locked
WSS 3 login problems RRS feed

  • Question

  • Situation:

    We use a barebones WSS3 site with SSL to allow external third party people to log in and download some sensitive documents.  I explicitly create those user accounts in AD ad then delete them after they finish.  For the reasons of reducing workload, I do not even give those users email accounts on the server.  I have done it this way for the last year with no problems.

    I have made absolutely no changes of any kind to WSS over the past several months (other than to add a few sub sites within WSS).

    But, as of today, I cannot log in with those external usernames.

    I can log in to our WSS site with no problems using either my username or the admin username.  Also my internal company users can log in with no problems as well.  Only those accounts that I created for external users cannot log in anymore.  I try three times and then get a blank screen and I can see "user denied" as part of the address in the header.

    In an unrelated project we are migrating from inhouse Exchange 2003 to Exchange 2010.  Currently about halfway thru that project.  I only mention it because it is the only "change" I have made in my network is to run the pre-requisite "prepareAD functions for getting ready for that migration.  And install the CAS portion of Exch2010.  But neither of the Exchange installs are on the same box as the WSS, and the WSS is not a DC.

    So, at this point I can only guess that the set up items related to Exchange have changed something in AD enough to where the WSS does not see those usernames the same anymore, but I have no idea so here I am asking for any help and suggestions that you might have to help me out.

    WSS 3 version 12.0.0.6535

     

    Thursday, January 5, 2012 9:10 PM

Answers

  • Thanks for the response.  

     

    I just figured out the problem..

     

     

    Had nothing to do with the Exchange install.  I completely forgot that I had set Dec 31st as my default date for those external user profile accounts to expire.  Most of the time I have deleted accounts before they ever reach their expire dates, so I had not even thought about that as the possible cause....

     

    I don't know how to delete my question out of the forum...  feel so dumb for having it in here at all now...
    • Edited by Stubbdog99 Friday, January 6, 2012 3:10 PM
    • Edited by Mike Walsh FIN Friday, January 6, 2012 3:11 PM Bad lnguage removed
    • Marked as answer by Mike Walsh FIN Friday, January 6, 2012 3:11 PM
    Friday, January 6, 2012 3:09 PM

All replies

  • The login prompts and blank screen suggest that SharePoint is not recognising the accounts at all. If you were able to authenticate but the user did not have access you would get SharePoint's own access denied screen.

    One cause I have seen for this is that the authentication methods for the SharePoint application have changed in IIS. To check this open IIS Manager on your SharePoint server, navigate to the IIS site for your SharePoint application and check what authentication methods are enabled. Typically for your setup I think it should be just Windows Authentication, if Forms, Basic or Anonymous are enabled it can cause this issue. This may not be likely in your case but it's worth checking.

    Other than that, it may be possible that somehow SharePoint has lost it's connection to AD but is letting previous users authenticate against a cached entry. One way to test this would be to try changing your own password and then see if you can authenticate to SharePoint using your old password. Another test would be to create some accounts, and then see if you can find them using the people picker, for e.g. by trying to add them to a SharePoint group.

    I'm not sure if that's even possible, but if it checks out, the first thing I'd look at would be the account that SharePoint runs under. In IIS manager you should be able to find the Application Pool that your application runs under. If that account somehow is expired/disabled it possible that SharePoint will keep running as long as the application pool is not recycled, but would be unable to communicate properly with AD. The quick check for this would be to recycle the application pool and see if you can still browse SharePoint, if not then there's almost certainly an issue with that account, but obviously if this goes wrong it could prevent all users accessing SharePoint, so try just examining the account in AD first.

    If there is a problem with that account and you need to change it to a different account or change the password (i.e. you can't just re-enable it), it's recommended to not change the application pool configuration directly through the IIS manager, but instead to use SharePoint Central Administration, go to the Operations tab and use the Service Accounts page to change it.


    edit: Actually thinking about this some more, and easy fix to everything may be to just reboot the SharePoint server, if it has lost it's connection to AD a simple reboot may solve everything.
    Friday, January 6, 2012 12:33 PM
  • Thanks for the response.  

     

    I just figured out the problem..

     

     

    Had nothing to do with the Exchange install.  I completely forgot that I had set Dec 31st as my default date for those external user profile accounts to expire.  Most of the time I have deleted accounts before they ever reach their expire dates, so I had not even thought about that as the possible cause....

     

    I don't know how to delete my question out of the forum...  feel so dumb for having it in here at all now...
    • Edited by Stubbdog99 Friday, January 6, 2012 3:10 PM
    • Edited by Mike Walsh FIN Friday, January 6, 2012 3:11 PM Bad lnguage removed
    • Marked as answer by Mike Walsh FIN Friday, January 6, 2012 3:11 PM
    Friday, January 6, 2012 3:09 PM