Single Sign on Stops working
- we currently have an issue with double-hop.
we use NTLM authentication in a MOSS 2007 farm with 2 WFE and 1 application server.
When using infopath forms that connect to webservices we can (!) get an error about authentication errors.
I know this is due to double-hop issues with NTLM. So far so good.
To resolve this there are several options. We choose : Single sign on.
Because of the low impact.
However, we implemented Single Sign on , on all 3 machines , configured the Single sign on service and the single sign on configuration.
On intial start > everything works (no double hop issues)
this works for approx. 24 hours, then it stops working.
I can't get it working again unless i reconfigure the entire configuration.Application log is not showing any errors.
Can anyone gibe me a hint where to start looking for this issue .....
Willing to learn everything about Sharepoint there is to learn. My blog
Answers
Hi Eric,
Thanks for your update.
I checked the logs, and it indicate that the SSO is not configured and no further information showed the cause of your issue.
I also reviewed some SSO issues in the internal database, but do not get any similar issue.
I understand that this is important to your business, I think using Kerberos is a very good alternative and hope you could workaround the issue at last.
If you really like a SSO solution, I suggest you to contact Microsoft Customer Support Services (CSS) via telephone so that a dedicated Support Professional can assist you in a more efficient manner.
Please be advised that contacting phone support will be a charged call.
To obtain the phone numbers for specific technology request please take a look at the web site listed below.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US please see http://support.microsoft.com for regional support phone numbers.
Sorry for the inconvenience.
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byvanglabbeek, Eric -MCT Thursday, November 12, 2009 8:23 AM
All Replies
Hi Eric,
The SSO functionality is implemented by the Microsoft Single Sign-On (SSOSrv) service.
I would like to check if the service is running first. If the service is stopped, try to start it up.
If there is no logs in Application logs, I suggest you to check ULS logs to see if you could get more information there (you may need to set the SSO category to Verbose in Event Throttling)
I also opened a workspace for your issue, you could upload the SPSReport to me for further investigation.
Workspace URL: (https://sftemea.one.microsoft.com/ChooseTransfer.aspx?key=be3352a3-0bf5-4a64-9726-788222daf753)
Workspace Password: b1uvFB+ET_@J@8
To capture SPSReports, please follow the steps:
1) Download the SPSReport tool from http://spsreport.codeplex.com/
2) Run the SPSReport.exe on the WFE and Application Server.
3) Choose option 3 (Full).
4) On your system a CAB file will be generated in the %systemroot%\SPSReports\Portal\rpt\Cab directory called %COMPUTERNAME%_SPSReports.CAB.
5) The CAB file will contain the reports generated by the SPS Reporting Tool.
6) Send the cab file to the workspace.
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.Hi Eric,
Could you please let me know if the SSO is resolved or not?
If you need further assistance, please feel free to let me know.
Have a nice day!
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.- Lambert,
thanks for assisting me.
I somehow missed the mail about your first reply.
- I checked all services and they are started
- Application logs show no information
- ULS logs show errors, but i can't seem to link them to my problem
I've uploaded both a uls log file and the file created by the spsreport tool
Due to the importance we most likely start implementing kerberos this afternoon as an alternative
But i'm still in favor of SSO
Kind regards,
Eric van Glabbeek
Willing to learn everything about Sharepoint there is to learn. My blog Hi Eric,
Thanks for your update.
I checked the logs, and it indicate that the SSO is not configured and no further information showed the cause of your issue.
I also reviewed some SSO issues in the internal database, but do not get any similar issue.
I understand that this is important to your business, I think using Kerberos is a very good alternative and hope you could workaround the issue at last.
If you really like a SSO solution, I suggest you to contact Microsoft Customer Support Services (CSS) via telephone so that a dedicated Support Professional can assist you in a more efficient manner.
Please be advised that contacting phone support will be a charged call.
To obtain the phone numbers for specific technology request please take a look at the web site listed below.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US please see http://support.microsoft.com for regional support phone numbers.
Sorry for the inconvenience.
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byvanglabbeek, Eric -MCT Thursday, November 12, 2009 8:23 AM
- Thanks for the assistance.
Although i'm suprised by the answer that SSO is not configured.
However, i'm gonna give kerberos a try today.
thanks.
Kind regards,
Eric van Glabbeek
Willing to learn everything about Sharepoint there is to learn. My blog
