Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationnot automatic login, but okay going to windowssigninnot automatic login, but okay going to windowssignin
Previous
 
Next
New Post
3/31/2009 12:57 PM
 
Jamieson

Joined: 2/7/2008
Posts: 26

This is a long reply because I've been doing a lot of testing, but I've underlined the most relevant information to help keep this organized.  Thank you for help.

Well, I have setup a HTML module to display only for those who aren't authenticated and it has a link to a page that logs their IP Address, username and IE Version before redirecting them to the WindowsSignin page.  I've noticed that people are getting errors with IE 6 and 7.  I've also noticed that it's not just that 30 users like I had originally thought, but that it seems to sporadically change who's affected.  Local administrators experience issues as well.  I've also noticed that everytime there's a failure, the username get's logged correctly, so it appears that at least IIS is seeing the user who's logged in correctly.

Some additional information regarding IIS and client configuration: the website is hosted using a DNS alias, and we have registered SPNs for that alias using the SETSPN command.  Also, we have "Enable Integrated Windows Authentication" checked on all computers, and all computers have the following registry key added from another problem that we've had in the past: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149]
"Iexplore.exe"=dword:00000001

All users have the same version on AV installed, and group policy controls the windows firewall settings.  Unauthorized applications cannot be installed except by administrators, and there aren't many.  The users who are experiencing the issues do not appear to have any unique characteristics, and everyday a different group of people is affected, but some users appear more than once, and a couple seem to have to log in more than once in the span of a few minutes.
 
New Post
4/1/2009 8:18 AM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

Sparodic logins like that almost seems to point at your authentication source.  Is your webserver authenticating to more than one DC?
 
New Post
4/2/2009 8:33 AM
 
Jamieson

Joined: 2/7/2008
Posts: 26

That's an interesting thought, it's possible, but how would I be able to tell which domain controller it might be authenticating to.  Also, is there a way to override it to look at just one server?

Also, it seems that they are able to manually login by navigating to the windowssignin.aspx page (although sometimes it takes a little longer than expected for some users).  Would that fact negate the possibility of problem at the authenticating server, or does it use a different means than the automatic login?
 
New Post
4/2/2009 12:48 PM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

Ya know, that is a good question... I'll have to do some research and see if I can figure out how IIS does the authentication and how to find which DC it uses.

Otherwise, for computers outside of the webserver it is pretty simple, I have a login script that records logins and what their login server was.  When we see sparodic authentications, I look at the log and can see which ones "are" working, and look at the DC that isn't responding to clients. 

The fact that the windowssignin.aspx file does work does not negate this as a possible problem.  AD authentication has a time-out period where it will eventually switch to another DC if the first one times out, so the fact that it does work that way doesn't rule that problem out.  I'm not sure if DNN has a seperate timeout setting, making the automatic login time out faster.

 
 
New Post
4/2/2009 1:56 PM
 
Jamieson

Joined: 2/7/2008
Posts: 26

I've been having issues with people in various locations who authenticate to different DCs.  We have them setup to always use the DC closest to them.  I Maybe IIS (and not the client) is authenticating to different servers to authenticate on behalf of the client, perhaps that's in line with your theory.

I'm working with our Systems Administrator to see if I can get an export of all the AD and FRS logs and perhaps find an error somewhere.  The confusing thing is that even in my location, there are people who have received the issue.  But I myself never have.  And some get it everyday, but others once or twice a week.  Some (like myself) never see the error.

Hopefully the logs give me some insight, I will respond to this forum with the results.  Thanks for your assistance thus far.
 
 Page 4 of 7
Previous12345...7Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationnot automatic login, but okay going to windowssigninnot automatic login, but okay going to windowssignin


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out