none
Problem accessing sharepoint from UAG portal RRS feed

  • Question

  • I seem to be having some kind of issue with receiving the following error when users login to MOSS 2007 through the UAG.
    error: you do not have permission to view the folder or page.
    it was workink fine before now.
    When i check UAG monitor i see the fllg error:
    The request from user abc.xyz.com\\otestuser at source IP address 41.206.12.50 to trunk appstrunk; Secure=1 failed because the request was unable to reply to an HTTP 401 request from application WORKPLACE of type SharePoint2007AAM. The session ID is 398EFCD1-5985-4B21-920C-xxxxxxxx
    i hav 1 uag and one MOSS FE
    i have seperate internal and external and AAM has bben configured
    Thursday, July 7, 2011 6:35 PM

Answers

All replies

  • Hello Ojekale,

     

    This sound like problem with the user's permission in the SharePoint (UAG SSO fail).

    Can you confirm that accessing the backend directly (without UAG) with the same credentials (abc.xyz.com\\otestuser) works fine ?

    Do you have any logs on the backend that may explain why it does not accept the credentials ?

     

    Ophir.

    Sunday, July 10, 2011 9:57 AM
    Moderator
  • hello Ophirp,

    Accessing the backend directly works fine.

    No log on the backend that relates to logon failure from UAG.

    What else should i check?

    Monday, July 11, 2011 12:02 PM
  • Hi Ojekale,

    Without any logs or more information, it will be hard to tell.

    If the connection between UAG and MOSS is in HTTP, you may check network capture and see if you can identify the 401 response from the MOSS and then the request back from UAG with authentication, maybe something wrong with this request that cause the MOSS to reject it.

    You should focus on the HOST and AUTHORIZATION headers in the request and compare it to the working scenario (without UAG) and see if this gives you more hints...

     

    Ophir.

    Monday, July 11, 2011 12:12 PM
    Moderator
  • this is what i get from UAG event:

    The request from user admin at source IP address 41.206.11.22 to trunk chqappstrunk; Secure=1 failed because the request was unable to reply to an HTTP 401 request from application WORKPLACE of type SharePoint2007AAM.

    Monday, July 11, 2011 1:15 PM
  • Hi Ojekale,

     

    Yes. But did you try to get network capture (using Network Monitor, or any other "sniffer" applicaton) and see if you can find the HTTP request sent by UAG ?

     

    Ophir.

    Monday, July 11, 2011 1:19 PM
    Moderator
  • This is what i get:

     

    10.0.48.67(MOSS) 10.0.48.94(UAG) HTTP HTTP:Response, HTTP/1.1, Status: Unauthorized, URL: / , Using NTLM Authentication {HTTP:108, TCP:107, IPv4:106}


    HTTP:Response, HTTP/1.1, Status: Unauthorized, URL: / , Using NTLM Authentication

    Monday, July 11, 2011 1:49 PM
  • Hi Ojekale,

    Did you look on the HTTP request itself (the request header) and notice the HOSTS and AUTHORIZATION headers ?

    If so - can you compare to same request when using IE on the UAG to access the MOSS directly ?

    Ophir.

    Monday, July 11, 2011 4:09 PM
    Moderator
  • it uses same url.

    Authorization is all users

    It was working before, it just stopped since last wednessday.

    Monday, July 11, 2011 4:41 PM
  • Hi Ojekale,

    I am not talking about the URL, I am talking about the HTTP headers. There is HOST header and there is Authorization header.

    The request should look like something like that:

     

    GET / HTTP/1.1
    Accept:  text/html, application/xhtml+xml, */*
    UserAgent:  Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    Accept-Encoding:  gzip, deflate, peerdist
    Host: mossserver
    Authorization: NTLM TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAAAB=

     

    So the host and the Authorization headers should be compare to the one created without UAG and see if you can spot a difference there ...

     

    Ophir.

    Monday, July 11, 2011 4:54 PM
    Moderator
  • can you please explain the process of getting this?
    Monday, July 11, 2011 5:15 PM
    • Marked as answer by Erez Benari Friday, August 26, 2011 11:28 PM
    Monday, July 11, 2011 5:20 PM
    Moderator