External Domain PCs wont browse to OWA nor Sharepoint sites

  • Thread starter Thread starter techtedg@kc.rr.com
  • Start date Start date
T

techtedg@kc.rr.com

Guest
We are currently running a single domain controller with exchange 2003 and
sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are here
in the office they can access both OWA/Sharepoint without any trouble. When a
domain PC is external to the local network (i.e. a site office) users CANNOT
access OWA/Sharepoint sites through the std internet connection. However if i
connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint while
they are connected, as soon as they disconnect from the VPN they lose the
ability to browse to OWA/Sharepoint they just get the std "page cannot be
found" error in IE. Now whats weird is if i either disjoin the pc from the
domain AND/OR just login as the local admin i CAN browse to OWA/Sharepoint
(also my personal PC at home which isnt a domain PC can always browse to our
sharepoint/owa site).

So basically if you are a domain user and are not in the office or
connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even come up
and ask for credentials it just says "page cannot be found". If you are NOT a
domain user you CAN access OWA/Sharepoint thru the internet without VPN
connection.

I'm pretty sure the router, external DNS, etc is correct or else the
non-domain users wouldnt be able to access the sites. This must be something
to do with domain config. HELP!!!

How can i fix this?
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Are you perhaps specifying a proxy server in the user's Internet Explorer
settings?
Anthony,
http://www.airdesk.co.uk


"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
> We are currently running a single domain controller with exchange 2003 and
> sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are
> here
> in the office they can access both OWA/Sharepoint without any trouble.
> When a
> domain PC is external to the local network (i.e. a site office) users
> CANNOT
> access OWA/Sharepoint sites through the std internet connection. However
> if i
> connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint
> while
> they are connected, as soon as they disconnect from the VPN they lose the
> ability to browse to OWA/Sharepoint they just get the std "page cannot be
> found" error in IE. Now whats weird is if i either disjoin the pc from the
> domain AND/OR just login as the local admin i CAN browse to OWA/Sharepoint
> (also my personal PC at home which isnt a domain PC can always browse to
> our
> sharepoint/owa site).
>
> So basically if you are a domain user and are not in the office or
> connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even come
> up
> and ask for credentials it just says "page cannot be found". If you are
> NOT a
> domain user you CAN access OWA/Sharepoint thru the internet without VPN
> connection.
>
> I'm pretty sure the router, external DNS, etc is correct or else the
> non-domain users wouldnt be able to access the sites. This must be
> something
> to do with domain config. HELP!!!
>
> How can i fix this?
>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

No we arent specifying any proxy server inside IE. I did see an article about
something close to this and it suggested running a command locally on ther
server if you DONT run a proxy, and then also specifying a fake proxy inside
the users IE settings. I tried this for one user with no luck, and have now
set the proxy settings back to default "unchecked" inside IE. I'm sure it has
something to do with the way the domain users get routed externally to the
site(s) but i'm not sure where to start/look. Any other ideas???



"Anthony [MVP]" wrote:

> Are you perhaps specifying a proxy server in the user's Internet Explorer
> settings?
> Anthony,
> http://www.airdesk.co.uk
>
>
> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
> > We are currently running a single domain controller with exchange 2003 and
> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are
> > here
> > in the office they can access both OWA/Sharepoint without any trouble.
> > When a
> > domain PC is external to the local network (i.e. a site office) users
> > CANNOT
> > access OWA/Sharepoint sites through the std internet connection. However
> > if i
> > connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint
> > while
> > they are connected, as soon as they disconnect from the VPN they lose the
> > ability to browse to OWA/Sharepoint they just get the std "page cannot be
> > found" error in IE. Now whats weird is if i either disjoin the pc from the
> > domain AND/OR just login as the local admin i CAN browse to OWA/Sharepoint
> > (also my personal PC at home which isnt a domain PC can always browse to
> > our
> > sharepoint/owa site).
> >
> > So basically if you are a domain user and are not in the office or
> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even come
> > up
> > and ask for credentials it just says "page cannot be found". If you are
> > NOT a
> > domain user you CAN access OWA/Sharepoint thru the internet without VPN
> > connection.
> >
> > I'm pretty sure the router, external DNS, etc is correct or else the
> > non-domain users wouldnt be able to access the sites. This must be
> > something
> > to do with domain config. HELP!!!
> >
> > How can i fix this?
> >
>
>
>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

What happens when you ping the sites?
Anthony,
http://www.airdesk.co.uk


"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
> No we arent specifying any proxy server inside IE. I did see an article
> about
> something close to this and it suggested running a command locally on ther
> server if you DONT run a proxy, and then also specifying a fake proxy
> inside
> the users IE settings. I tried this for one user with no luck, and have
> now
> set the proxy settings back to default "unchecked" inside IE. I'm sure it
> has
> something to do with the way the domain users get routed externally to the
> site(s) but i'm not sure where to start/look. Any other ideas???
>
>
>
> "Anthony [MVP]" wrote:
>
>> Are you perhaps specifying a proxy server in the user's Internet Explorer
>> settings?
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
>> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
>> > We are currently running a single domain controller with exchange 2003
>> > and
>> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are
>> > here
>> > in the office they can access both OWA/Sharepoint without any trouble.
>> > When a
>> > domain PC is external to the local network (i.e. a site office) users
>> > CANNOT
>> > access OWA/Sharepoint sites through the std internet connection.
>> > However
>> > if i
>> > connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint
>> > while
>> > they are connected, as soon as they disconnect from the VPN they lose
>> > the
>> > ability to browse to OWA/Sharepoint they just get the std "page cannot
>> > be
>> > found" error in IE. Now whats weird is if i either disjoin the pc from
>> > the
>> > domain AND/OR just login as the local admin i CAN browse to
>> > OWA/Sharepoint
>> > (also my personal PC at home which isnt a domain PC can always browse
>> > to
>> > our
>> > sharepoint/owa site).
>> >
>> > So basically if you are a domain user and are not in the office or
>> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even
>> > come
>> > up
>> > and ask for credentials it just says "page cannot be found". If you are
>> > NOT a
>> > domain user you CAN access OWA/Sharepoint thru the internet without VPN
>> > connection.
>> >
>> > I'm pretty sure the router, external DNS, etc is correct or else the
>> > non-domain users wouldnt be able to access the sites. This must be
>> > something
>> > to do with domain config. HELP!!!
>> >
>> > How can i fix this?
>> >
>>
>>
>>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Well when i am NOT connected to the VPN all the sites (i.e
jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for both
domain users and nondomain users. When connected to the VPN it resolves to
the local ip address of the server itself (ie. 10.1.1.1).


