Announcement

Collapse
No announcement yet.

CWA 2007 R2 - Logon problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • CWA 2007 R2 - Logon problems

    Hi

    I’m currently installing Communicator Web Access 2007 R2 in a multiple domain environment (hosted), and experience logon problems from other domains than the one OCS is installed in.

    Configuration:
    - All servers running Win2008 (not R2)
    - Single OCS 2007 R2 front-end with consolidated edge
    - Hosted environment / multiple separate domains (not subdomains)
    - CWA running on separate server published through ISA 2006
    - Trust between domains are working
    - Servers and shadow users are located in domain A, and users are located in domain B,C

    Problem:
    - User logon from domain A towards CWA works fine
    - Users from domain B and C cannot logon (se log file).
    - The “msRTCSIP” value is the same for user account in Domain A and B
    - The “OriginatorSid“ value is different

    The logfile reports of “QueryUserBySID failed” right after the user has been authenticated.
    I have had no luck in trying to find a solution to this error obviously, so any help will be appreciated.

    Log file:
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:42.905.0000160d (CWAAuth,CIO_Context::ValidateSignOn:httpIO.cpp(14 63))( 000000001C5196F0 ) ValidateSignOn - Begin validate.
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:42.905.0000160e (CWAAuth,CIO_Context::ValidateSignOn:httpIO.cpp(15 37))( 000000001C5196F0 ) ValidateSignOn - Auth type: 2 Method: POST
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:42.905.0000160f (CWAAuth,CIO_Context::ValidateSignOn:httpIO.cpp(16 64))( 000000001C5196F0 ) ValidateSignOn - Domain/User: DomainB\User1
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:42.905.00001610 (CWAAuth,CIO_Context::PerformNetworkLogon:httpIO.c pp(2837))( 000000001C5196F0 ) PerformNetworkLogon - begin LogonUserA (domainuser) for user: User1.
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001611 (CWAAuth,CIO_Context::PerformNetworkLogon:httpIO.c pp(2843))( 000000001C5196F0 ) PerformNetworkLogon - end LogonUserA (domainuser) for user: User1.
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001612 (CWAAuth,CIO_Context::PerformNetworkLogon:httpIO.c pp(290)( 000000001C5196F0 ) PerformNetworkLogon - Logon succeeded for user User1
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001613 (CWAAuth,CADAuthz::AuthorizeUser:adauthz.cpp(245)) ( 000000007251A2B0 ) CADAuthz::AuthorizeUser entered - URI: NULL
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001614 (CWAAuth,CADAuthz::InternalAuthorize:adauthz.cpp(3 59))( 000000007251A2B0 ) CADAuthz::InternalAuthorize - URI: NULL SID: S-1-5-21-1343024091-790525478-682003330-7360
    --== SID from user1 in domain B ==--
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001615 (CWAAuth,CLDAPBindManager::AcquireCachedBind:adaut hz.cpp(2347))( 000000000241A690 ) CLDAPBindManager::AcquireCachedBind - entered for : 0.
    TL_VERBOSE(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001616 (CWAAuth,CLDAPBindManager::AcquireCachedBind:adaut hz.cpp(2351))( 000000000241A690 ) CLDAPBindManager::AcquireCachedBind - waiting for read lock m_rwlAcquireBind.
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001617 (CWAAuth,CLDAPBindManager::AcquireCachedBind:adaut hz.cpp(2372))( 000000000241A690 ) CLDAPBindManager::AcquireCachedBind - cached bind was acquired.
