Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Solved: The server _____ at ______ requires a username and password


(!)

TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
09-Dec-2009, 06:57 PM #1
Question Solved: The server _____ at ______ requires a username and password
Good afternoon,

Our office uses Outlook Web Access (OWA) that is based on our front-end exchange server and our back-end exchange server.

We can logon to OWA fine, and most of our OWA functionality is fine. However, when we open an OWA message from any browser, and then click on a web site link within the body of any OWA message, we encounter the following message:
The server communitycolleges.wy.edu at communitycolleges.wy.edu requires a username and password.

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).

User Name: ____________
Password: _____________

When we enter our OWA username and password in response to the message above, the username and password get rejected, and then the message above returns and reprompts and won't let us proceed. If we choose to cancel out of the message above, then we get the "Error: Access is Denied" message.

Are there server settings I can adjust to eliminate the message above?


Environment Details:

Front-End Server- commission-web.commission.wcc.edu

Windows Server 2003 Standard Edition
Service Pack 1

Exchange 6.5 (Build 7638.2: Service Pack 2)

Internet Information Services (IIS) Manager -
Version 6

Back-End Server- commission-wcc.commission.wcc.edu

Windows Server 2003 R2 Enterprise Edition
Service Pack 2

Exchange 6.5 (Build 7638.2: Service Pack 2)

Some domain info:

An nslookup on communitycolleges.wy.edu returns the correct IP of the front-end server.

I believe communitycolleges.wy.edu is an alias setup for the front-end server. If any of you would like me to confirm this, please let me know and I can ask my name server contact.

Thanks!
JohnWill's Avatar
Computer Specs
Retired Moderator with 106,412 posts.
 
Join Date: Oct 2002
Location: South Eastern PA, USA
09-Dec-2009, 07:13 PM #2
Time to consult the IT folks I would imagine.
TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
09-Dec-2009, 07:39 PM #3
I actually am the IT person responsible for these servers. However, most of my time is spent developing applications on an HP-UX server, and not so much time is spent working with Exchange, Windows, and IIS. So I sometimes need to ask for help on matters relating to Exchange, Windows, and IIS.

Thanks.
eberlysystems's Avatar
eberlysystems eberlysystems is offline   eberlysystems has a birthday soon!
Computer Specs
Member with 286 posts.
 
Join Date: Nov 2009
Location: Reading, PA
Experience: Advanced
10-Dec-2009, 12:43 AM #4
Error logs show the rejection?

There's a lot of things to check, and this is a little out of my experience, but I'll offer some thoughts...

Any possibility of phishing/m-i-m attacks? That's the most common routine - cron'd or triggered redirects, bogus login pages, "access denied" or other equally bogus error pages on rejection.

I realize, theoretically, yours would be a difficult situation to apply this in, BUT.. a very beneficial one for an attacker.

Logs clean, security tight? It's worth considering - the non-secured authentication request would fit.
TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
10-Dec-2009, 11:18 AM #5
Thanks for your assistance.

I'll check the logs soon. I also want to run a full scan for viruses and other threats (using Symantec) on the front-end server, but am concerned that scanning certain exchange folders/drives might cause trouble or disruption. I recall from long ago that certain exchange drives/folders should not be scanned for threats, at least several years ago. But perhaps this issue doesn't apply to Symantec AntiVirus 10.1.4.4 and MS Exchange 6.5 (Build 7638.2: Service Pack 2)?
TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
10-Dec-2009, 12:33 PM #6
I found the following application error (from event viewer) on the front-end server that appears to be linked to my original problem of this thread:

======================================================
Event Type: Error
Event Source: EXPROX
Event Category: None
Event ID: 1001
Date: 12/10/2009
Time: 8:26:11 AM
User: N/A
Computer: COMMISSION-WEB
Description:
Microsoft Exchange Server has detected that Basic Authentication is being attempted between this server and server 'COMMISSION-WCC'. This authentication mechanism is not secure and it is not supported between front-ends and back-ends. If this condition persists, please verify that server 'COMMISSION-WCC' is properly configured to use Integrated Windows Authentication for each virtual directory used by Exchange. After applying any changes it may be necessary to restart Internet Information Services on both the front-end and back-end servers.
For more information, click http://www.microsoft.com/contentredirect.asp.
======================================================

I'm considering the prospect of following the instructions in the "User Action" section of the following technet article:

http://www.microsoft.com/technet/sup...PROX&LCID=1033
TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
11-Dec-2009, 10:51 AM #7
I went ahead and set the back-end server to "Integrated Windows authentication", and set the front-end server to "Basic Authentication" according to recommendations of the following technet article:

http://www.microsoft.com/technet/sup...PROX&LCID=1033

Now, I have much worse trouble. We no longer have any Outlook Web Access service at all. When trying to reach OWA at http://communitycolleges.wy.edu/exchange, I get the "HTTP Error 404 - File or directory not found." message. Get the same when trying with the https prefix. I might wind up having to contact MS support.
TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
15-Dec-2009, 02:14 PM #8
I recently contacted Microsoft technical support, and now this Outlook Web Access problem is solved. MS support guided me to make the following "Directory Security - Authentication and access control" adjustments to the following virtual directories (in IIS manager):

· Exadmin (front-end server) – “Integrated Windows authentication”
· Exchange (front-end server) – “Basic authentication”
· ExchWeb (front-end server) – “Enable anonymous access”

· Exadmin (back-end server) – “Integrated Windows authentication”

· Exchange (back-end server) – “Integrated Windows authentication” AND “Basic authentication”

· ExchWeb (back-end server) – “Enable anonymous access”

On both the front-end server and back-end server, the above adjustments were made by going to: IIS Manager > local computer > Web Sites > relevant_web_site > virtual_directory > properties > Directory Security > Authentication and access control > "Edit...".
eberlysystems's Avatar
eberlysystems eberlysystems is offline   eberlysystems has a birthday soon!
Computer Specs
Member with 286 posts.
 
Join Date: Nov 2009
Location: Reading, PA
Experience: Advanced
15-Dec-2009, 02:39 PM #9
Everything's taken care of then?
TH_WIT's Avatar
TH_WIT TH_WIT is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: Dec 2009
Location: Cheyenne, WY
Experience: Intermediate
15-Dec-2009, 02:57 PM #10
Yes, and I recently pushed the "Mark Solved" button on this.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