"Anthony [MVP]" wrote:

> What happens when you ping the sites?
> Anthony,
> http://www.airdesk.co.uk
>
>
> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
> > No we arent specifying any proxy server inside IE. I did see an article
> > about
> > something close to this and it suggested running a command locally on ther
> > server if you DONT run a proxy, and then also specifying a fake proxy
> > inside
> > the users IE settings. I tried this for one user with no luck, and have
> > now
> > set the proxy settings back to default "unchecked" inside IE. I'm sure it
> > has
> > something to do with the way the domain users get routed externally to the
> > site(s) but i'm not sure where to start/look. Any other ideas???
> >
> >
> >
> > "Anthony [MVP]" wrote:
> >
> >> Are you perhaps specifying a proxy server in the user's Internet Explorer
> >> settings?
> >> Anthony,
> >> http://www.airdesk.co.uk
> >>
> >>
> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
> >> > We are currently running a single domain controller with exchange 2003
> >> > and
> >> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are
> >> > here
> >> > in the office they can access both OWA/Sharepoint without any trouble.
> >> > When a
> >> > domain PC is external to the local network (i.e. a site office) users
> >> > CANNOT
> >> > access OWA/Sharepoint sites through the std internet connection.
> >> > However
> >> > if i
> >> > connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint
> >> > while
> >> > they are connected, as soon as they disconnect from the VPN they lose
> >> > the
> >> > ability to browse to OWA/Sharepoint they just get the std "page cannot
> >> > be
> >> > found" error in IE. Now whats weird is if i either disjoin the pc from
> >> > the
> >> > domain AND/OR just login as the local admin i CAN browse to
> >> > OWA/Sharepoint
> >> > (also my personal PC at home which isnt a domain PC can always browse
> >> > to
> >> > our
> >> > sharepoint/owa site).
> >> >
> >> > So basically if you are a domain user and are not in the office or
> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even
> >> > come
> >> > up
> >> > and ask for credentials it just says "page cannot be found". If you are
> >> > NOT a
> >> > domain user you CAN access OWA/Sharepoint thru the internet without VPN
> >> > connection.
> >> >
> >> > I'm pretty sure the router, external DNS, etc is correct or else the
> >> > non-domain users wouldnt be able to access the sites. This must be
> >> > something
> >> > to do with domain config. HELP!!!
> >> >
> >> > How can i fix this?
> >> >
> >>
> >>
> >>
>
>
>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

When the client is outside the WAN, I think you said that it works as admin
or as user when unjoined, but not as user when joined to the domain.
What happens when you ping in those different circs? Also, what happens when
in IE you connect to a) the name and b) the ip address?
Anthony,
http://www.airdesk.co.uk



"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
> Well when i am NOT connected to the VPN all the sites (i.e
> jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for
> both
> domain users and nondomain users. When connected to the VPN it resolves to
> the local ip address of the server itself (ie. 10.1.1.1).
>
>
> "Anthony [MVP]" wrote:
>
>> What happens when you ping the sites?
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
>> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
>> > No we arent specifying any proxy server inside IE. I did see an article
>> > about
>> > something close to this and it suggested running a command locally on
>> > ther
>> > server if you DONT run a proxy, and then also specifying a fake proxy
>> > inside
>> > the users IE settings. I tried this for one user with no luck, and have
>> > now
>> > set the proxy settings back to default "unchecked" inside IE. I'm sure
>> > it
>> > has
>> > something to do with the way the domain users get routed externally to
>> > the
>> > site(s) but i'm not sure where to start/look. Any other ideas???
>> >
>> >
>> >
>> > "Anthony [MVP]" wrote:
>> >
>> >> Are you perhaps specifying a proxy server in the user's Internet
>> >> Explorer
>> >> settings?
>> >> Anthony,
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
>> >> in
>> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
>> >> > We are currently running a single domain controller with exchange
>> >> > 2003
>> >> > and
>> >> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops
>> >> > are
>> >> > here
>> >> > in the office they can access both OWA/Sharepoint without any
>> >> > trouble.
>> >> > When a
>> >> > domain PC is external to the local network (i.e. a site office)
>> >> > users
>> >> > CANNOT
>> >> > access OWA/Sharepoint sites through the std internet connection.
>> >> > However
>> >> > if i
>> >> > connect those same PCs/Users to the VPN they CAN access
>> >> > OWA/Sharepoint
>> >> > while
>> >> > they are connected, as soon as they disconnect from the VPN they
>> >> > lose
>> >> > the
>> >> > ability to browse to OWA/Sharepoint they just get the std "page
>> >> > cannot
>> >> > be
>> >> > found" error in IE. Now whats weird is if i either disjoin the pc
>> >> > from
>> >> > the
>> >> > domain AND/OR just login as the local admin i CAN browse to
>> >> > OWA/Sharepoint
>> >> > (also my personal PC at home which isnt a domain PC can always
>> >> > browse
>> >> > to
>> >> > our
>> >> > sharepoint/owa site).
>> >> >
>> >> > So basically if you are a domain user and are not in the office or
>> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt
>> >> > even
>> >> > come
>> >> > up
>> >> > and ask for credentials it just says "page cannot be found". If you
>> >> > are
>> >> > NOT a
>> >> > domain user you CAN access OWA/Sharepoint thru the internet without
>> >> > VPN
>> >> > connection.
>> >> >
>> >> > I'm pretty sure the router, external DNS, etc is correct or else the
>> >> > non-domain users wouldnt be able to access the sites. This must be
>> >> > something
>> >> > to do with domain config. HELP!!!
>> >> >
>> >> > How can i fix this?
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

It never works as the domain admin or any domain profile, it always works as
any non-domain profile (such as local admin).
When pinging i get the same results whether i'm logged in to a domain
profile or non domain, all the sites (i.e. jobs.domain.net & owa.domain.net)
all resolve back to our WAN ip address.
When i try to connect to the IP address from either a domain profile or non
domain i get our main public company webpage by default (www.domain.net or
domain.net normally).
When i connect to the name (jobs.domain.net etc) from a domain profile it
says page cannot be found. When i browse to the name from a nondomain profile
it comes up and asks for credentials and lets me login to the site(s).

"Anthony [MVP]" wrote:

