, sorry.

portabletelly
Level 4
I fixed the archive explorer issue by backing up the iis metadata in iis. backing up the virtual directories for ev.
Uninstalling iis
reinstalling iis and then importing the config files
 
I think there was an issue with the application pool the virt directories were using. There now using the default app pool and archive explorer is working.
 
Still haveing issue with owa though. But I think thats because the exchange server is a dc and also runs isa server.