External Domain PCs wont browse to OWA nor Sharepoint sites

"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

> We are currently running a single domain controller with exchange 2003 and

> sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are

> here

> in the office they can access both OWA/Sharepoint without any trouble.

> When a

> domain PC is external to the local network (i.e. a site office) users

> CANNOT

> access OWA/Sharepoint sites through the std internet connection. However

> if i

> connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint

> while

> they are connected, as soon as they disconnect from the VPN they lose the

> ability to browse to OWA/Sharepoint they just get the std "page cannot be

> found" error in IE. Now whats weird is if i either disjoin the pc from the

> domain AND/OR just login as the local admin i CAN browse to OWA/Sharepoint

> (also my personal PC at home which isnt a domain PC can always browse to

> our

> sharepoint/owa site).

>

> So basically if you are a domain user and are not in the office or

> connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even come

> up

> and ask for credentials it just says "page cannot be found". If you are

> NOT a

> domain user you CAN access OWA/Sharepoint thru the internet without VPN

> connection.

>

> I'm pretty sure the router, external DNS, etc is correct or else the

> non-domain users wouldnt be able to access the sites. This must be

> something

> to do with domain config. HELP!!!

>

> How can i fix this?

>

May 21, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

No we arent specifying any proxy server inside IE. I did see an article about

something close to this and it suggested running a command locally on ther

server if you DONT run a proxy, and then also specifying a fake proxy inside

the users IE settings. I tried this for one user with no luck, and have now

set the proxy settings back to default "unchecked" inside IE. I'm sure it has

something to do with the way the domain users get routed externally to the

site(s) but i'm not sure where to start/look. Any other ideas???

"Anthony [MVP]" wrote:

> Are you perhaps specifying a proxy server in the user's Internet Explorer

> settings?

> Anthony,

>

> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

> > We are currently running a single domain controller with exchange 2003 and

> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are

> > here

> > in the office they can access both OWA/Sharepoint without any trouble.

> > When a

> > domain PC is external to the local network (i.e. a site office) users

> > CANNOT

> > access OWA/Sharepoint sites through the std internet connection. However

> > if i

> > connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint

> > while

> > they are connected, as soon as they disconnect from the VPN they lose the

> > ability to browse to OWA/Sharepoint they just get the std "page cannot be

> > found" error in IE. Now whats weird is if i either disjoin the pc from the

> > domain AND/OR just login as the local admin i CAN browse to OWA/Sharepoint

> > (also my personal PC at home which isnt a domain PC can always browse to

> > our

> > sharepoint/owa site).

> >

> > So basically if you are a domain user and are not in the office or

> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even come

> > up

> > and ask for credentials it just says "page cannot be found". If you are

> > NOT a

> > domain user you CAN access OWA/Sharepoint thru the internet without VPN

> > connection.

> >

> > I'm pretty sure the router, external DNS, etc is correct or else the

> > non-domain users wouldnt be able to access the sites. This must be

> > something

> > to do with domain config. HELP!!!

> >

> > How can i fix this?

> >

>

May 21, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

What happens when you ping the sites?

Anthony,

"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

> No we arent specifying any proxy server inside IE. I did see an article

> about

> something close to this and it suggested running a command locally on ther

> server if you DONT run a proxy, and then also specifying a fake proxy

> inside

> the users IE settings. I tried this for one user with no luck, and have

> now

> set the proxy settings back to default "unchecked" inside IE. I'm sure it

> has

> something to do with the way the domain users get routed externally to the

> site(s) but i'm not sure where to start/look. Any other ideas???

>

> "Anthony [MVP]" wrote:

>

>> Are you perhaps specifying a proxy server in the user's Internet Explorer

>> settings?

>> Anthony,

>>

>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

>> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

>> > We are currently running a single domain controller with exchange 2003

>> > and

>> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are

>> > here

>> > in the office they can access both OWA/Sharepoint without any trouble.

>> > When a

>> > domain PC is external to the local network (i.e. a site office) users

>> > CANNOT

>> > access OWA/Sharepoint sites through the std internet connection.

>> > However

>> > if i

>> > connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint

>> > while

>> > they are connected, as soon as they disconnect from the VPN they lose

>> > the

>> > ability to browse to OWA/Sharepoint they just get the std "page cannot

>> > be

>> > found" error in IE. Now whats weird is if i either disjoin the pc from

>> > the

>> > domain AND/OR just login as the local admin i CAN browse to

>> > OWA/Sharepoint

>> > (also my personal PC at home which isnt a domain PC can always browse

>> > to

>> > our

>> > sharepoint/owa site).

>> >

>> > So basically if you are a domain user and are not in the office or

>> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even

>> > come

>> > up

>> > and ask for credentials it just says "page cannot be found". If you are

>> > NOT a

>> > domain user you CAN access OWA/Sharepoint thru the internet without VPN

>> > connection.

>> >

>> > I'm pretty sure the router, external DNS, etc is correct or else the

>> > non-domain users wouldnt be able to access the sites. This must be

>> > something

>> > to do with domain config. HELP!!!

>> >

>> > How can i fix this?

>> >

>>

May 21, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Well when i am NOT connected to the VPN all the sites (i.e

jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for both

domain users and nondomain users. When connected to the VPN it resolves to

the local ip address of the server itself (ie. 10.1.1.1).

"Anthony [MVP]" wrote:

> What happens when you ping the sites?

> Anthony,

>

> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

> > No we arent specifying any proxy server inside IE. I did see an article

> > about

> > something close to this and it suggested running a command locally on ther

> > server if you DONT run a proxy, and then also specifying a fake proxy

> > inside

> > the users IE settings. I tried this for one user with no luck, and have

> > now

> > set the proxy settings back to default "unchecked" inside IE. I'm sure it

> > has

> > something to do with the way the domain users get routed externally to the

> > site(s) but i'm not sure where to start/look. Any other ideas???

> >

> > "Anthony [MVP]" wrote:

> >

> >> Are you perhaps specifying a proxy server in the user's Internet Explorer

> >> settings?