> When the client is outside the WAN, I think you said that it works as admin
> or as user when unjoined, but not as user when joined to the domain.
> What happens when you ping in those different circs? Also, what happens when
> in IE you connect to a) the name and b) the ip address?
> Anthony,
> http://www.airdesk.co.uk
>
>
>
> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
> > Well when i am NOT connected to the VPN all the sites (i.e
> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for
> > both
> > domain users and nondomain users. When connected to the VPN it resolves to
> > the local ip address of the server itself (ie. 10.1.1.1).
> >
> >
> > "Anthony [MVP]" wrote:
> >
> >> What happens when you ping the sites?
> >> Anthony,
> >> http://www.airdesk.co.uk
> >>
> >>
> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
> >> > No we arent specifying any proxy server inside IE. I did see an article
> >> > about
> >> > something close to this and it suggested running a command locally on
> >> > ther
> >> > server if you DONT run a proxy, and then also specifying a fake proxy
> >> > inside
> >> > the users IE settings. I tried this for one user with no luck, and have
> >> > now
> >> > set the proxy settings back to default "unchecked" inside IE. I'm sure
> >> > it
> >> > has
> >> > something to do with the way the domain users get routed externally to
> >> > the
> >> > site(s) but i'm not sure where to start/look. Any other ideas???
> >> >
> >> >
> >> >
> >> > "Anthony [MVP]" wrote:
> >> >
> >> >> Are you perhaps specifying a proxy server in the user's Internet
> >> >> Explorer
> >> >> settings?
> >> >> Anthony,
> >> >> http://www.airdesk.co.uk
> >> >>
> >> >>
> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
> >> >> in
> >> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
> >> >> > We are currently running a single domain controller with exchange
> >> >> > 2003
> >> >> > and
> >> >> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops
> >> >> > are
> >> >> > here
> >> >> > in the office they can access both OWA/Sharepoint without any
> >> >> > trouble.
> >> >> > When a
> >> >> > domain PC is external to the local network (i.e. a site office)
> >> >> > users
> >> >> > CANNOT
> >> >> > access OWA/Sharepoint sites through the std internet connection.
> >> >> > However
> >> >> > if i
> >> >> > connect those same PCs/Users to the VPN they CAN access
> >> >> > OWA/Sharepoint
> >> >> > while
> >> >> > they are connected, as soon as they disconnect from the VPN they
> >> >> > lose
> >> >> > the
> >> >> > ability to browse to OWA/Sharepoint they just get the std "page
> >> >> > cannot
> >> >> > be
> >> >> > found" error in IE. Now whats weird is if i either disjoin the pc
> >> >> > from
> >> >> > the
> >> >> > domain AND/OR just login as the local admin i CAN browse to
> >> >> > OWA/Sharepoint
> >> >> > (also my personal PC at home which isnt a domain PC can always
> >> >> > browse
> >> >> > to
> >> >> > our
> >> >> > sharepoint/owa site).
> >> >> >
> >> >> > So basically if you are a domain user and are not in the office or
> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt
> >> >> > even
> >> >> > come
> >> >> > up
> >> >> > and ask for credentials it just says "page cannot be found". If you
> >> >> > are
> >> >> > NOT a
> >> >> > domain user you CAN access OWA/Sharepoint thru the internet without
> >> >> > VPN
> >> >> > connection.
> >> >> >
> >> >> > I'm pretty sure the router, external DNS, etc is correct or else the
> >> >> > non-domain users wouldnt be able to access the sites. This must be
> >> >> > something
> >> >> > to do with domain config. HELP!!!
> >> >> >
> >> >> > How can i fix this?
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

I don't have an easy answer for you. This is what I have understood so far:
- DNS resolution seems OK
- The IP address and the default site FQDN are being resolved OK in all
cases
- The sites that are reached through Host Headers are not resolved. I assume
they are host headers because you have not mentioned different IP addresses
and you mentioned the WAN IP address in the singular.
- It seems the failure only happens for domain users on domain machines
connecting over the Internet, and not for any other combination, and only
for the host header sites not for the default site.
- Is this SBS? Do you have ISA?

It is not what you asked, but if I were providing access to OWA and
SharePoint authenticated over the net I would be using https.
Anthony,
http://www.airdesk.co.uk




"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...
> It never works as the domain admin or any domain profile, it always works
> as
> any non-domain profile (such as local admin).
> When pinging i get the same results whether i'm logged in to a domain
> profile or non domain, all the sites (i.e. jobs.domain.net &
> owa.domain.net)
> all resolve back to our WAN ip address.
> When i try to connect to the IP address from either a domain profile or
> non
> domain i get our main public company webpage by default (www.domain.net or
> domain.net normally).
> When i connect to the name (jobs.domain.net etc) from a domain profile it
> says page cannot be found. When i browse to the name from a nondomain
> profile
> it comes up and asks for credentials and lets me login to the site(s).
>
> "Anthony [MVP]" wrote:
>
>> When the client is outside the WAN, I think you said that it works as
>> admin
>> or as user when unjoined, but not as user when joined to the domain.
>> What happens when you ping in those different circs? Also, what happens
>> when
>> in IE you connect to a) the name and b) the ip address?
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
>> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
>> > Well when i am NOT connected to the VPN all the sites (i.e
>> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for
>> > both
>> > domain users and nondomain users. When connected to the VPN it resolves
>> > to
>> > the local ip address of the server itself (ie. 10.1.1.1).
>> >
>> >
>> > "Anthony [MVP]" wrote:
>> >
>> >> What happens when you ping the sites?
>> >> Anthony,
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
>> >> in
>> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
>> >> > No we arent specifying any proxy server inside IE. I did see an
>> >> > article
>> >> > about
>> >> > something close to this and it suggested running a command locally
>> >> > on
>> >> > ther
>> >> > server if you DONT run a proxy, and then also specifying a fake
>> >> > proxy
>> >> > inside
>> >> > the users IE settings. I tried this for one user with no luck, and
>> >> > have
>> >> > now
>> >> > set the proxy settings back to default "unchecked" inside IE. I'm
>> >> > sure
>> >> > it
>> >> > has
>> >> > something to do with the way the domain users get routed externally
>> >> > to
>> >> > the
>> >> > site(s) but i'm not sure where to start/look. Any other ideas???
>> >> >
>> >> >
>> >> >
>> >> > "Anthony [MVP]" wrote:
>> >> >
>> >> >> Are you perhaps specifying a proxy server in the user's Internet
>> >> >> Explorer
>> >> >> settings?
>> >> >> Anthony,
>> >> >> http://www.airdesk.co.uk
>> >> >>
>> >> >>
>> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
>> >> >> wrote
>> >> >> in
>> >> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
>> >> >> > We are currently running a single domain controller with exchange
>> >> >> > 2003
>> >> >> > and
>> >> >> > sharepoint v2 both installed. We have a VPN setup. When
>> >> >> > PCs/laptops
>> >> >> > are
>> >> >> > here
>> >> >> > in the office they can access both OWA/Sharepoint without any
>> >> >> > trouble.
>> >> >> > When a
>> >> >> > domain PC is external to the local network (i.e. a site office)
>> >> >> > users
>> >> >> > CANNOT
>> >> >> > access OWA/Sharepoint sites through the std internet connection.
>> >> >> > However
>> >> >> > if i
>> >> >> > connect those same PCs/Users to the VPN they CAN access
>> >> >> > OWA/Sharepoint
>> >> >> > while
>> >> >> > they are connected, as soon as they disconnect from the VPN they
>> >> >> > lose
>> >> >> > the
>> >> >> > ability to browse to OWA/Sharepoint they just get the std "page
>> >> >> > cannot
>> >> >> > be
>> >> >> > found" error in IE. Now whats weird is if i either disjoin the pc
>> >> >> > from
>> >> >> > the
>> >> >> > domain AND/OR just login as the local admin i CAN browse to
>> >> >> > OWA/Sharepoint
>> >> >> > (also my personal PC at home which isnt a domain PC can always
>> >> >> > browse
>> >> >> > to
>> >> >> > our
>> >> >> > sharepoint/owa site).
>> >> >> >
>> >> >> > So basically if you are a domain user and are not in the office
>> >> >> > or
>> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt
>> >> >> > even
>> >> >> > come
>> >> >> > up
>> >> >> > and ask for credentials it just says "page cannot be found". If
>> >> >> > you
>> >> >> > are
>> >> >> > NOT a
>> >> >> > domain user you CAN access OWA/Sharepoint thru the internet
>> >> >> > without
>> >> >> > VPN
>> >> >> > connection.
>> >> >> >
>> >> >> > I'm pretty sure the router, external DNS, etc is correct or else
>> >> >> > the
>> >> >> > non-domain users wouldnt be able to access the sites. This must
>> >> >> > be
>> >> >> > something
>> >> >> > to do with domain config. HELP!!!
>> >> >> >
>> >> >> > How can i fix this?
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Yes we are using host headers. owa.domain.net is just a forwarder to the
default exchange address of www.domain.net/exchange and jobs.domain.net is an
actual virtual server with sharepoint extended to it.