    TL_VERBOSE(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001618 (CWAAuth,CLDAPBindManager::AcquireCachedBind:adaut hz.cpp(2377))( 000000000241A690 ) CLDAPBindManager::AcquireCachedBind - leaving for read lock m_rwlAcquireBind.
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001619 (CWAAuth,CLDAPBindManager::CLDAPBind::QueryUserInt ernal:adauthz.cpp(3002))( 000000000240F4B0 ) CLDAPBind::QueryUserInternal - search filter: (&(|(objectCategory=user)(objectCategory=contact)( objectCategory=interOrgPerson))(|(objectSID=\01\05 \00\00\00\00\00\05\15\00\00\00\DB\EB\0C\50\26\76\1 E\2F\82\8B\A6\28\C0\1C\00\00)(msRTCSIP-OriginatorSid=\01\05\00\00\00\00\00\05\15\00\00\00 \DB\EB\0C\50\26\76\1E\2F\82\8B\A6\28\C0\1C\00\00)) )
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.0000161a (CWAAuth,CLDAPBindManager::CLDAPBind::QueryUserInt ernal:adauthz.cpp(3004))( 000000000240F4B0 ) CLDAPBind::QueryUserInternal - begin ldap_search_sW: (&(|(objectCategory=user)(objectCategory=contact)( objectCategory=interOrgPerson))(|(objectSID=\01\05 \00\00\00\00\00\05\15\00\00\00\DB\EB\0C\50\26\76\1 E\2F\82\8B\A6\28\C0\1C\00\00)(msRTCSIP-OriginatorSid=\01\05\00\00\00\00\00\05\15\00\00\00 \DB\EB\0C\50\26\76\1E\2F\82\8B\A6\28\C0\1C\00\00)) )
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.0000161b (CWAAuth,CLDAPBindManager::CLDAPBind::QueryUserInt ernal:adauthz.cpp(3015))( 000000000240F4B0 ) CLDAPBind::QueryUserInternal - end ldap_search_sW: (&(|(objectCategory=user)(objectCategory=contact)( objectCategory=interOrgPerson))(|(objectSID=\01\05 \00\00\00\00\00\05\15\00\00\00\DB\EB\0C\50\26\76\1 E\2F\82\8B\A6\28\C0\1C\00\00)(msRTCSIP-OriginatorSid=\01\05\00\00\00\00\00\05\15\00\00\00 \DB\EB\0C\50\26\76\1E\2F\82\8B\A6\28\C0\1C\00\00)) )
    TL_ERROR(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.0000161c (CWAAuth,CLDAPBindManager::CLDAPBind::QueryUserInt ernal:adauthz.cpp(3035))( 000000000240F4B0 ) CLDAPBind::QueryUserInternal - ldap_first_entry failed - Filter: (&(|(objectCategory=user)(objectCategory=contact)( objectCategory=interOrgPerson))(|(objectSID=\01\05 \00\00\00\00\00\05\15\00\00\00\DB\EB\0C\50\26\76\1 E\2F\82\8B\A6\28\C0\1C\00\00)(msRTCSIP-OriginatorSid=\01\05\00\00\00\00\00\05\15\00\00\00 \DB\EB\0C\50\26\76\1E\2F\82\8B\A6\28\C0\1C\00\00)) )
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.0000161d (CWAAuth,CADAuthz::InternalAuthorize:adauthz.cpp(3 73))( 000000007251A2B0 ) CADAuthz::InternalAuthorize - CLDAPBind::QueryUserBySID failed - URI: NULL SID: S-1-5-21-1343024091-790525478-682003330-7360 (hr=0xc407c38e)
    TL_WARN(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.0000161e (CWAAuth,CADAuthz::AuthorizeUser:adauthz.cpp(265)) ( 000000007251A2B0 ) CADAuthz::AuthorizeUser - InternalAuthorize failed - URI: NULL hr: 0xc407c38e
    TL_VERBOSE(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.0000161f (CWAAuth,CIO_Context::ValidateSignOn:httpIO.cpp(19 85))( 000000001C5196F0 ) ValidateSignOn - Exit
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001620 (CWAAuth,CIO_Context::HseProcessRequest:httpIO.cpp (2127))HseProcessRequest - ValidateSignOn failed - Error 2
    TL_INFO(TF_COMPONENT) [0]0C38.0F3C::08/18/2010-12:47:43.045.00001621 (CWAAuth,FSendResponseHeaders:httpIO.cpp(231))FSen dResponseHeaders - StatusLine: 200 OK Headers: LogonFailure: 2

  • #2
    Re: CWA 2007 R2 - Logon problems

    Problem solved..
    The service account did not have the necessary rights to search for users in certain OU’s in the recource domain (where OCS is installed).
    This happened because of our AD configuration.

    Comment

    Working...
    X