> >> Anthony,

> >>

> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

> >> > We are currently running a single domain controller with exchange 2003

> >> > and

> >> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops are

> >> > here

> >> > in the office they can access both OWA/Sharepoint without any trouble.

> >> > When a

> >> > domain PC is external to the local network (i.e. a site office) users

> >> > CANNOT

> >> > access OWA/Sharepoint sites through the std internet connection.

> >> > However

> >> > if i

> >> > connect those same PCs/Users to the VPN they CAN access OWA/Sharepoint

> >> > while

> >> > they are connected, as soon as they disconnect from the VPN they lose

> >> > the

> >> > ability to browse to OWA/Sharepoint they just get the std "page cannot

> >> > be

> >> > found" error in IE. Now whats weird is if i either disjoin the pc from

> >> > the

> >> > domain AND/OR just login as the local admin i CAN browse to

> >> > OWA/Sharepoint

> >> > (also my personal PC at home which isnt a domain PC can always browse

> >> > to

> >> > our

> >> > sharepoint/owa site).

> >> >

> >> > So basically if you are a domain user and are not in the office or

> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt even

> >> > come

> >> > up

> >> > and ask for credentials it just says "page cannot be found". If you are

> >> > NOT a

> >> > domain user you CAN access OWA/Sharepoint thru the internet without VPN

> >> > connection.

> >> >

> >> > I'm pretty sure the router, external DNS, etc is correct or else the

> >> > non-domain users wouldnt be able to access the sites. This must be

> >> > something

> >> > to do with domain config. HELP!!!

> >> >

> >> > How can i fix this?

> >> >

> >>

>

May 21, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

When the client is outside the WAN, I think you said that it works as admin

or as user when unjoined, but not as user when joined to the domain.

What happens when you ping in those different circs? Also, what happens when

in IE you connect to a) the name and b) the ip address?

Anthony,

"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...

> Well when i am NOT connected to the VPN all the sites (i.e

> jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for

> both

> domain users and nondomain users. When connected to the VPN it resolves to

> the local ip address of the server itself (ie. 10.1.1.1).

>

> "Anthony [MVP]" wrote:

>

>> What happens when you ping the sites?

>> Anthony,

>>

>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

>> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

>> > No we arent specifying any proxy server inside IE. I did see an article

>> > about

>> > something close to this and it suggested running a command locally on

>> > ther

>> > server if you DONT run a proxy, and then also specifying a fake proxy

>> > inside

>> > the users IE settings. I tried this for one user with no luck, and have

>> > now

>> > set the proxy settings back to default "unchecked" inside IE. I'm sure

>> > it

>> > has

>> > something to do with the way the domain users get routed externally to

>> > the

>> > site(s) but i'm not sure where to start/look. Any other ideas???

>> >

>> > "Anthony [MVP]" wrote:

>> >

>> >> Are you perhaps specifying a proxy server in the user's Internet

>> >> Explorer

>> >> settings?

>> >> Anthony,

>> >>

>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote

>> >> in

>> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

>> >> > We are currently running a single domain controller with exchange

>> >> > 2003

>> >> > and

>> >> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops

>> >> > are

>> >> > here

>> >> > in the office they can access both OWA/Sharepoint without any

>> >> > trouble.

>> >> > When a

>> >> > domain PC is external to the local network (i.e. a site office)

>> >> > users

>> >> > CANNOT

>> >> > access OWA/Sharepoint sites through the std internet connection.

>> >> > However

>> >> > if i

>> >> > connect those same PCs/Users to the VPN they CAN access

>> >> > OWA/Sharepoint

>> >> > while

>> >> > they are connected, as soon as they disconnect from the VPN they

>> >> > lose

>> >> > the

>> >> > ability to browse to OWA/Sharepoint they just get the std "page

>> >> > cannot

>> >> > be

>> >> > found" error in IE. Now whats weird is if i either disjoin the pc

>> >> > from

>> >> > the

>> >> > domain AND/OR just login as the local admin i CAN browse to

>> >> > OWA/Sharepoint

>> >> > (also my personal PC at home which isnt a domain PC can always

>> >> > browse

>> >> > to

>> >> > our

>> >> > sharepoint/owa site).

>> >> >

>> >> > So basically if you are a domain user and are not in the office or

>> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt

>> >> > even

>> >> > come

>> >> > up

>> >> > and ask for credentials it just says "page cannot be found". If you

>> >> > are

>> >> > NOT a

>> >> > domain user you CAN access OWA/Sharepoint thru the internet without

>> >> > VPN

>> >> > connection.

>> >> >

>> >> > I'm pretty sure the router, external DNS, etc is correct or else the

>> >> > non-domain users wouldnt be able to access the sites. This must be

>> >> > something

>> >> > to do with domain config. HELP!!!

>> >> >

>> >> > How can i fix this?

>> >> >

>> >>

>>

May 23, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

It never works as the domain admin or any domain profile, it always works as

any non-domain profile (such as local admin).

When pinging i get the same results whether i'm logged in to a domain

profile or non domain, all the sites (i.e. jobs.domain.net & owa.domain.net)

all resolve back to our WAN ip address.

When i try to connect to the IP address from either a domain profile or non

domain i get our main public company webpage by default (http://www.domain.net or

domain.net normally).

When i connect to the name (jobs.domain.net etc) from a domain profile it

says page cannot be found. When i browse to the name from a nondomain profile

it comes up and asks for credentials and lets me login to the site(s).

"Anthony [MVP]" wrote:

> When the client is outside the WAN, I think you said that it works as admin

> or as user when unjoined, but not as user when joined to the domain.

> What happens when you ping in those different circs? Also, what happens when

> in IE you connect to a) the name and b) the ip address?

> Anthony,

>

> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...

> > Well when i am NOT connected to the VPN all the sites (i.e

> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for

> > both

> > domain users and nondomain users. When connected to the VPN it resolves to

> > the local ip address of the server itself (ie. 10.1.1.1).

> >

> > "Anthony [MVP]" wrote:

> >

> >> What happens when you ping the sites?

