RD Gateway prompts for authentication

Similar Messages

• Exchange 2010 mailbox prompts for authentication to Exchange 2013 mailbox

  I am in the process of a 2010 to 2013 migration. The only issue I can't seem to manage is an authentication issue with Outlook 2010. My Outlook profile consists of my Exchange 2013 mailbox and a shared mailbox on Exchange 2010. Initially, Outlook was prompting
  for authentication to the Exchange 2010 mailbox. Regardless of whether I entered the correct credentials or simply cancelled the prompt, I still had full access to both mailboxes (including Public Folders on 2010). The authentication prompt was removed with
  the following command:
  Get-OutlookAnywhere -Server my2013exchserver | Set-OutlookAnywhere -InternalClientsRequireSsl $true
  The second issue I now have is the reverse of the above: an Exchange 2010 user is prompted for authentication to an Exchange 2013 mailbox. How do I begin to troubleshoot this problem - should I run the same command (above) on 2010? I don't quite understand
  how Outlook communicates with Exchange but I am thinking there is an incorrect setting on one of the Virtual Directories(?).
  Many thanks.

  Hi Dennis,
  Please open Outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar –Connection Status to check the connection for your Exchange 2010 mailbox with shared 2013 mailbox. The following example in my test results:
  Please check your connection authentication. We can  run the following command to set your Outlook Anywhere for Exchange 2013:
  Set-OutlookAnywhere -Identity "E15-01\Rpc (Default Web Site)" -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $True -InternalClientsRequireSsl $true
  In Outlook side, please ensure the following settings in Account Settings:
  In Security tab, make sure Always prompt for logon credentials is unchecked and Logon network security is set to Negotiate Authentication.
  Regards,
  Winnie Liang
  TechNet Community Support

• Problem with Windows 7 802.1x prompted for authentication multiple times

  I have setup a WLAN for users to bring in their own devices (devices are not on the domain).  It is setup for WPA2-Enterprise/AES and it doesn't require certificates.  We authenticate with a Cisco Secure Access Server 5.1.44 (setup with Active Directory).
  I have configure dthe Windows 7 wireless client:
  WPA-Enterprise/AES
  PEAP - removed "Validate server certificate"
  EAPMSCHAPv2 properties disabled "Automatically use my Windows login name and password
  Advanced settings 802.1x - ticked for "user authentication"
  My problem is when I connect to the WLAN, I'm prompted for authentication multiple times (x2).  On the second login prompt everything logs in OK.  No errors are received after the first login attempt.
  Thanks

  This doesn't have anything to do with eap settings?
  Are the current defaults the recommended settings:
  EAP-Identity-Request Timeout (seconds)........... 30
  EAP-Identity-Request Max Retries................. 2
  EAP Key-Index for Dynamic WEP.................... 0
  EAP Max-Login Ignore Identity Response........... enable
  EAP-Request Timeout (seconds).................... 30
  EAP-Request Max Retries.......................... 2
  EAPOL-Key Timeout (milliseconds)................. 1000
  EAPOL-Key Max Retries............................ 2
  EAP-Broadcast Key Interval....................... 3600
  I have seen this multiple times on varying drivers and systems. The first time you login until it is cached.
  Thanks,
  Andrew

• Regression in 7u55+ prompts for authentication dialogs (JDK-8046211)