This is not SBS and were not using ISA nor SSL. We may implement SSL down
the road but for now i am just trying to get this to work for external
users....

Also you meantioned the "default" site is working externally for domain
users and the sharepoint&owa sites are not. The default site is a public site
tho, no auth required. Of course the sharepoint/owa sites require auth. Could
this be some sort of NTLM/Kerberos issue with external domain profiles? Like
the authentication for domain profiles isnt being carried thru to the server?
Normally when we browse to owa/sharepoint on domain profiles internally it
doesnt ask for credentials, it just uses the locally logged in credentials to
access the site. But when accessing from a non-domain profile it asks for
username and password... just thoughts....

Anybody got any ideas?

"Anthony [MVP]" wrote:

> I don't have an easy answer for you. This is what I have understood so far:
> - DNS resolution seems OK
> - The IP address and the default site FQDN are being resolved OK in all
> cases
> - The sites that are reached through Host Headers are not resolved. I assume
> they are host headers because you have not mentioned different IP addresses
> and you mentioned the WAN IP address in the singular.
> - It seems the failure only happens for domain users on domain machines
> connecting over the Internet, and not for any other combination, and only
> for the host header sites not for the default site.
> - Is this SBS? Do you have ISA?
>
> It is not what you asked, but if I were providing access to OWA and
> SharePoint authenticated over the net I would be using https.
> Anthony,
> http://www.airdesk.co.uk
>
>
>
>
> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...
> > It never works as the domain admin or any domain profile, it always works
> > as
> > any non-domain profile (such as local admin).
> > When pinging i get the same results whether i'm logged in to a domain
> > profile or non domain, all the sites (i.e. jobs.domain.net &
> > owa.domain.net)
> > all resolve back to our WAN ip address.
> > When i try to connect to the IP address from either a domain profile or
> > non
> > domain i get our main public company webpage by default (www.domain.net or
> > domain.net normally).
> > When i connect to the name (jobs.domain.net etc) from a domain profile it
> > says page cannot be found. When i browse to the name from a nondomain
> > profile
> > it comes up and asks for credentials and lets me login to the site(s).
> >
> > "Anthony [MVP]" wrote:
> >
> >> When the client is outside the WAN, I think you said that it works as
> >> admin
> >> or as user when unjoined, but not as user when joined to the domain.
> >> What happens when you ping in those different circs? Also, what happens
> >> when
> >> in IE you connect to a) the name and b) the ip address?
> >> Anthony,
> >> http://www.airdesk.co.uk
> >>
> >>
> >>
> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
> >> > Well when i am NOT connected to the VPN all the sites (i.e
> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for
> >> > both
> >> > domain users and nondomain users. When connected to the VPN it resolves
> >> > to
> >> > the local ip address of the server itself (ie. 10.1.1.1).
> >> >
> >> >
> >> > "Anthony [MVP]" wrote:
> >> >
> >> >> What happens when you ping the sites?
> >> >> Anthony,
> >> >> http://www.airdesk.co.uk
> >> >>
> >> >>
> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
> >> >> in
> >> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
> >> >> > No we arent specifying any proxy server inside IE. I did see an
> >> >> > article
> >> >> > about
> >> >> > something close to this and it suggested running a command locally
> >> >> > on
> >> >> > ther
> >> >> > server if you DONT run a proxy, and then also specifying a fake
> >> >> > proxy
> >> >> > inside
> >> >> > the users IE settings. I tried this for one user with no luck, and
> >> >> > have
> >> >> > now
> >> >> > set the proxy settings back to default "unchecked" inside IE. I'm
> >> >> > sure
> >> >> > it
> >> >> > has
> >> >> > something to do with the way the domain users get routed externally
> >> >> > to
> >> >> > the
> >> >> > site(s) but i'm not sure where to start/look. Any other ideas???
> >> >> >
> >> >> >
> >> >> >
> >> >> > "Anthony [MVP]" wrote:
> >> >> >
> >> >> >> Are you perhaps specifying a proxy server in the user's Internet
> >> >> >> Explorer
> >> >> >> settings?
> >> >> >> Anthony,
> >> >> >> http://www.airdesk.co.uk
> >> >> >>
> >> >> >>
> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
> >> >> >> wrote
> >> >> >> in
> >> >> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
> >> >> >> > We are currently running a single domain controller with exchange
> >> >> >> > 2003
> >> >> >> > and
> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When
> >> >> >> > PCs/laptops
> >> >> >> > are
> >> >> >> > here
> >> >> >> > in the office they can access both OWA/Sharepoint without any
> >> >> >> > trouble.
> >> >> >> > When a
> >> >> >> > domain PC is external to the local network (i.e. a site office)
> >> >> >> > users
> >> >> >> > CANNOT
> >> >> >> > access OWA/Sharepoint sites through the std internet connection.
> >> >> >> > However
> >> >> >> > if i
> >> >> >> > connect those same PCs/Users to the VPN they CAN access
> >> >> >> > OWA/Sharepoint
> >> >> >> > while
> >> >> >> > they are connected, as soon as they disconnect from the VPN they
> >> >> >> > lose
> >> >> >> > the
> >> >> >> > ability to browse to OWA/Sharepoint they just get the std "page
> >> >> >> > cannot
> >> >> >> > be
> >> >> >> > found" error in IE. Now whats weird is if i either disjoin the pc
> >> >> >> > from
> >> >> >> > the
> >> >> >> > domain AND/OR just login as the local admin i CAN browse to
> >> >> >> > OWA/Sharepoint
> >> >> >> > (also my personal PC at home which isnt a domain PC can always
> >> >> >> > browse
> >> >> >> > to
> >> >> >> > our
> >> >> >> > sharepoint/owa site).
> >> >> >> >
> >> >> >> > So basically if you are a domain user and are not in the office
> >> >> >> > or
> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt
> >> >> >> > even
> >> >> >> > come
> >> >> >> > up
> >> >> >> > and ask for credentials it just says "page cannot be found". If
> >> >> >> > you
> >> >> >> > are
> >> >> >> > NOT a
> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet
> >> >> >> > without
> >> >> >> > VPN
> >> >> >> > connection.
> >> >> >> >
> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or else
> >> >> >> > the
> >> >> >> > non-domain users wouldnt be able to access the sites. This must
> >> >> >> > be
> >> >> >> > something
> >> >> >> > to do with domain config. HELP!!!
> >> >> >> >
> >> >> >> > How can i fix this?
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