> >> Anthony,

> >>

> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

> >> > No we arent specifying any proxy server inside IE. I did see an article

> >> > about

> >> > something close to this and it suggested running a command locally on

> >> > ther

> >> > server if you DONT run a proxy, and then also specifying a fake proxy

> >> > inside

> >> > the users IE settings. I tried this for one user with no luck, and have

> >> > now

> >> > set the proxy settings back to default "unchecked" inside IE. I'm sure

> >> > it

> >> > has

> >> > something to do with the way the domain users get routed externally to

> >> > the

> >> > site(s) but i'm not sure where to start/look. Any other ideas???

> >> >

> >> > "Anthony [MVP]" wrote:

> >> >

> >> >> Are you perhaps specifying a proxy server in the user's Internet

> >> >> Explorer

> >> >> settings?

> >> >> Anthony,

> >> >> http://www.airdesk.co.uk

> >> >>

> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote

> >> >> in

> >> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

> >> >> > We are currently running a single domain controller with exchange

> >> >> > 2003

> >> >> > and

> >> >> > sharepoint v2 both installed. We have a VPN setup. When PCs/laptops

> >> >> > are

> >> >> > here

> >> >> > in the office they can access both OWA/Sharepoint without any

> >> >> > trouble.

> >> >> > When a

> >> >> > domain PC is external to the local network (i.e. a site office)

> >> >> > users

> >> >> > CANNOT

> >> >> > access OWA/Sharepoint sites through the std internet connection.

> >> >> > However

> >> >> > if i

> >> >> > connect those same PCs/Users to the VPN they CAN access

> >> >> > OWA/Sharepoint

> >> >> > while

> >> >> > they are connected, as soon as they disconnect from the VPN they

> >> >> > lose

> >> >> > the

> >> >> > ability to browse to OWA/Sharepoint they just get the std "page

> >> >> > cannot

> >> >> > be

> >> >> > found" error in IE. Now whats weird is if i either disjoin the pc

> >> >> > from

> >> >> > the

> >> >> > domain AND/OR just login as the local admin i CAN browse to

> >> >> > OWA/Sharepoint

> >> >> > (also my personal PC at home which isnt a domain PC can always

> >> >> > browse

> >> >> > to

> >> >> > our

> >> >> > sharepoint/owa site).

> >> >> >

> >> >> > So basically if you are a domain user and are not in the office or

> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt

> >> >> > even

> >> >> > come

> >> >> > up

> >> >> > and ask for credentials it just says "page cannot be found". If you

> >> >> > are

> >> >> > NOT a

> >> >> > domain user you CAN access OWA/Sharepoint thru the internet without

> >> >> > VPN

> >> >> > connection.

> >> >> >

> >> >> > I'm pretty sure the router, external DNS, etc is correct or else the

> >> >> > non-domain users wouldnt be able to access the sites. This must be

> >> >> > something

> >> >> > to do with domain config. HELP!!!

> >> >> >

> >> >> > How can i fix this?

> >> >> >

> >> >>

> >>

>

May 23, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

I don't have an easy answer for you. This is what I have understood so far:

- DNS resolution seems OK

- The IP address and the default site FQDN are being resolved OK in all

cases

- The sites that are reached through Host Headers are not resolved. I assume

they are host headers because you have not mentioned different IP addresses

and you mentioned the WAN IP address in the singular.

- It seems the failure only happens for domain users on domain machines

connecting over the Internet, and not for any other combination, and only

for the host header sites not for the default site.

- Is this SBS? Do you have ISA?

It is not what you asked, but if I were providing access to OWA and

SharePoint authenticated over the net I would be using https.

Anthony,

"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...

> It never works as the domain admin or any domain profile, it always works

> as

> any non-domain profile (such as local admin).

> When pinging i get the same results whether i'm logged in to a domain

> profile or non domain, all the sites (i.e. jobs.domain.net &

> owa.domain.net)

> all resolve back to our WAN ip address.

> When i try to connect to the IP address from either a domain profile or

> non

> domain i get our main public company webpage by default (http://www.domain.net or

> domain.net normally).

> When i connect to the name (jobs.domain.net etc) from a domain profile it

> says page cannot be found. When i browse to the name from a nondomain

> profile

> it comes up and asks for credentials and lets me login to the site(s).

>

> "Anthony [MVP]" wrote:

>

>> When the client is outside the WAN, I think you said that it works as

>> admin

>> or as user when unjoined, but not as user when joined to the domain.

>> What happens when you ping in those different circs? Also, what happens

>> when

>> in IE you connect to a) the name and b) the ip address?

>> Anthony,

>>

>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

>> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...

>> > Well when i am NOT connected to the VPN all the sites (i.e

>> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for

>> > both

>> > domain users and nondomain users. When connected to the VPN it resolves

>> > to

>> > the local ip address of the server itself (ie. 10.1.1.1).

>> >

>> > "Anthony [MVP]" wrote:

>> >

>> >> What happens when you ping the sites?

>> >> Anthony,

>> >>

>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote

>> >> in

>> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

>> >> > No we arent specifying any proxy server inside IE. I did see an

>> >> > article

>> >> > about

>> >> > something close to this and it suggested running a command locally

>> >> > on

>> >> > ther

>> >> > server if you DONT run a proxy, and then also specifying a fake

>> >> > proxy

>> >> > inside

>> >> > the users IE settings. I tried this for one user with no luck, and

>> >> > have

>> >> > now

>> >> > set the proxy settings back to default "unchecked" inside IE. I'm

>> >> > sure

>> >> > it

>> >> > has

>> >> > something to do with the way the domain users get routed externally

>> >> > to

>> >> > the

>> >> > site(s) but i'm not sure where to start/look. Any other ideas???

>> >> >

>> >> > "Anthony [MVP]" wrote:

>> >> >

>> >> >> Are you perhaps specifying a proxy server in the user's Internet

>> >> >> Explorer

>> >> >> settings?