  I'm tracking issue JDK-8046211 and noticed today it was resolved as "won't
  fix" without any comment
  Our situation: We have a Java applet consisting of 4 jar files and a JNLP
  file. These files are served over HTTPS from a public webserver (no
  authentication required). The applet contains an up-to-date manifest with
  all the entries required since the new Java security baseline. The
  applet/JNLP file is accessed from a web application using Javascript
  (deployJava.js). All interaction with the applet is through Javascript.
  The web application itself runs on a different server and is protected
  using client certificates (2-way SSL) and basic authentication.
  Now until Java 7u55 everything worked fine. When loading the applet only
  one popup was displayed asking the user to trust the applet (which is
  properly signed) and that was all.
  However since 7u55 (also 7u60) things have changed: the applet loads fine
  but as soon as we call a method on the applet (though LiveConnect) the Java
  VM displays a popup asking the user to select a client certificate and
  thereafter asks the user to authenticate using BasicAuth.
  Important note: the user doesn't actually has to select a valid certificate
  or enter any credentials. If the user cancels any of the dialogs the applet
  continues to function properly. Logging shows the applet is using the same
  cookie as the browser so authentication against the server isn't actually
  taking place. Basically the Java VM is prompting for authentication dialogs
  for no good reason because the user is already authenticated with a browser
  cookie.
  Prior to 7u55 we didn't experience this issue (we have users with 7u40,
  7u45 and 7u51). Altogether it appears we encountered JDK-8046211, which has
  the characteristics of a regression issue.
  I'm curious if more people have experienced these issues (I know applets aren't the hottest tech out there....)

  Yes the problem is due to an extra HTTP call fired from the Java plugin (only under IE, no issues in Firefox) to the page that embeds the applet. So it's different from JDK-8046211 although the result is the same.
  We eventually implemented a workaround: we intercept the extra HTTP request in our frontend proxy server (Apache) and always return 200 OK prior to doing BasicAuth. Here's our mod_rewrite config implementing this workaround:
  RewriteEngine On
  RewriteLog /var/log/apache2/java_issue_rewrite.log
  RewriteLogLevel 0
  RewriteCond %{REQUEST_METHOD} =GET
  RewriteCond %{HTTP_USER_AGENT} Java/1.[7-8]
  RewriteRule ^/path/to/page/embedding/java/applet /dummy.html [R=200,L]

• No prompt for authentication when trying to connect to VPN

  Using OS X Mountain Lion 10.8.5, I created a new VPN Cisco IPsec connection with the native VPN client.
  I can manage to connect, whereas colleagues of mine (same network, same configuration, same operating system) can.
  The point is that I'm never prompted for the password to connect to the VPN: the prompt window simply doesn't show.
  Here are the logs from the console:
  Sep 18 08:31:42 ******* configd[17]: IPSec connecting to server ***.***.***.***
  Sep 18 08:31:42 ******* configd[17]: IPSec Phase1 starting.
  Sep 18 08:31:42 ******* configd[17]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
  Sep 18 08:31:42 ******* racoon[3985]: IPSec connecting to server ***.***.***.***
  Sep 18 08:31:42 ******* racoon[3985]: Connecting.
  Sep 18 08:31:42 ******* racoon[3985]: IPSec Phase1 started (Initiated by me).
  Sep 18 08:31:42 ******* racoon[3985]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
  Sep 18 08:31:42 ******* racoon[3985]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
  Sep 18 08:31:42 ******* racoon[3985]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
  Sep 18 08:31:42 ******* racoon[3985]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
  Sep 18 08:31:42 ******* racoon[3985]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
  Sep 18 08:31:42 ******* racoon[3985]: IPSec Phase1 established (Initiated by me).
  Sep 18 08:31:42 ******* racoon[3985]: IPSec Extended Authentication requested.
  Sep 18 08:31:42 ******* configd[17]: IPSec requesting Extended Authentication.
  Sep 18 08:31:42 ******* configd[17]: VPN Connection:  Enter your user authentication
  Sep 18 08:31:42 ******* configd[17]: IPSec Controller: XAuth authentication failed
  Sep 18 08:31:42 ******* configd[17]: IPSec disconnecting from server ***.***.***.***
  Sep 18 08:31:42 ******* racoon[3985]: IPSec disconnecting from server ***.***.***.***
  Sep 18 08:31:42 ******* racoon[3985]: IKE Packet: transmit success. (Information message).
  Sep 18 08:31:42 ******* racoon[3985]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
  Sep 18 08:31:42 ******* racoon[3985]: IPSec disconnecting from server ***.***.***.***
  If I'm not wrong, the window requesting the password should open after the line I highlighted (that's the behaviour we noticed on my colleagues' macbooks), but it doesn't.
  Does anyone knows how I can fix that problem? Thanks for your replies.

