password prompt in intranet sites RRS feed

  • Question

  • Hi All,

    We have deployed direct access on remote sites connecting corporate network with directaccess. we have a two directaccess server in GDC in europe and all the clients across globe connecting with these servers. 5-6(out of 15) users from New zealand are getting password prompt in intranet sites and lync. rest of the users are working fine. The IE settings are same on all client machines and managed by group policies. I have cleared the entry modified today from credential manager for intranet site but no luck. Also, deleted the temp files and cookies  but clients are still getting password prompt. However when connecting with cisco vpn client is not getting any password prompt.  Is there any settings that can be changed on directaccess clients so that applications server always consider the request is coming from intranet rather than internet.

    Thursday, August 7, 2014 5:13 AM

All replies

  • Hi there - the times I have seen this is when the sites are not added to either trusted sites or intranet sites within IE - have you tried this method

    John Davies

    Friday, August 8, 2014 6:12 AM
  • yes, these sites are already added there in intranet sites in IE.
    Monday, August 11, 2014 2:42 AM
  • Hi There - can we get one of the affected users to verify the zone in IE - just in case it is not applying correctly. Get them to open the site - enter the credentials and then choose file | properties in IE and confirm the zone the client thinks it is in.

    John Davies

    Wednesday, August 13, 2014 8:27 AM
  • putting sites in intranet zone would have been my first guess, you can check ie advanced settings and see if under security enable integrated windows authentication is checked. its supposed to be on by default though, so unlikely its the issue
    Wednesday, August 13, 2014 8:53 AM
  • login dialog pop up for whoever want to log into the system. 

    1. Open "Internet Options" of IE
    2. Select "Security" tab and click Local Intranet under "Select a zone to view or change security settings" section
    3. click "Custom level..." 
    4. go to the bottom of the settings list.check/uncheck "Prompt for user name and password".
    However, you have to make this settings in the client side, not in sever side. If there are lots of client terminals, Forms Authentication would much better for you.

    Hope it helps

    Thursday, August 14, 2014 3:08 PM
  • Hi John,

    Thanks for reply. I have already checked the IE settings. IE settings are managed by group policies and intranet sites are already added into trusted sites and internanet sites. the following settings were present on user machine.

    Intranet IE settings

    user authentication : Automatic logon with current user name and password

    Internet IE settings

    user authentication : Automatic logon only in intranet zone(Initial setting) which i changed manually to "Automatic logon with current user name and password"  to resolve the issue as i was only able to change this setting in internet zone but not in intranet zone but no luck.

    IE properties->Advance-> Security

    Already checked:- Enable integrated windows Authentication*

    The same settings were on other users machines but they were able to login without prompt. one strange thing i have notice that every time the user entered the credentials in intranet sites it update the entry in windows credentials in credential manager. if i delete that entry and user re open intranet sites it ask for password after entering credentials it creates the entry in credential manager. after closing IE page and re open intranet page prompts the password. but this weird thing was not happening on other computers.

    I didn't get the chance to check the properties in IE after opening the page as you mentioned above. not sure why this is happening..

    • Edited by achievers Tuesday, August 19, 2014 6:14 AM
    Tuesday, August 19, 2014 4:42 AM
  • Hi Achievers - perhaps the GPO update / settings had not filtered down correctly is my only assumption. As for the credential manager i think this is a red herring with regards DirectAccess. Glad the issue is resolved though.

    John Davies

    Thursday, August 21, 2014 10:04 AM