>> >> >> Anthony,

>> >> >> http://www.airdesk.co.uk

>> >> >>

>> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>

>> >> >> wrote

>> >> >> in

>> >> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

>> >> >> > We are currently running a single domain controller with exchange

>> >> >> > 2003

>> >> >> > and

>> >> >> > sharepoint v2 both installed. We have a VPN setup. When

>> >> >> > PCs/laptops

>> >> >> > are

>> >> >> > here

>> >> >> > in the office they can access both OWA/Sharepoint without any

>> >> >> > trouble.

>> >> >> > When a

>> >> >> > domain PC is external to the local network (i.e. a site office)

>> >> >> > users

>> >> >> > CANNOT

>> >> >> > access OWA/Sharepoint sites through the std internet connection.

>> >> >> > However

>> >> >> > if i

>> >> >> > connect those same PCs/Users to the VPN they CAN access

>> >> >> > OWA/Sharepoint

>> >> >> > while

>> >> >> > they are connected, as soon as they disconnect from the VPN they

>> >> >> > lose

>> >> >> > the

>> >> >> > ability to browse to OWA/Sharepoint they just get the std "page

>> >> >> > cannot

>> >> >> > be

>> >> >> > found" error in IE. Now whats weird is if i either disjoin the pc

>> >> >> > from

>> >> >> > the

>> >> >> > domain AND/OR just login as the local admin i CAN browse to

>> >> >> > OWA/Sharepoint

>> >> >> > (also my personal PC at home which isnt a domain PC can always

>> >> >> > browse

>> >> >> > to

>> >> >> > our

>> >> >> > sharepoint/owa site).

>> >> >> >

>> >> >> > So basically if you are a domain user and are not in the office

>> >> >> > or

>> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt

>> >> >> > even

>> >> >> > come

>> >> >> > up

>> >> >> > and ask for credentials it just says "page cannot be found". If

>> >> >> > you

>> >> >> > are

>> >> >> > NOT a

>> >> >> > domain user you CAN access OWA/Sharepoint thru the internet

>> >> >> > without

>> >> >> > VPN

>> >> >> > connection.

>> >> >> >

>> >> >> > I'm pretty sure the router, external DNS, etc is correct or else

>> >> >> > the

>> >> >> > non-domain users wouldnt be able to access the sites. This must

>> >> >> > be

>> >> >> > something

>> >> >> > to do with domain config. HELP!!!

>> >> >> >

>> >> >> > How can i fix this?

>> >> >> >

>> >> >>

>> >>

>>

May 23, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Yes we are using host headers. owa.domain.net is just a forwarder to the

default exchange address of http://www.domain.net/exchange and jobs.domain.net is an

actual virtual server with sharepoint extended to it.

This is not SBS and were not using ISA nor SSL. We may implement SSL down

the road but for now i am just trying to get this to work for external

users....

Also you meantioned the "default" site is working externally for domain

users and the sharepoint&owa sites are not. The default site is a public site

tho, no auth required. Of course the sharepoint/owa sites require auth. Could

this be some sort of NTLM/Kerberos issue with external domain profiles? Like

the authentication for domain profiles isnt being carried thru to the server?

Normally when we browse to owa/sharepoint on domain profiles internally it

doesnt ask for credentials, it just uses the locally logged in credentials to

access the site. But when accessing from a non-domain profile it asks for

username and password... just thoughts....

Anybody got any ideas?

"Anthony [MVP]" wrote:

> I don't have an easy answer for you. This is what I have understood so far:

> - DNS resolution seems OK

> - The IP address and the default site FQDN are being resolved OK in all

> cases

> - The sites that are reached through Host Headers are not resolved. I assume

> they are host headers because you have not mentioned different IP addresses

> and you mentioned the WAN IP address in the singular.

> - It seems the failure only happens for domain users on domain machines

> connecting over the Internet, and not for any other combination, and only

> for the host header sites not for the default site.

> - Is this SBS? Do you have ISA?

>

> It is not what you asked, but if I were providing access to OWA and

> SharePoint authenticated over the net I would be using https.

> Anthony,

>

> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...

> > It never works as the domain admin or any domain profile, it always works

> > as

> > any non-domain profile (such as local admin).

> > When pinging i get the same results whether i'm logged in to a domain

> > profile or non domain, all the sites (i.e. jobs.domain.net &

> > owa.domain.net)

> > all resolve back to our WAN ip address.

> > When i try to connect to the IP address from either a domain profile or

> > non

> > domain i get our main public company webpage by default (http://www.domain.net or

> > domain.net normally).

> > When i connect to the name (jobs.domain.net etc) from a domain profile it

> > says page cannot be found. When i browse to the name from a nondomain

> > profile

> > it comes up and asks for credentials and lets me login to the site(s).

> >

> > "Anthony [MVP]" wrote:

> >

> >> When the client is outside the WAN, I think you said that it works as

> >> admin

> >> or as user when unjoined, but not as user when joined to the domain.

> >> What happens when you ping in those different circs? Also, what happens

> >> when

> >> in IE you connect to a) the name and b) the ip address?

> >> Anthony,

http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

> >>

> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...

> >> > Well when i am NOT connected to the VPN all the sites (i.e

> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address for

> >> > both

> >> > domain users and nondomain users. When connected to the VPN it resolves

> >> > to

> >> > the local ip address of the server itself (ie. 10.1.1.1).

> >> >

> >> > "Anthony [MVP]" wrote:

> >> >

> >> >> What happens when you ping the sites?

> >> >> Anthony,

> >> >> http://www.airdesk.co.uk

> >> >>

> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote

> >> >> in

> >> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

> >> >> > No we arent specifying any proxy server inside IE. I did see an

> >> >> > article

> >> >> > about

> >> >> > something close to this and it suggested running a command locally

> >> >> > on

> >> >> > ther

> >> >> > server if you DONT run a proxy, and then also specifying a fake

> >> >> > proxy

> >> >> > inside

> >> >> > the users IE settings. I tried this for one user with no luck, and

> >> >> > have

> >> >> > now

> >> >> > set the proxy settings back to default "unchecked" inside IE. I'm

> >> >> > sure

> >> >> > it

> >> >> > has

> >> >> > something to do with the way the domain users get routed externally

> >> >> > to

> >> >> > the

> >> >> > site(s) but i'm not sure where to start/look. Any other ideas???