I agree, it sounds like the Integrated Authentication is breaking down. You
can check in the IIS logs whether the request is received, and what response
the server gives.
You might try changing the OWA authentication, for example:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
Just for fun you could try Digest, which secures the logon without requiring
an SSL certificate,
Anthony,
http://www.airdesk.co.uk




"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
message news:138BD2F7-316C-4607-9214-696790F241AB@microsoft.com...
> Yes we are using host headers. owa.domain.net is just a forwarder to the
> default exchange address of www.domain.net/exchange and jobs.domain.net is
> an
> actual virtual server with sharepoint extended to it.
>
> This is not SBS and were not using ISA nor SSL. We may implement SSL down
> the road but for now i am just trying to get this to work for external
> users....
>
> Also you meantioned the "default" site is working externally for domain
> users and the sharepoint&owa sites are not. The default site is a public
> site
> tho, no auth required. Of course the sharepoint/owa sites require auth.
> Could
> this be some sort of NTLM/Kerberos issue with external domain profiles?
> Like
> the authentication for domain profiles isnt being carried thru to the
> server?
> Normally when we browse to owa/sharepoint on domain profiles internally it
> doesnt ask for credentials, it just uses the locally logged in credentials
> to
> access the site. But when accessing from a non-domain profile it asks for
> username and password... just thoughts....
>
> Anybody got any ideas?
>
> "Anthony [MVP]" wrote:
>
>> I don't have an easy answer for you. This is what I have understood so
>> far:
>> - DNS resolution seems OK
>> - The IP address and the default site FQDN are being resolved OK in all
>> cases
>> - The sites that are reached through Host Headers are not resolved. I
>> assume
>> they are host headers because you have not mentioned different IP
>> addresses
>> and you mentioned the WAN IP address in the singular.
>> - It seems the failure only happens for domain users on domain machines
>> connecting over the Internet, and not for any other combination, and only
>> for the host header sites not for the default site.
>> - Is this SBS? Do you have ISA?
>>
>> It is not what you asked, but if I were providing access to OWA and
>> SharePoint authenticated over the net I would be using https.
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
>> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...
>> > It never works as the domain admin or any domain profile, it always
>> > works
>> > as
>> > any non-domain profile (such as local admin).
>> > When pinging i get the same results whether i'm logged in to a domain
>> > profile or non domain, all the sites (i.e. jobs.domain.net &
>> > owa.domain.net)
>> > all resolve back to our WAN ip address.
>> > When i try to connect to the IP address from either a domain profile or
>> > non
>> > domain i get our main public company webpage by default (www.domain.net
>> > or
>> > domain.net normally).
>> > When i connect to the name (jobs.domain.net etc) from a domain profile
>> > it
>> > says page cannot be found. When i browse to the name from a nondomain
>> > profile
>> > it comes up and asks for credentials and lets me login to the site(s).
>> >
>> > "Anthony [MVP]" wrote:
>> >
>> >> When the client is outside the WAN, I think you said that it works as
>> >> admin
>> >> or as user when unjoined, but not as user when joined to the domain.
>> >> What happens when you ping in those different circs? Also, what
>> >> happens
>> >> when
>> >> in IE you connect to a) the name and b) the ip address?
>> >> Anthony,
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >>
>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
>> >> in
>> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
>> >> > Well when i am NOT connected to the VPN all the sites (i.e
>> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address
>> >> > for
>> >> > both
>> >> > domain users and nondomain users. When connected to the VPN it
>> >> > resolves
>> >> > to
>> >> > the local ip address of the server itself (ie. 10.1.1.1).
>> >> >
>> >> >
>> >> > "Anthony [MVP]" wrote:
>> >> >
>> >> >> What happens when you ping the sites?
>> >> >> Anthony,
>> >> >> http://www.airdesk.co.uk
>> >> >>
>> >> >>
>> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
>> >> >> wrote
>> >> >> in
>> >> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
>> >> >> > No we arent specifying any proxy server inside IE. I did see an
>> >> >> > article
>> >> >> > about
>> >> >> > something close to this and it suggested running a command
>> >> >> > locally
>> >> >> > on
>> >> >> > ther
>> >> >> > server if you DONT run a proxy, and then also specifying a fake
>> >> >> > proxy
>> >> >> > inside
>> >> >> > the users IE settings. I tried this for one user with no luck,
>> >> >> > and
>> >> >> > have
>> >> >> > now
>> >> >> > set the proxy settings back to default "unchecked" inside IE. I'm
>> >> >> > sure
>> >> >> > it
>> >> >> > has
>> >> >> > something to do with the way the domain users get routed
>> >> >> > externally
>> >> >> > to
>> >> >> > the
>> >> >> > site(s) but i'm not sure where to start/look. Any other ideas???
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > "Anthony [MVP]" wrote:
>> >> >> >
>> >> >> >> Are you perhaps specifying a proxy server in the user's Internet
>> >> >> >> Explorer
>> >> >> >> settings?
>> >> >> >> Anthony,
>> >> >> >> http://www.airdesk.co.uk
>> >> >> >>
>> >> >> >>
>> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
>> >> >> >> wrote
>> >> >> >> in
>> >> >> >> message
>> >> >> >> news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
>> >> >> >> > We are currently running a single domain controller with
>> >> >> >> > exchange
>> >> >> >> > 2003
>> >> >> >> > and
>> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When
>> >> >> >> > PCs/laptops
>> >> >> >> > are
>> >> >> >> > here
>> >> >> >> > in the office they can access both OWA/Sharepoint without any
>> >> >> >> > trouble.
>> >> >> >> > When a
>> >> >> >> > domain PC is external to the local network (i.e. a site
>> >> >> >> > office)
>> >> >> >> > users
>> >> >> >> > CANNOT
>> >> >> >> > access OWA/Sharepoint sites through the std internet
>> >> >> >> > connection.
>> >> >> >> > However
>> >> >> >> > if i
>> >> >> >> > connect those same PCs/Users to the VPN they CAN access
>> >> >> >> > OWA/Sharepoint
>> >> >> >> > while
>> >> >> >> > they are connected, as soon as they disconnect from the VPN
>> >> >> >> > they
>> >> >> >> > lose
>> >> >> >> > the
>> >> >> >> > ability to browse to OWA/Sharepoint they just get the std
>> >> >> >> > "page
>> >> >> >> > cannot
>> >> >> >> > be
>> >> >> >> > found" error in IE. Now whats weird is if i either disjoin the
>> >> >> >> > pc
>> >> >> >> > from
>> >> >> >> > the
>> >> >> >> > domain AND/OR just login as the local admin i CAN browse to
>> >> >> >> > OWA/Sharepoint
>> >> >> >> > (also my personal PC at home which isnt a domain PC can always
>> >> >> >> > browse
>> >> >> >> > to
>> >> >> >> > our
>> >> >> >> > sharepoint/owa site).
>> >> >> >> >
>> >> >> >> > So basically if you are a domain user and are not in the
>> >> >> >> > office
>> >> >> >> > or
>> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it
>> >> >> >> > doesnt
>> >> >> >> > even
>> >> >> >> > come
>> >> >> >> > up
>> >> >> >> > and ask for credentials it just says "page cannot be found".
>> >> >> >> > If
>> >> >> >> > you
>> >> >> >> > are
>> >> >> >> > NOT a
>> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet
>> >> >> >> > without
>> >> >> >> > VPN
>> >> >> >> > connection.
>> >> >> >> >
>> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or
>> >> >> >> > else
>> >> >> >> > the
>> >> >> >> > non-domain users wouldnt be able to access the sites. This
>> >> >> >> > must
>> >> >> >> > be
>> >> >> >> > something
>> >> >> >> > to do with domain config. HELP!!!
>> >> >> >> >
>> >> >> >> > How can i fix this?
>> >> >> >> >
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

