locked
Sharepoint subsite cannot be accessed from alternate domains RRS feed

  • Question

  • We are running a sharepoint site with a subsite for our telephone directory. The sites are hosted on servers within our London domain. We have users in multiple domains accross our network who access these sites. Up until a week ago this was working correctly however we are now getting an error accessing the subsite for anyone outside the London Domain.

    When trying to access the subsite from a computer on a different doimain (e.g. Leeds), the user is prompted for their username and password which is fine. However after entering their details they get either an error 500 page cannot be displayed, or if using firefox they get a simple line of text saying "No Authority could be contacted for authentication". If within sharepoint we login as a different user and use credentials for the lodon domain the subsite page displays without any errors.

    We had assumed that this was a problem with the credentials for users outside of London however, if we use a computer on the London domain, load the sharepoint site and login with a Leeds domain users credentials, the subsite works absolutely fine. So the problem only seems to exist when trying to access the site from a computer on a different domain.

    Any help would be greatly appreciated. If you need any further information please let me know.

    Thanks

    Steve

    • Edited by Mike Walsh FIN Tuesday, December 14, 2010 12:05 PM unnecessary pressure removed
    Tuesday, December 14, 2010 10:14 AM

Answers

  • Update:

    OK it looks like it was a problem somewhere with DNS. When this problem started the SP server was pointing at 2003 DC's for DNS. We tried changing this to the 2008 DC's but still had the same issues. It is now pointing at 2003 as primary and 2008 as secondary and appears to be working.

    This doesn't actually make sense to me why this would work but I am checking with the netops team to find out if any other changes were made yesterday.

     

    • Marked as answer by Emir Liu Monday, December 20, 2010 6:32 AM
    Wednesday, December 15, 2010 9:40 AM

All replies

  • I doubt if this is a SharePoint problem.

    The SP server needs to access the appropriate DC.

    So the problem seems to be that   ClientPC (Domain A) .-> Server (Domain B) -> DC (Domain A) isn't working but ClientPC (Domain B) .-> Server (Domain B) -> DC (Domain A) is.

    I'd ask your network / AD people what changes they have made. Maybe it's simply that the A-B-A is just taking too much time. (and more time than it was)

     

     


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Tuesday, December 14, 2010 12:12 PM
  • Thanks for the reply.

    The more we look at the more I think your correct that its not just SP. There definately looks to be something stopping the authentication but we are having trouble tracking down where this is happening.

    In the IIS logs we are getting a lot of 401.1 and 401.2 errors

    The only thing thats really changed on the network recently is the addition of some 2008 DC's, the 2003 DC's are also still running.

    On an additional note we have found that there are 2 other domains on our network (aside from London) that can still access the sub-site.

    Tuesday, December 14, 2010 4:11 PM
  • any SP third party install to the server recently? 

    Does the user also have access to the top site? I had this problem before where we have unique permission on subsite and adding the user(readonly) at top site solve the issue. temporary workaround).

    After investigation, we noticed that one of the third party future cause the problem. removing this solve the issue.

    Wednesday, December 15, 2010 7:48 AM
  • As far as I am aware there have been no third party installs but I will check with the rest of the team to confirm.

    All users are able to access the top site, this part seems to be fine for all domains. It just the sub sites that seem to have the problem.

    On another note the problem seems to be developing. Originally the only way to access the sub-site from one of the faulty domains was to sing into sharepoint as a different user and enter London domain credentials. I have tested this this morning and this no longer works from computers on separate domains.

    Credentials still work for all domains IF the pc being used is on the London domain.

    Wednesday, December 15, 2010 9:15 AM
  • Update:

    OK it looks like it was a problem somewhere with DNS. When this problem started the SP server was pointing at 2003 DC's for DNS. We tried changing this to the 2008 DC's but still had the same issues. It is now pointing at 2003 as primary and 2008 as secondary and appears to be working.

    This doesn't actually make sense to me why this would work but I am checking with the netops team to find out if any other changes were made yesterday.

     

    • Marked as answer by Emir Liu Monday, December 20, 2010 6:32 AM
    Wednesday, December 15, 2010 9:40 AM