> >> >> >

> >> >> > "Anthony [MVP]" wrote:

> >> >> >

> >> >> >> Are you perhaps specifying a proxy server in the user's Internet

> >> >> >> Explorer

> >> >> >> settings?

> >> >> >> Anthony,

> >> >> >> http://www.airdesk.co.uk

> >> >> >>

> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>

> >> >> >> wrote

> >> >> >> in

> >> >> >> message news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

> >> >> >> > We are currently running a single domain controller with exchange

> >> >> >> > 2003

> >> >> >> > and

> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When

> >> >> >> > PCs/laptops

> >> >> >> > are

> >> >> >> > here

> >> >> >> > in the office they can access both OWA/Sharepoint without any

> >> >> >> > trouble.

> >> >> >> > When a

> >> >> >> > domain PC is external to the local network (i.e. a site office)

> >> >> >> > users

> >> >> >> > CANNOT

> >> >> >> > access OWA/Sharepoint sites through the std internet connection.

> >> >> >> > However

> >> >> >> > if i

> >> >> >> > connect those same PCs/Users to the VPN they CAN access

> >> >> >> > OWA/Sharepoint

> >> >> >> > while

> >> >> >> > they are connected, as soon as they disconnect from the VPN they

> >> >> >> > lose

> >> >> >> > the

> >> >> >> > ability to browse to OWA/Sharepoint they just get the std "page

> >> >> >> > cannot

> >> >> >> > be

> >> >> >> > found" error in IE. Now whats weird is if i either disjoin the pc

> >> >> >> > from

> >> >> >> > the

> >> >> >> > domain AND/OR just login as the local admin i CAN browse to

> >> >> >> > OWA/Sharepoint

> >> >> >> > (also my personal PC at home which isnt a domain PC can always

> >> >> >> > browse

> >> >> >> > to

> >> >> >> > our

> >> >> >> > sharepoint/owa site).

> >> >> >> >

> >> >> >> > So basically if you are a domain user and are not in the office

> >> >> >> > or

> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it doesnt

> >> >> >> > even

> >> >> >> > come

> >> >> >> > up

> >> >> >> > and ask for credentials it just says "page cannot be found". If

> >> >> >> > you

> >> >> >> > are

> >> >> >> > NOT a

> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet

> >> >> >> > without

> >> >> >> > VPN

> >> >> >> > connection.

> >> >> >> >

> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or else

> >> >> >> > the

> >> >> >> > non-domain users wouldnt be able to access the sites. This must

> >> >> >> > be

> >> >> >> > something

> >> >> >> > to do with domain config. HELP!!!

> >> >> >> >

> >> >> >> > How can i fix this?

> >> >> >> >

> >> >> >>

> >> >>

> >>

>

May 24, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

I agree, it sounds like the Integrated Authentication is breaking down. You

can check in the IIS logs whether the request is received, and what response

the server gives.

You might try changing the OWA authentication, for example:

Just for fun you could try Digest, which secures the logon without requiring

an SSL certificate,

Anthony,

"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

message news:138BD2F7-316C-4607-9214-696790F241AB@microsoft.com...

> Yes we are using host headers. owa.domain.net is just a forwarder to the

> default exchange address of http://www.domain.net/exchange and jobs.domain.net is

> an

> actual virtual server with sharepoint extended to it.

>

> This is not SBS and were not using ISA nor SSL. We may implement SSL down

> the road but for now i am just trying to get this to work for external

> users....

>

> Also you meantioned the "default" site is working externally for domain

> users and the sharepoint&owa sites are not. The default site is a public

> site

> tho, no auth required. Of course the sharepoint/owa sites require auth.

> Could

> this be some sort of NTLM/Kerberos issue with external domain profiles?

> Like

> the authentication for domain profiles isnt being carried thru to the

> server?

> Normally when we browse to owa/sharepoint on domain profiles internally it

> doesnt ask for credentials, it just uses the locally logged in credentials

> to

> access the site. But when accessing from a non-domain profile it asks for

> username and password... just thoughts....

>

> Anybody got any ideas?

>

> "Anthony [MVP]" wrote:

>

>> I don't have an easy answer for you. This is what I have understood so

>> far:

>> - DNS resolution seems OK

>> - The IP address and the default site FQDN are being resolved OK in all

>> cases

>> - The sites that are reached through Host Headers are not resolved. I

>> assume

>> they are host headers because you have not mentioned different IP

>> addresses

>> and you mentioned the WAN IP address in the singular.

>> - It seems the failure only happens for domain users on domain machines

>> connecting over the Internet, and not for any other combination, and only

>> for the host header sites not for the default site.

>> - Is this SBS? Do you have ISA?

>>

>> It is not what you asked, but if I were providing access to OWA and

>> SharePoint authenticated over the net I would be using https.

>> Anthony,

>>

>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

>> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...

>> > It never works as the domain admin or any domain profile, it always

>> > works

>> > as

>> > any non-domain profile (such as local admin).

>> > When pinging i get the same results whether i'm logged in to a domain

>> > profile or non domain, all the sites (i.e. jobs.domain.net &

>> > owa.domain.net)

>> > all resolve back to our WAN ip address.

>> > When i try to connect to the IP address from either a domain profile or

>> > non

>> > domain i get our main public company webpage by default (http://www.domain.net

>> > or

>> > domain.net normally).

>> > When i connect to the name (jobs.domain.net etc) from a domain profile

>> > it

>> > says page cannot be found. When i browse to the name from a nondomain

>> > profile

>> > it comes up and asks for credentials and lets me login to the site(s).

>> >

>> > "Anthony [MVP]" wrote:

>> >

>> >> When the client is outside the WAN, I think you said that it works as

>> >> admin

>> >> or as user when unjoined, but not as user when joined to the domain.

