Saturday, July 26, 2008

How to automatically login corporate / internal users to Internet or Extranet website

I have often been faced with this challenge of automatically logging in internal organizational users to intranet accessed via a public URL. For example IE 6.0+ will be able to automatically login a user to the Intranet accesssed via the internal URL (like http://intranet) but the same internal corporate user will be prompted for a username/password when trying to access the same intranet site via the public facing external URL (like http://intranet.xyzinc.com). I solved this issues by merging the following registry entries at each of the user's computer and this can be automated by including the script below as part of the user's logon script to the domain (my example below assumes that your external public facing url is intranet.xyzinc.com for your internal corporate intranet hosted on a web server named MOSS01):

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]@=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xyzinc.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xyzinc.com\intranet]"*"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\MOSS01]"*"=dword:00000001

Friday, July 18, 2008

Tips to solve the Error - "No authority could be contacted for authentication"

I have come across this error message "No authority could be contacted for authentication" a couple of times now. Here are the possible fixes i have used:
  1. Make sure that your MOSS server is part of the domain whose users you are trying to authenticate against your portal. If it is and you still get error then remove your MOSS server from your domain and delete the server name in the domain, then add the server into domain again
  2. Check the DNS configuration (Under TCP/IP settings) of your web server and see that it points to your AD DNS (probably your AD server) and not to the ISP DNS (Make sure you are aware of any Firewalls or Filters between your AD server and MOSS server)
  3. Also make sure that your certificate authority (CA) is also your domain controller, you're going to need to find out what IIS is giving out for a cert and then make sure there are no bad DNS entries in there for that.
  4. If above doesnt work, try IE Tools > Settings > User Authentication settings for the Local Intranet zone, check “Automatic logon only in the Intranet zone” is selected. If selected then try resetting to User Authentication to “Prompt for user name and password” and the issue might be resolved.