  Did you find a solution to this?  I have searched for several hours and found a few references to this behaviour (same people) but no resolution.
  Same issue for me, I see the "enter your user authentication" dialogue box, but there are no text boxes to enter credentials, only OK or CANCEL.
  Thanks

• CX Prompting for Authentication to Citrix, OWA

  Running 9.1.2.29
  We believe this is relatively new.  CX module is prompting for credentials (Active Auth) for users at home, connecting to Outlook Web Acces, Citrix, etc. inside of the firewall.  Internal users using the same resources are not. 
  I cannot even visualize where the CX module would be inspecting the traffic in, then out again for an internal server. 
  What configuration / policies exists to control that behavior?

  Marvin,
  Thanks for the continued help and sorry for the delay.  The configuration you were looking for is in my global_policy:
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect icmp
  class DR_GRE
    set connection timeout idle 0:00:15
  class NFLOW
    flow-export event-type all destination 10.128.36.16
  class Internet
    cxsc fail-open auth-proxy
  Does this help?!

• Linked document in Navigation prompting for Authentication

  I have SP2013 and OWA to launch docs, pdfs, etc. from libraries on an Anonymous site. When I am in the document library, I can click on the doc or pdf and OWA launches it my browser! Great!
  However, we have a link in the Top Navigation bar that points to a PDF in an Anonymously available library and the link tries to launch the PDF directly. (https://website.com/Overview/Documents/docName.pdf)
  This requires Acrobat Reader to launch. How can we have it directed through OWA instead?
  The Navigation does not use managed metadata or Audience targeting.
  Matthew Barrett Concept Interactive Inc.

  The answer is that you cannot.  OWA (Office Web Apps) only does in browser editing of Office documents.  Because PDF is an Adobe format that uses different editing software not made by Microsoft, you cannot get the editing experience though your
  browser.
  If however, you only wish to browse the PDF in the browser, without editing it, SharePoint can be configured to do that.  Start here:  http://rahulrashu.blogspot.com/2013/08/how-to-view-pdf-files-in-browsers-in.html
  I trust that answers your question...
  Thanks
  C
  |
  RSS |
  http://crayveon.com/blog |
  SharePoint Scripts | Twitter |
  Google+ | LinkedIn |
  Facebook | Quix Utilities for SharePoint

• How to make dyn/admin not to prompt for username and password?

  Hello all
  How to make dyn/admin not to prompt for username and password? I am writing a selenium job to automate cache invalidation to load test a production issue we are facing. Selenium is opening a fresh firefox session and prompting for username and password every time. I am also trying to modify my script such that it will use the same session again and not prompt for username and password. But I thought of asking this question in the group.
  Your inputs will help a lot.
  Thanks,
  Sundar

  Hi,
  You can set enabled property of /atg/dynamo/servlet/adminpipeline/AuthenticationServlet/ to false. It will not prompt for authentication.
  Gopi

• Dot1x - network access without prompting for password

  Dear all,
  I have a customer with wired dot1x which appears to no longer prompt for user authentication. The topology is a Radius server, Cat2950 switch and Windows XP clients. Recently, we have discovered that the PCs are not prompting for authentication and users are getting straight onto the network.
  When I delete the Windows registry entry
  HKEY_CURRENT_USER-Software-Microsoft-EAPOL- UserEupInfo
  I am again prompted for the username/password and the registry entry is added back in.
  Does anyone know how I can get the PC to always prompt for username/password without having to edit the registry each time?
  Many thanks in advance,
  Tracey

  Tracy,
  I don't have an answer to your question but I am tyring to do exactly what you have already done.(getting 802.1x working with xp client to acs server) Can you e-mail me the configs you used (client, switch acs)I am also working with tac but are not making progress. One thing i notice is that the switch port I am using is yellow and shows up down. is this normal behavior when the port is configured for 802.1x?
  Thanks, Tom [email protected]

• Why does Proxy Authentication prompt for user/pass on Win7 but not XP?