>> >> What happens when you ping in those different circs? Also, what

>> >> happens

>> >> when

>> >> in IE you connect to a) the name and b) the ip address?

>> >> Anthony,

> http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

>> >>

>> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote

>> >> in

>> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...

>> >> > Well when i am NOT connected to the VPN all the sites (i.e

>> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address

>> >> > for

>> >> > both

>> >> > domain users and nondomain users. When connected to the VPN it

>> >> > resolves

>> >> > to

>> >> > the local ip address of the server itself (ie. 10.1.1.1).

>> >> >

>> >> > "Anthony [MVP]" wrote:

>> >> >

>> >> >> What happens when you ping the sites?

>> >> >> Anthony,

>> >> >> http://www.airdesk.co.uk

>> >> >>

>> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>

>> >> >> wrote

>> >> >> in

>> >> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

>> >> >> > No we arent specifying any proxy server inside IE. I did see an

>> >> >> > article

>> >> >> > about

>> >> >> > something close to this and it suggested running a command

>> >> >> > locally

>> >> >> > on

>> >> >> > ther

>> >> >> > server if you DONT run a proxy, and then also specifying a fake

>> >> >> > proxy

>> >> >> > inside

>> >> >> > the users IE settings. I tried this for one user with no luck,

>> >> >> > and

>> >> >> > have

>> >> >> > now

>> >> >> > set the proxy settings back to default "unchecked" inside IE. I'm

>> >> >> > sure

>> >> >> > it

>> >> >> > has

>> >> >> > something to do with the way the domain users get routed

>> >> >> > externally

>> >> >> > to

>> >> >> > the

>> >> >> > site(s) but i'm not sure where to start/look. Any other ideas???

>> >> >> >

>> >> >> > "Anthony [MVP]" wrote:

>> >> >> >

>> >> >> >> Are you perhaps specifying a proxy server in the user's Internet

>> >> >> >> Explorer

>> >> >> >> settings?

>> >> >> >> Anthony,

>> >> >> >> http://www.airdesk.co.uk

>> >> >> >>

>> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>

>> >> >> >> wrote

>> >> >> >> in

>> >> >> >> message

>> >> >> >> news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

>> >> >> >> > We are currently running a single domain controller with

>> >> >> >> > exchange

>> >> >> >> > 2003

>> >> >> >> > and

>> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When

>> >> >> >> > PCs/laptops

>> >> >> >> > are

>> >> >> >> > here

>> >> >> >> > in the office they can access both OWA/Sharepoint without any

>> >> >> >> > trouble.

>> >> >> >> > When a

>> >> >> >> > domain PC is external to the local network (i.e. a site

>> >> >> >> > office)

>> >> >> >> > users

>> >> >> >> > CANNOT

>> >> >> >> > access OWA/Sharepoint sites through the std internet

>> >> >> >> > connection.

>> >> >> >> > However

>> >> >> >> > if i

>> >> >> >> > connect those same PCs/Users to the VPN they CAN access

>> >> >> >> > OWA/Sharepoint

>> >> >> >> > while

>> >> >> >> > they are connected, as soon as they disconnect from the VPN

>> >> >> >> > they

>> >> >> >> > lose

>> >> >> >> > the

>> >> >> >> > ability to browse to OWA/Sharepoint they just get the std

>> >> >> >> > "page

>> >> >> >> > cannot

>> >> >> >> > be

>> >> >> >> > found" error in IE. Now whats weird is if i either disjoin the

>> >> >> >> > pc

>> >> >> >> > from

>> >> >> >> > the

>> >> >> >> > domain AND/OR just login as the local admin i CAN browse to

>> >> >> >> > OWA/Sharepoint

>> >> >> >> > (also my personal PC at home which isnt a domain PC can always

>> >> >> >> > browse

>> >> >> >> > to

>> >> >> >> > our

>> >> >> >> > sharepoint/owa site).

>> >> >> >> >

>> >> >> >> > So basically if you are a domain user and are not in the

>> >> >> >> > office

>> >> >> >> > or

>> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it

>> >> >> >> > doesnt

>> >> >> >> > even

>> >> >> >> > come

>> >> >> >> > up

>> >> >> >> > and ask for credentials it just says "page cannot be found".

>> >> >> >> > If

>> >> >> >> > you

>> >> >> >> > are

>> >> >> >> > NOT a

>> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet

>> >> >> >> > without

>> >> >> >> > VPN

>> >> >> >> > connection.

>> >> >> >> >

>> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or

>> >> >> >> > else

>> >> >> >> > the

>> >> >> >> > non-domain users wouldnt be able to access the sites. This

>> >> >> >> > must

>> >> >> >> > be

>> >> >> >> > something

>> >> >> >> > to do with domain config. HELP!!!

>> >> >> >> >

>> >> >> >> > How can i fix this?

>> >> >> >> >

>> >> >> >>

>> >> >>

>> >>

>>

May 29, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

I tried digest but it doesnt perform any differently. I am out here right now

and it appears i can still login to owa/sharepoint while logged in as the

local admin, but if i login as the domain admin or any other domain user it

doesnt let me connect to owa/sharepoint. Changing to forms based auth also

didnt help, and since we are using phones with activesync i have to leave it

off anyways. We are starting work in this field office on Monday and i really

need to get these resolved, having everyone connect to the VPN for

owa/sharepoint wont be possible where we are because of the sat internet we

are using... any other thoughts????

Thanks in advance for the help.

"Anthony [MVP]" wrote:

> I agree, it sounds like the Integrated Authentication is breaking down. You

> can check in the IIS logs whether the request is received, and what response

> the server gives.

> You might try changing the OWA authentication, for example:

> Just for fun you could try Digest, which secures the logon without requiring

> an SSL certificate,

> Anthony,

>

> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> message news:138BD2F7-316C-4607-9214-696790F241AB@microsoft.com...

> > Yes we are using host headers. owa.domain.net is just a forwarder to the

> > default exchange address of http://www.domain.net/exchange and jobs.domain.net is

> > an

> > actual virtual server with sharepoint extended to it.