I tried digest but it doesnt perform any differently. I am out here right now
and it appears i can still login to owa/sharepoint while logged in as the
local admin, but if i login as the domain admin or any other domain user it
doesnt let me connect to owa/sharepoint. Changing to forms based auth also
didnt help, and since we are using phones with activesync i have to leave it
off anyways. We are starting work in this field office on Monday and i really
need to get these resolved, having everyone connect to the VPN for
owa/sharepoint wont be possible where we are because of the sat internet we
are using... any other thoughts????

Thanks in advance for the help.

"Anthony [MVP]" wrote:

> I agree, it sounds like the Integrated Authentication is breaking down. You
> can check in the IIS logs whether the request is received, and what response
> the server gives.
> You might try changing the OWA authentication, for example:
> http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
> Just for fun you could try Digest, which secures the logon without requiring
> an SSL certificate,
> Anthony,
> http://www.airdesk.co.uk
>
>
>
>
> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> message news:138BD2F7-316C-4607-9214-696790F241AB@microsoft.com...
> > Yes we are using host headers. owa.domain.net is just a forwarder to the
> > default exchange address of www.domain.net/exchange and jobs.domain.net is
> > an
> > actual virtual server with sharepoint extended to it.
> >
> > This is not SBS and were not using ISA nor SSL. We may implement SSL down
> > the road but for now i am just trying to get this to work for external
> > users....
> >
> > Also you meantioned the "default" site is working externally for domain
> > users and the sharepoint&owa sites are not. The default site is a public
> > site
> > tho, no auth required. Of course the sharepoint/owa sites require auth.
> > Could
> > this be some sort of NTLM/Kerberos issue with external domain profiles?
> > Like
> > the authentication for domain profiles isnt being carried thru to the
> > server?
> > Normally when we browse to owa/sharepoint on domain profiles internally it
> > doesnt ask for credentials, it just uses the locally logged in credentials
> > to
> > access the site. But when accessing from a non-domain profile it asks for
> > username and password... just thoughts....
> >
> > Anybody got any ideas?
> >
> > "Anthony [MVP]" wrote:
> >
> >> I don't have an easy answer for you. This is what I have understood so
> >> far:
> >> - DNS resolution seems OK
> >> - The IP address and the default site FQDN are being resolved OK in all
> >> cases
> >> - The sites that are reached through Host Headers are not resolved. I
> >> assume
> >> they are host headers because you have not mentioned different IP
> >> addresses
> >> and you mentioned the WAN IP address in the singular.
> >> - It seems the failure only happens for domain users on domain machines
> >> connecting over the Internet, and not for any other combination, and only
> >> for the host header sites not for the default site.
> >> - Is this SBS? Do you have ISA?
> >>
> >> It is not what you asked, but if I were providing access to OWA and
> >> SharePoint authenticated over the net I would be using https.
> >> Anthony,
> >> http://www.airdesk.co.uk
> >>
> >>
> >>
> >>
> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
> >> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...
> >> > It never works as the domain admin or any domain profile, it always
> >> > works
> >> > as
> >> > any non-domain profile (such as local admin).
> >> > When pinging i get the same results whether i'm logged in to a domain
> >> > profile or non domain, all the sites (i.e. jobs.domain.net &
> >> > owa.domain.net)
> >> > all resolve back to our WAN ip address.
> >> > When i try to connect to the IP address from either a domain profile or
> >> > non
> >> > domain i get our main public company webpage by default (www.domain.net
> >> > or
> >> > domain.net normally).
> >> > When i connect to the name (jobs.domain.net etc) from a domain profile
> >> > it
> >> > says page cannot be found. When i browse to the name from a nondomain
> >> > profile
> >> > it comes up and asks for credentials and lets me login to the site(s).
> >> >
> >> > "Anthony [MVP]" wrote:
> >> >
> >> >> When the client is outside the WAN, I think you said that it works as
> >> >> admin
> >> >> or as user when unjoined, but not as user when joined to the domain.
> >> >> What happens when you ping in those different circs? Also, what
> >> >> happens
> >> >> when
> >> >> in IE you connect to a) the name and b) the ip address?
> >> >> Anthony,
> >> >> http://www.airdesk.co.uk
> >> >>
> >> >>
> >> >>
> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
> >> >> in
> >> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
> >> >> > Well when i am NOT connected to the VPN all the sites (i.e
> >> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address
> >> >> > for
> >> >> > both
> >> >> > domain users and nondomain users. When connected to the VPN it
> >> >> > resolves
> >> >> > to
> >> >> > the local ip address of the server itself (ie. 10.1.1.1).
> >> >> >
> >> >> >
> >> >> > "Anthony [MVP]" wrote:
> >> >> >
> >> >> >> What happens when you ping the sites?
> >> >> >> Anthony,
> >> >> >> http://www.airdesk.co.uk
> >> >> >>
> >> >> >>
> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
> >> >> >> wrote
> >> >> >> in
> >> >> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
> >> >> >> > No we arent specifying any proxy server inside IE. I did see an
> >> >> >> > article
> >> >> >> > about
> >> >> >> > something close to this and it suggested running a command
> >> >> >> > locally
> >> >> >> > on
> >> >> >> > ther
> >> >> >> > server if you DONT run a proxy, and then also specifying a fake
> >> >> >> > proxy
> >> >> >> > inside
> >> >> >> > the users IE settings. I tried this for one user with no luck,
> >> >> >> > and
> >> >> >> > have
> >> >> >> > now
> >> >> >> > set the proxy settings back to default "unchecked" inside IE. I'm
> >> >> >> > sure
> >> >> >> > it
> >> >> >> > has
> >> >> >> > something to do with the way the domain users get routed
> >> >> >> > externally
> >> >> >> > to
> >> >> >> > the
> >> >> >> > site(s) but i'm not sure where to start/look. Any other ideas???
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > "Anthony [MVP]" wrote:
> >> >> >> >
> >> >> >> >> Are you perhaps specifying a proxy server in the user's Internet
> >> >> >> >> Explorer
> >> >> >> >> settings?
> >> >> >> >> Anthony,
> >> >> >> >> http://www.airdesk.co.uk
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
> >> >> >> >> wrote
> >> >> >> >> in
> >> >> >> >> message
> >> >> >> >> news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
> >> >> >> >> > We are currently running a single domain controller with
> >> >> >> >> > exchange
> >> >> >> >> > 2003
> >> >> >> >> > and
> >> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When
> >> >> >> >> > PCs/laptops
> >> >> >> >> > are
> >> >> >> >> > here
> >> >> >> >> > in the office they can access both OWA/Sharepoint without any
> >> >> >> >> > trouble.
> >> >> >> >> > When a
> >> >> >> >> > domain PC is external to the local network (i.e. a site
> >> >> >> >> > office)
> >> >> >> >> > users
> >> >> >> >> > CANNOT
> >> >> >> >> > access OWA/Sharepoint sites through the std internet
> >> >> >> >> > connection.
> >> >> >> >> > However
> >> >> >> >> > if i
> >> >> >> >> > connect those same PCs/Users to the VPN they CAN access
> >> >> >> >> > OWA/Sharepoint
> >> >> >> >> > while
> >> >> >> >> > they are connected, as soon as they disconnect from the VPN
> >> >> >> >> > they
> >> >> >> >> > lose
> >> >> >> >> > the
> >> >> >> >> > ability to browse to OWA/Sharepoint they just get the std
> >> >> >> >> > "page
> >> >> >> >> > cannot
> >> >> >> >> > be
> >> >> >> >> > found" error in IE. Now whats weird is if i either disjoin the
> >> >> >> >> > pc
> >> >> >> >> > from
> >> >> >> >> > the
> >> >> >> >> > domain AND/OR just login as the local admin i CAN browse to
> >> >> >> >> > OWA/Sharepoint
> >> >> >> >> > (also my personal PC at home which isnt a domain PC can always
> >> >> >> >> > browse
> >> >> >> >> > to
> >> >> >> >> > our
> >> >> >> >> > sharepoint/owa site).
> >> >> >> >> >
> >> >> >> >> > So basically if you are a domain user and are not in the
> >> >> >> >> > office
> >> >> >> >> > or
> >> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it
> >> >> >> >> > doesnt
> >> >> >> >> > even
> >> >> >> >> > come
> >> >> >> >> > up
> >> >> >> >> > and ask for credentials it just says "page cannot be found".
> >> >> >> >> > If
> >> >> >> >> > you
> >> >> >> >> > are
> >> >> >> >> > NOT a
> >> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet
> >> >> >> >> > without
> >> >> >> >> > VPN
> >> >> >> >> > connection.
> >> >> >> >> >
> >> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or
> >> >> >> >> > else
> >> >> >> >> > the
> >> >> >> >> > non-domain users wouldnt be able to access the sites. This
> >> >> >> >> > must
> >> >> >> >> > be
> >> >> >> >> > something
> >> >> >> >> > to do with domain config. HELP!!!
> >> >> >> >> >
> >> >> >> >> > How can i fix this?
> >> >> >> >> >
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
 
Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Did you look in the logs?
"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
message news:2D60AF88-5CA1-42D2-A262-4E322C2D3677@microsoft.com...
>I tried digest but it doesnt perform any differently. I am out here right
>now
> and it appears i can still login to owa/sharepoint while logged in as the
> local admin, but if i login as the domain admin or any other domain user
> it
> doesnt let me connect to owa/sharepoint. Changing to forms based auth also
> didnt help, and since we are using phones with activesync i have to leave
> it
> off anyways. We are starting work in this field office on Monday and i
> really
> need to get these resolved, having everyone connect to the VPN for
> owa/sharepoint wont be possible where we are because of the sat internet
> we
> are using... any other thoughts????
>
> Thanks in advance for the help.
>
> "Anthony [MVP]" wrote:
>
>> I agree, it sounds like the Integrated Authentication is breaking down.
>> You
>> can check in the IIS logs whether the request is received, and what
>> response
>> the server gives.
>> You might try changing the OWA authentication, for example:
>> http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
>> Just for fun you could try Digest, which secures the logon without
>> requiring
>> an SSL certificate,
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in
>> message news:138BD2F7-316C-4607-9214-696790F241AB@microsoft.com...
>> > Yes we are using host headers. owa.domain.net is just a forwarder to
>> > the
>> > default exchange address of www.domain.net/exchange and jobs.domain.net
>> > is
>> > an
>> > actual virtual server with sharepoint extended to it.
>> >
>> > This is not SBS and were not using ISA nor SSL. We may implement SSL
>> > down
>> > the road but for now i am just trying to get this to work for external
>> > users....
>> >
>> > Also you meantioned the "default" site is working externally for domain
>> > users and the sharepoint&owa sites are not. The default site is a
>> > public
>> > site
>> > tho, no auth required. Of course the sharepoint/owa sites require auth.
>> > Could
>> > this be some sort of NTLM/Kerberos issue with external domain profiles?
>> > Like
>> > the authentication for domain profiles isnt being carried thru to the
>> > server?
>> > Normally when we browse to owa/sharepoint on domain profiles internally
>> > it
>> > doesnt ask for credentials, it just uses the locally logged in
>> > credentials
>> > to
>> > access the site. But when accessing from a non-domain profile it asks
>> > for
>> > username and password... just thoughts....
>> >
>> > Anybody got any ideas?
>> >
>> > "Anthony [MVP]" wrote:
>> >
>> >> I don't have an easy answer for you. This is what I have understood so
>> >> far:
>> >> - DNS resolution seems OK
>> >> - The IP address and the default site FQDN are being resolved OK in
>> >> all
>> >> cases
>> >> - The sites that are reached through Host Headers are not resolved. I
>> >> assume
>> >> they are host headers because you have not mentioned different IP
>> >> addresses
>> >> and you mentioned the WAN IP address in the singular.
>> >> - It seems the failure only happens for domain users on domain
>> >> machines
>> >> connecting over the Internet, and not for any other combination, and
>> >> only
>> >> for the host header sites not for the default site.
>> >> - Is this SBS? Do you have ISA?
>> >>
>> >> It is not what you asked, but if I were providing access to OWA and
>> >> SharePoint authenticated over the net I would be using https.
>> >> Anthony,
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >>
>> >>
>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote
>> >> in
>> >> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...
>> >> > It never works as the domain admin or any domain profile, it always
>> >> > works
>> >> > as
>> >> > any non-domain profile (such as local admin).
>> >> > When pinging i get the same results whether i'm logged in to a
>> >> > domain
>> >> > profile or non domain, all the sites (i.e. jobs.domain.net &
>> >> > owa.domain.net)
>> >> > all resolve back to our WAN ip address.
>> >> > When i try to connect to the IP address from either a domain profile
>> >> > or
>> >> > non
>> >> > domain i get our main public company webpage by default
>> >> > (www.domain.net
>> >> > or
>> >> > domain.net normally).
>> >> > When i connect to the name (jobs.domain.net etc) from a domain
>> >> > profile
>> >> > it
>> >> > says page cannot be found. When i browse to the name from a
>> >> > nondomain
>> >> > profile
>> >> > it comes up and asks for credentials and lets me login to the
>> >> > site(s).
>> >> >
>> >> > "Anthony [MVP]" wrote:
>> >> >
>> >> >> When the client is outside the WAN, I think you said that it works
>> >> >> as
>> >> >> admin
>> >> >> or as user when unjoined, but not as user when joined to the
>> >> >> domain.
>> >> >> What happens when you ping in those different circs? Also, what
>> >> >> happens
>> >> >> when
>> >> >> in IE you connect to a) the name and b) the ip address?
