Re: Problem establishing SSL connection in code-behind
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 Jan 2008 22:15:24 -0600
Regarding your first question, SSL is negotiated before any HTTP traffic is
sent, so SSL must have already been successful. That's what I meant by
saying that it was not the problem.
This error you are getting in the event log doesn't look right though. I
would not expect to see a group policy processing error for a network login.
That seems like something that should happen on an interactive logon. I
could be wrong though as I'm not a GPO guy. However, I'd also expect to see
that same error when you log on using IWA with those same credentials using
the browser.
There is a tool that is often helpful for troubleshooting HTTP
authentication issues called wfetch.exe from the IIS 6 resource kit that I
would probably try to use to simulate the GET request that your .NET code is
making to see if I get the same error.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"gnewsgroup" <gnewsgroup@xxxxxxxxx> wrote in message
news:eaa7aa02-687a-427b-a02d-b246f986c5f8@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jan 2, 5:37 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
The 401 indicates that your creds are not being accepted. You would get
a
different error if there was an SSL problem.
I'd suggest enabling auditing of logon events (success and failure) on
the
remote web server and see if you can find out why the authentication is
failing.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"http://www.directoryprogramming.net
I enabled logon event auditing and did find something interesting.
Look:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 1/2/2008
Time: 6:17:48 PM
User: MYCOMPANY.COM\myusername
Computer: Mercury01
Description:
Windows cannot access the file gpt.ini for GPO cn={4D440ED8-E77F-447C-
A091-739F3F676AB0},cn=policies,cn=system,DC=mycompany,DC=com. The file
must be present at the location <\\mycompany.com\SysVol\mycompany.com
\Policies\{4D440ED8-E77F-447C-A091-739F3F676AB0}\gpt.ini>. (The system
detected a possible attempt to compromise security. Please ensure that
you can contact the server that authenticated you. ). Group Policy
processing aborted. For more information, see Help and Support Center
at http://go.microsoft.com/fwlink/events.asp.
It looks like that the system is trying to access the so-called
gpt.ini file. I just checked the remote computer, it does not even
have a folder called \\mycompany.com\SysVol\.
So, somehow, I have to create that path and that gpt.ini file in order
for this to work?
.
- Follow-Ups:
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- References:
- Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Re: Problem establishing SSL connection in code-behind
- From: Joe Kaplan
- Re: Problem establishing SSL connection in code-behind
- From: gnewsgroup
- Problem establishing SSL connection in code-behind
- Prev by Date: Re: searching what groups a user belong from AD but errorThe Kerberos subsystem encountered an error. A service for user protocol request was made
- Next by Date: Re: searching what groups a user belong from AD but errorThe Kerberos subsystem encountered an error. A service for user protocol request was made
- Previous by thread: Re: Problem establishing SSL connection in code-behind
- Next by thread: Re: Problem establishing SSL connection in code-behind
- Index(es):
Relevant Pages
|
|