> >

> > This is not SBS and were not using ISA nor SSL. We may implement SSL down

> > the road but for now i am just trying to get this to work for external

> > users....

> >

> > Also you meantioned the "default" site is working externally for domain

> > users and the sharepoint&owa sites are not. The default site is a public

> > site

> > tho, no auth required. Of course the sharepoint/owa sites require auth.

> > Could

> > this be some sort of NTLM/Kerberos issue with external domain profiles?

> > Like

> > the authentication for domain profiles isnt being carried thru to the

> > server?

> > Normally when we browse to owa/sharepoint on domain profiles internally it

> > doesnt ask for credentials, it just uses the locally logged in credentials

> > to

> > access the site. But when accessing from a non-domain profile it asks for

> > username and password... just thoughts....

> >

> > Anybody got any ideas?

> >

> > "Anthony [MVP]" wrote:

> >

> >> I don't have an easy answer for you. This is what I have understood so

> >> far:

> >> - DNS resolution seems OK

> >> - The IP address and the default site FQDN are being resolved OK in all

> >> cases

> >> - The sites that are reached through Host Headers are not resolved. I

> >> assume

> >> they are host headers because you have not mentioned different IP

> >> addresses

> >> and you mentioned the WAN IP address in the singular.

> >> - It seems the failure only happens for domain users on domain machines

> >> connecting over the Internet, and not for any other combination, and only

> >> for the host header sites not for the default site.

> >> - Is this SBS? Do you have ISA?

> >>

> >> It is not what you asked, but if I were providing access to OWA and

> >> SharePoint authenticated over the net I would be using https.

> >> Anthony,

>> http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

> >>

> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

> >> message news:DF7075BD-595A-4A93-A986-35157FCEC2FF@microsoft.com...

> >> > It never works as the domain admin or any domain profile, it always

> >> > works

> >> > as

> >> > any non-domain profile (such as local admin).

> >> > When pinging i get the same results whether i'm logged in to a domain

> >> > profile or non domain, all the sites (i.e. jobs.domain.net &

> >> > owa.domain.net)

> >> > all resolve back to our WAN ip address.

> >> > When i try to connect to the IP address from either a domain profile or

> >> > non

> >> > domain i get our main public company webpage by default (http://www.domain.net

> >> > or

> >> > domain.net normally).

> >> > When i connect to the name (jobs.domain.net etc) from a domain profile

> >> > it

> >> > says page cannot be found. When i browse to the name from a nondomain

> >> > profile

> >> > it comes up and asks for credentials and lets me login to the site(s).

> >> >

> >> > "Anthony [MVP]" wrote:

> >> >

> >> >> When the client is outside the WAN, I think you said that it works as

> >> >> admin

> >> >> or as user when unjoined, but not as user when joined to the domain.

> >> >> What happens when you ping in those different circs? Also, what

> >> >> happens

> >> >> when

> >> >> in IE you connect to a) the name and b) the ip address?

> >> >> Anthony,

> >> >> http://www.airdesk.co.uk

> >> >>

> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote

> >> >> in

> >> >> message news:73D3A04C-9139-46D0-89F5-89B5F10E204B@microsoft.com...

> >> >> > Well when i am NOT connected to the VPN all the sites (i.e

> >> >> > jobs.domain.net&owa.domain.net) resolve back to our WAN ip address

> >> >> > for

> >> >> > both

> >> >> > domain users and nondomain users. When connected to the VPN it

> >> >> > resolves

> >> >> > to

> >> >> > the local ip address of the server itself (ie. 10.1.1.1).

> >> >> >

> >> >> > "Anthony [MVP]" wrote:

> >> >> >

> >> >> >> What happens when you ping the sites?

> >> >> >> Anthony,

> >> >> >> http://www.airdesk.co.uk

> >> >> >>

> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>

> >> >> >> wrote

> >> >> >> in

> >> >> >> message news:D9490BE3-E37F-4B21-901C-99BC45885AAD@microsoft.com...

> >> >> >> > No we arent specifying any proxy server inside IE. I did see an

> >> >> >> > article

> >> >> >> > about

> >> >> >> > something close to this and it suggested running a command

> >> >> >> > locally

> >> >> >> > on

> >> >> >> > ther

> >> >> >> > server if you DONT run a proxy, and then also specifying a fake

> >> >> >> > proxy

> >> >> >> > inside

> >> >> >> > the users IE settings. I tried this for one user with no luck,

> >> >> >> > and

> >> >> >> > have

> >> >> >> > now

> >> >> >> > set the proxy settings back to default "unchecked" inside IE. I'm

> >> >> >> > sure

> >> >> >> > it

> >> >> >> > has

> >> >> >> > something to do with the way the domain users get routed

> >> >> >> > externally

> >> >> >> > to

> >> >> >> > the

> >> >> >> > site(s) but i'm not sure where to start/look. Any other ideas???

> >> >> >> >

> >> >> >> > "Anthony [MVP]" wrote:

> >> >> >> >

> >> >> >> >> Are you perhaps specifying a proxy server in the user's Internet

> >> >> >> >> Explorer

> >> >> >> >> settings?

> >> >> >> >> Anthony,

> >> >> >> >> http://www.airdesk.co.uk

> >> >> >> >>

> >> >> >> >> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com>

> >> >> >> >> wrote

> >> >> >> >> in

> >> >> >> >> message

> >> >> >> >> news:550FB3E4-F8D8-4ADA-B7B9-195B45278B94@microsoft.com...

> >> >> >> >> > We are currently running a single domain controller with

> >> >> >> >> > exchange

> >> >> >> >> > 2003

> >> >> >> >> > and

> >> >> >> >> > sharepoint v2 both installed. We have a VPN setup. When

> >> >> >> >> > PCs/laptops

> >> >> >> >> > are

> >> >> >> >> > here

> >> >> >> >> > in the office they can access both OWA/Sharepoint without any

> >> >> >> >> > trouble.