  Trying to use NTLM authentication for our proxy through Firefox 7.0.1. It works great in Windows XP - the user doesn't ever get prompted for his username or password when going to the internet. However, when using the same settings with Windows 7 machines going to the same internet sites, they always get prompted for username and password. Is there a workaround for this? Is this a bug?

  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
  *Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  *Do NOT click the Reset button on the Safe Mode start window
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Outlook 2013 - Exchange 2013 - Prompts for username and password when EWS basic authentication is enabled

  So we have an Exchange 2013 environment, and a CRM solution that requires basic authentication to EWS internally.  Problem is, after a reboot of our Exchange server, all of our Outlook clients begin prompting for username and password (which nothing
  works) which also starts locking users AD accounts out due to failed login attempts (somehow).  If I disabled basic authentication on EWS, Outlook authenticates as normal using NTLM and there are no issues.  Once Outlook has authenticated, I can
  turn back on basic authentication, and Outlook will be fine until the next time the Exchange server is rebooted.
  Any ideas?

  Hi,
  According to your description, I understand that Outlook client prompted for username and password when Exchange server restart and basic authentication is enabled for EWS.
  If I misunderstand your concern, please do not hesitate to let me know.
  It’s normal. This caused by the difference between basic authentication and NTML authentication:
  Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 or later world, Basic can mean no need to authenticate every time you open/reconnect,
  but in all earlier versions, you will have to enter creds every time.
  NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication
  at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Kerberos authentication prompting for credentials in Sharepoint 2013

  Hello all,
  I think I’m a bit confused on what I should expect out of Kerberos and sharepoint.
  Following the steps located in
  http://blog.blksthl.com/2012/09/26/the-first-kerberos-guide-for-sharepoint-2013-technicians/ , I’ve setup Kerberos in my Sharepoint 2013 environment. My hope was that configuring kerberos authentication would solve the issue of users being prompted for
  credentials when they access sharepoint. I know that one way to address this problem is to tweak the IE settings by adding the site to the local intranet or trusted zones, but am I wrong in thinking that Kerberos should also authenticate the user on to the
  site? Here’s my situation:
  Previously, I had our sharepoint URL in the trusted zone and had IE set to pass my credentials through, and that worked. After configuring Kerberos, I can see the tickets on my system using klist and the security log on our web front-end shows that I authenticated
  using Kerberos.
  However, if I then remove the sharepoint URL from the trusted zone in IE, I still get prompted for credentials. If I cancel the credential prompt, I get a 401 error and the security log on the server shows a NTLM login attempt.
  As soon as I put the URL back in the trusted zone, I can access the site and the server log shows a Kerberos authentication.
  I’m I wrong in thinking that if Kerberos was working properly then I shouldn't need to have the URL in the trusted zone?
  Thanks
  Bill

  Thanks for the quick reply, Alex. At least it’s good to know it appears to be working as designed.
  Thanks again,
  Bill

• Need MBAM 2.5 Helpdesk and selfservice sites to open for authenticated users with no password prompt

  I Need MBAM 2.5 Helpdesk and self service sites to open for authenticated users with no password prompt. I just cant seem to get this to work. The account used in the application pool has its SPN registered and delegation set. I can use that account to login
  to the sites but am prompted for a password. That said anyone I add into the helpdesk users group cannot negotiate the sites. Only the account I have set in the application pool can. I want domain authenticated users that have been added to the MBAM Help Desk
  Users group to negotiate the site with NO password challenge at all.
  tconners

  This generally means that your SPN is not set up correctly.  Let's say the web server you installed the SSP on is lance.contoso.com and your app pool creds are corp\lance.  You should set an SPN similar to setspn -s http/lance.contoso.com
  corp\lance.  In your browser, you should now be able to access the SSP without prompts.  However, if you still get prompted, generally that means that your local intranet zone in IE does not have an entry for *.contoso.com.  Since you are entering
  an FQDN in your browser, IE interprets the "." to mean "on the internet" which breaks Kerberos authentication.  By adding *.contoso.com to your local intranet zone, you are telling it that lance.contoso.com is on the intranet, so use
  Kerberos.
  I can confirm, that I have exact configuration and I always get the password promt for the very first time. We have 2 server (1xIIS and 1xSQL) infrastructure in production with SPN set like it should and I get the password prompt.

