1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: The server _____ at ______ requires a username and password

Discussion in 'Networking' started by TH_WIT, Dec 9, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    Good afternoon,

    Our office uses Outlook Web Access (OWA) that is based on our front-end exchange server and our back-end exchange server.

    We can logon to OWA fine, and most of our OWA functionality is fine. However, when we open an OWA message from any browser, and then click on a web site link within the body of any OWA message, we encounter the following message:

    The server communitycolleges.wy.edu at communitycolleges.wy.edu requires a username and password.

    Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).

    User Name: ____________
    Password: _____________

    When we enter our OWA username and password in response to the message above, the username and password get rejected, and then the message above returns and reprompts and won't let us proceed. If we choose to cancel out of the message above, then we get the "Error: Access is Denied" message.

    Are there server settings I can adjust to eliminate the message above?


    Environment Details:

    Front-End Server- commission-web.commission.wcc.edu

    Windows Server 2003 Standard Edition
    Service Pack 1

    Exchange 6.5 (Build 7638.2: Service Pack 2)

    Internet Information Services (IIS) Manager -
    Version 6

    Back-End Server- commission-wcc.commission.wcc.edu

    Windows Server 2003 R2 Enterprise Edition
    Service Pack 2

    Exchange 6.5 (Build 7638.2: Service Pack 2)

    Some domain info:

    An nslookup on communitycolleges.wy.edu returns the correct IP of the front-end server.

    I believe communitycolleges.wy.edu is an alias setup for the front-end server. If any of you would like me to confirm this, please let me know and I can ask my name server contact.

    Thanks!
     
  2. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,409
    Time to consult the IT folks I would imagine.
     
  3. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    I actually am the IT person responsible for these servers. However, most of my time is spent developing applications on an HP-UX server, and not so much time is spent working with Exchange, Windows, and IIS. So I sometimes need to ask for help on matters relating to Exchange, Windows, and IIS.

    Thanks.
     
  4. eberlysystems

    eberlysystems

    Joined:
    Nov 28, 2009
    Messages:
    286
    Error logs show the rejection?

    There's a lot of things to check, and this is a little out of my experience, but I'll offer some thoughts...

    Any possibility of phishing/m-i-m attacks? That's the most common routine - cron'd or triggered redirects, bogus login pages, "access denied" or other equally bogus error pages on rejection.

    I realize, theoretically, yours would be a difficult situation to apply this in, BUT.. a very beneficial one for an attacker.

    Logs clean, security tight? It's worth considering - the non-secured authentication request would fit.
     
  5. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    Thanks for your assistance.

    I'll check the logs soon. I also want to run a full scan for viruses and other threats (using Symantec) on the front-end server, but am concerned that scanning certain exchange folders/drives might cause trouble or disruption. I recall from long ago that certain exchange drives/folders should not be scanned for threats, at least several years ago. But perhaps this issue doesn't apply to Symantec AntiVirus 10.1.4.4 and MS Exchange 6.5 (Build 7638.2: Service Pack 2)?
     
  6. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    I found the following application error (from event viewer) on the front-end server that appears to be linked to my original problem of this thread:

    ======================================================
    Event Type: Error
    Event Source: EXPROX
    Event Category: None
    Event ID: 1001
    Date: 12/10/2009
    Time: 8:26:11 AM
    User: N/A
    Computer: COMMISSION-WEB
    Description:
    Microsoft Exchange Server has detected that Basic Authentication is being attempted between this server and server 'COMMISSION-WCC'. This authentication mechanism is not secure and it is not supported between front-ends and back-ends. If this condition persists, please verify that server 'COMMISSION-WCC' is properly configured to use Integrated Windows Authentication for each virtual directory used by Exchange. After applying any changes it may be necessary to restart Internet Information Services on both the front-end and back-end servers.
    For more information, click http://www.microsoft.com/contentredirect.asp.
    ======================================================

    I'm considering the prospect of following the instructions in the "User Action" section of the following technet article:

    http://www.microsoft.com/technet/su...6.5.6940.0&EvtID=1001&EvtSrc=EXPROX&LCID=1033
     
  7. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    I went ahead and set the back-end server to "Integrated Windows authentication", and set the front-end server to "Basic Authentication" according to recommendations of the following technet article:

    http://www.microsoft.com/technet/su...6.5.6940.0&EvtID=1001&EvtSrc=EXPROX&LCID=1033

    Now, I have much worse trouble. We no longer have any Outlook Web Access service at all. When trying to reach OWA at http://communitycolleges.wy.edu/exchange, I get the "HTTP Error 404 - File or directory not found." message. Get the same when trying with the https prefix. I might wind up having to contact MS support.
     
  8. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    I recently contacted Microsoft technical support, and now this Outlook Web Access problem is solved. MS support guided me to make the following "Directory Security - Authentication and access control" adjustments to the following virtual directories (in IIS manager):

    · Exadmin (front-end server) – “Integrated Windows authentication”
    · Exchange (front-end server) – “Basic authentication”
    · ExchWeb (front-end server) – “Enable anonymous access”

    · Exadmin (back-end server) – “Integrated Windows authentication”

    · Exchange (back-end server) – “Integrated Windows authentication” AND “Basic authentication”

    · ExchWeb (back-end server) – “Enable anonymous access”

    On both the front-end server and back-end server, the above adjustments were made by going to: IIS Manager > local computer > Web Sites > relevant_web_site > virtual_directory > properties > Directory Security > Authentication and access control > "Edit...".
     
  9. eberlysystems

    eberlysystems

    Joined:
    Nov 28, 2009
    Messages:
    286
    Everything's taken care of then?
     
  10. TH_WIT

    TH_WIT Thread Starter

    Joined:
    Dec 9, 2009
    Messages:
    7
    Yes, and I recently pushed the "Mark Solved" button on this.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/884274