>> >> >> Anthony,
>> >> >> http://www.airdesk.co.uk
>> >> >>
>> >> >>
>> >> >>
>> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
>> >> >> wrote
>> >> >> in
>> >> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...
>> >> >> > Well when i am NOT connected to the VPN all the sites (i.e
>> >> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip
>> >> >> > address
>> >> >> > for
>> >> >> > both
>> >> >> > domain users and nondomain users. When connected to the VPN it
>> >> >> > resolves
>> >> >> > to
>> >> >> > the local ip address of the server itself (ie. 10.1.1.1).
>> >> >> >
>> >> >> >
>> >> >> > "Anthony [MVP]" wrote:
>> >> >> >
>> >> >> >> What happens when you ping the sites?
>> >> >> >> Anthony,
>> >> >> >> http://www.airdesk.co.uk
>> >> >> >>
>> >> >> >>
>> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>
>> >> >> >> wrote
>> >> >> >> in
>> >> >> >> message
>> >> >> >> news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...
>> >> >> >> > No we arent specifying any proxy server inside IE. I did see
>> >> >> >> > an
>> >> >> >> > article
>> >> >> >> > about
>> >> >> >> > something close to this and it suggested running a command
>> >> >> >> > locally
>> >> >> >> > on
>> >> >> >> > ther
>> >> >> >> > server if you DONT run a proxy, and then also specifying a
>> >> >> >> > fake
>> >> >> >> > proxy
>> >> >> >> > inside
>> >> >> >> > the users IE settings. I tried this for one user with no luck,
>> >> >> >> > and
>> >> >> >> > have
>> >> >> >> > now
>> >> >> >> > set the proxy settings back to default "unchecked" inside IE.
>> >> >> >> > I'm
>> >> >> >> > sure
>> >> >> >> > it
>> >> >> >> > has
>> >> >> >> > something to do with the way the domain users get routed
>> >> >> >> > externally
>> >> >> >> > to
>> >> >> >> > the
>> >> >> >> > site(s) but i'm not sure where to start/look. Any other
>> >> >> >> > ideas???
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > "Anthony [MVP]" wrote:
>> >> >> >> >
>> >> >> >> >> Are you perhaps specifying a proxy server in the user's
>> >> >> >> >> Internet
>> >> >> >> >> Explorer
>> >> >> >> >> settings?
>> >> >> >> >> Anthony,
>> >> >> >> >> http://www.airdesk.co.uk
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> "techtedg@kc.rr.com"
>> >> >> >> >> <techtedgkcrrcom@discussions.microsoft.com>
>> >> >> >> >> wrote
>> >> >> >> >> in
>> >> >> >> >> message
>> >> >> >> >> news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...
>> >> >> >> >> > We are currently running a single domain controller with
>> >> >> >> >> > exchange
>> >> >> >> >> > 2003
>> >> >> >> >> > and
>> >> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When
>> >> >> >> >> > PCs/laptops
>> >> >> >> >> > are
>> >> >> >> >> > here
>> >> >> >> >> > in the office they can access both OWA/Sharepoint without
>> >> >> >> >> > any
>> >> >> >> >> > trouble.
>> >> >> >> >> > When a
>> >> >> >> >> > domain PC is external to the local network (i.e. a site
>> >> >> >> >> > office)
>> >> >> >> >> > users
>> >> >> >> >> > CANNOT
>> >> >> >> >> > access OWA/Sharepoint sites through the std internet
>> >> >> >> >> > connection.
>> >> >> >> >> > However
>> >> >> >> >> > if i
>> >> >> >> >> > connect those same PCs/Users to the VPN they CAN access
>> >> >> >> >> > OWA/Sharepoint
>> >> >> >> >> > while
>> >> >> >> >> > they are connected, as soon as they disconnect from the VPN
>> >> >> >> >> > they
>> >> >> >> >> > lose
>> >> >> >> >> > the
>> >> >> >> >> > ability to browse to OWA/Sharepoint they just get the std
>> >> >> >> >> > "page
>> >> >> >> >> > cannot
>> >> >> >> >> > be
>> >> >> >> >> > found" error in IE. Now whats weird is if i either disjoin
>> >> >> >> >> > the
>> >> >> >> >> > pc
>> >> >> >> >> > from
>> >> >> >> >> > the
>> >> >> >> >> > domain AND/OR just login as the local admin i CAN browse to
>> >> >> >> >> > OWA/Sharepoint
>> >> >> >> >> > (also my personal PC at home which isnt a domain PC can
>> >> >> >> >> > always
>> >> >> >> >> > browse
>> >> >> >> >> > to
>> >> >> >> >> > our
>> >> >> >> >> > sharepoint/owa site).
>> >> >> >> >> >
>> >> >> >> >> > So basically if you are a domain user and are not in the
>> >> >> >> >> > office
>> >> >> >> >> > or
>> >> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it
>> >> >> >> >> > doesnt
>> >> >> >> >> > even
>> >> >> >> >> > come
>> >> >> >> >> > up
>> >> >> >> >> > and ask for credentials it just says "page cannot be
>> >> >> >> >> > found".
>> >> >> >> >> > If
>> >> >> >> >> > you
>> >> >> >> >> > are
>> >> >> >> >> > NOT a
>> >> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet
>> >> >> >> >> > without
>> >> >> >> >> > VPN
>> >> >> >> >> > connection.
>> >> >> >> >> >
>> >> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or
>> >> >> >> >> > else
>> >> >> >> >> > the
>> >> >> >> >> > non-domain users wouldnt be able to access the sites. This
>> >> >> >> >> > must
>> >> >> >> >> > be
>> >> >> >> >> > something
>> >> >> >> >> > to do with domain config. HELP!!!
>> >> >> >> >> >
>> >> >> >> >> > How can i fix this?
>> >> >> >> >> >
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
 
Back
Top