> >> >> >> >> > When a

> >> >> >> >> > domain PC is external to the local network (i.e. a site

> >> >> >> >> > office)

> >> >> >> >> > users

> >> >> >> >> > CANNOT

> >> >> >> >> > access OWA/Sharepoint sites through the std internet

> >> >> >> >> > connection.

> >> >> >> >> > However

> >> >> >> >> > if i

> >> >> >> >> > connect those same PCs/Users to the VPN they CAN access

> >> >> >> >> > OWA/Sharepoint

> >> >> >> >> > while

> >> >> >> >> > they are connected, as soon as they disconnect from the VPN

> >> >> >> >> > they

> >> >> >> >> > lose

> >> >> >> >> > the

> >> >> >> >> > ability to browse to OWA/Sharepoint they just get the std

> >> >> >> >> > "page

> >> >> >> >> > cannot

> >> >> >> >> > be

> >> >> >> >> > found" error in IE. Now whats weird is if i either disjoin the

> >> >> >> >> > pc

> >> >> >> >> > from

> >> >> >> >> > the

> >> >> >> >> > domain AND/OR just login as the local admin i CAN browse to

> >> >> >> >> > OWA/Sharepoint

> >> >> >> >> > (also my personal PC at home which isnt a domain PC can always

> >> >> >> >> > browse

> >> >> >> >> > to

> >> >> >> >> > our

> >> >> >> >> > sharepoint/owa site).

> >> >> >> >> >

> >> >> >> >> > So basically if you are a domain user and are not in the

> >> >> >> >> > office

> >> >> >> >> > or

> >> >> >> >> > connected to the VPN you CANNOT access OWA/Sharepoint, it

> >> >> >> >> > doesnt

> >> >> >> >> > even

> >> >> >> >> > come

> >> >> >> >> > up

> >> >> >> >> > and ask for credentials it just says "page cannot be found".

> >> >> >> >> > If

> >> >> >> >> > you

> >> >> >> >> > are

> >> >> >> >> > NOT a

> >> >> >> >> > domain user you CAN access OWA/Sharepoint thru the internet

> >> >> >> >> > without

> >> >> >> >> > VPN

> >> >> >> >> > connection.

> >> >> >> >> >

> >> >> >> >> > I'm pretty sure the router, external DNS, etc is correct or

> >> >> >> >> > else

> >> >> >> >> > the

> >> >> >> >> > non-domain users wouldnt be able to access the sites. This

> >> >> >> >> > must

> >> >> >> >> > be

> >> >> >> >> > something

> >> >> >> >> > to do with domain config. HELP!!!

> >> >> >> >> >

> >> >> >> >> > How can i fix this?

> >> >> >> >> >

> >> >> >> >>

> >> >> >>

> >> >>

> >>

>

May 29, 2008

Re: External Domain PCs wont browse to OWA nor Sharepoint sites

Did you look in the logs?

"techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

message news:2D60AF88-5CA1-42D2-A262-4E322C2D3677@microsoft.com...

>I tried digest but it doesnt perform any differently. I am out here right

>now

> and it appears i can still login to owa/sharepoint while logged in as the

> local admin, but if i login as the domain admin or any other domain user

> it

> doesnt let me connect to owa/sharepoint. Changing to forms based auth also

> didnt help, and since we are using phones with activesync i have to leave

> it

> off anyways. We are starting work in this field office on Monday and i

> really

> need to get these resolved, having everyone connect to the VPN for

> owa/sharepoint wont be possible where we are because of the sat internet

> we

> are using... any other thoughts????

>

> Thanks in advance for the help.

>

> "Anthony [MVP]" wrote:

>

>> I agree, it sounds like the Integrated Authentication is breaking down.

>> You

>> can check in the IIS logs whether the request is received, and what

>> response

>> the server gives.

>> You might try changing the OWA authentication, for example:

>> Just for fun you could try Digest, which secures the logon without

>> requiring

>> an SSL certificate,

>> Anthony,

>>

>> "techtedg@kc.rr.com" <techtedgkcrrcom@discussions.microsoft.com> wrote in

>> message news:138BD2F7-316C-4607-9214-696790F241AB@microsoft.com...

>> > Yes we are using host headers. owa.domain.net is just a forwarder to

>> > the

>> > default exchange address of http://www.domain.net/exchange and jobs.domain.net

>> > is

>> > an

>> > actual virtual server with sharepoint extended to it.

>> >

>> > This is not SBS and were not using ISA nor SSL. We may implement SSL

>> > down

>> > the road but for now i am just trying to get this to work for external

>> > users....

>> >

>> > Also you meantioned the "default" site is working externally for domain

>> > users and the sharepoint&owa sites are not. The default site is a

>> > public

>> > site

>> > tho, no auth required. Of course the sharepoint/owa sites require auth.

>> > Could

>> > this be some sort of NTLM/Kerberos issue with external domain profiles?

>> > Like

>> > the authentication for domain profiles isnt being carried thru to the

>> > server?

>> > Normally when we browse to owa/sharepoint on domain profiles internally

>> > it

>> > doesnt ask for credentials, it just uses the locally logged in

>> > credentials

>> > to

>> > access the site. But when accessing from a non-domain profile it asks

>> > for

>> > username and password... just thoughts....

>> >

>> > Anybody got any ideas?

>> >

>> > "Anthony [MVP]" wrote:

>> >

>> >> I don't have an easy answer for you. This is what I have understood so

>> >> far:

>> >> - DNS resolution seems OK

>> >> - The IP address and the default site FQDN are being resolved OK in

>> >> all

>> >> cases

>> >> - The sites that are reached through Host Headers are not resolved. I

>> >> assume

>> >> they are host headers because you have not mentioned different IP

>> >> addresses

>> >> and you mentioned the WAN IP address in the singular.

>> >> - It seems the failure only happens for domain users on domain

>> >> machines

>> >> connecting over the Internet, and not for any other combination, and

>> >> only

>> >> for the host header sites not for the default site.

>> >> - Is this SBS? Do you have ISA?

>> >>

>> >> It is not what you asked, but if I were providing access to OWA and

>> >> SharePoint authenticated over the net I would be using https.

>> >> Anthony,