• Prompting for passwords even i configured ssh password less authentication

  There are two servers :
  1. Site
  2. Testing
  from site server i want to connect testing server with ssh password less authentication.
  i generated public and private keys with ssh-keygen -t rsa on site server.
  cat id_rsa >> authorized_keys
  cat id_rsa.pub >> authorized_keys
  i appended id_rsa.pub ( public key site server ) to authorized_keys ( testing server ) with below command .
  ssh [email protected] "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub
  am i missing some point in performing procedure for ssh password less authentication ?
  because it prompts for passwords agaian and again
  Edited by: user13376823 on Oct 9, 2012 9:30 AM

  user13376823 wrote:
  There are two servers :
  1. Site
  2. Testing
  from site server i want to connect testing server with ssh password less authentication.
  i generated public and private keys with ssh-keygen -t rsa on site server.
  cat id_rsa >> authorized_keys
  cat id_rsa.pub >> authorized_keysI don't think you should be doing this. I can't see the point of adding the private key and adding the public key means the "Site" can ssh to itself without needing a password!
  >
  i appended id_rsa.pub ( public key site server ) to authorized_keys ( testing server ) with below command .
  ssh [email protected] "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub
  I would expect you to add the RSA public key to the "authorized_keys2" file and not the "authorized_keys" file.
  >
  >
  am i missing some point in performing procedure for ssh password less authentication ?
  because it prompts for passwords agaian and again
  Edited by: user13376823 on Oct 9, 2012 9:30 AM

• Weblogic server BASIC Authentication not prompting for username

  I created a very simple Weblogic 10.3.5 web application with BASIC Authentication that for some reason doesn't prompt for the username and password. I believe the web.xml and weblogic.xml are created properly. The entire application is below.
  It consists of two files:
  index.html -- that anyone should be able to load
  remoteuser.jsp -- that only people in 'group' should be able to load
  I added an <auth-constraint> for all JSPs (*.jsp), such that only users in 'group' should be able to load them. However, when I load the url "/remoteuser.jsp", it displays "The remote user is null", and doesn't prompt for a username and password. The causes the JSP to also print out null instead of the remote user's name.
  The <auth-method> is, of course, set to BASIC.
  I currently don't even have any groups defined in Weblogic's Security Realm, because I want to watch it fail first.
  According to this Weblogic documentation (http://docs.oracle.com/cd/E15051_01/wls/docs103/security/thin_client.html#wp1037337), I believe that I'm doing everything correctly.
  Do I have to modify the Weblogic Security Realm's Authentication Provider? Or some other setting?
  I know that I'm doing something silly, but can't see it. Please help!
  SOURCE FILES
  web.xml
  <web-app>
  <welcome-file-list>
  <welcome-file>index.html</welcome-file>
  </welcome-file-list>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>JSPs</web-resource-name>
  <url-pattern>*.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>group</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>group</role-name>
  </security-role>
  </web-app>
  weblogic.xml
  <weblogic-web-app>
  <security-role-assignment>
  <role-name>group</role-name>
  <principal-name>group</principal-name>
  </security-role-assignment>
  </weblogic-web-app>
  remoteuser.jsp
  <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  pageEncoding="ISO-8859-1"%>
  <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  <html>
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
  <title>Remote User</title>
  </head>
  <body>
  <p>
  Only users in "group" should be able to load this page.
  </p>
  <p>
  The remote user is <%= request.getRemoteUser() %>
  </p>
  </body>
  </html>
  index.html
  <html>
  <head><title>WebLogic Test</title></head>
  <body>
  Everyone should be able to see this.
  </body>
  </html>

  Hi,
  Before deploying, have you changed:
  Application properties -> Deployment
  Remove the selection from "Auto Generate and Syncronize weblogic-jdc.xml ....."
  Kind Regards