Authentication Problem With Grid Control

[MARC TIDD]

Hello,



I have recently installed Project Server SP1 and now I have users who cannot access pages with grids on them. Both servers are in the trusted sites zone and all IE security settings are set to enabled or prompt. The MSADC path is excluded on the SharePoint server.



System Information

Server A - WSS, Project Server SP1

Server B - SQL Server



This problem is not affecting certain people; however I can find no conclusive differences between the two groups.



Each time I access a page with a grid I get a login prompt. Signing in to the prompt always fails even with valid credentials. I then get three failed attempts and I am redirected to the Project Home page.



In the security event logs on Server A, I get the following failure audit for each attempt.



<!----------------------------------------->



Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 529

Date: 1/26/2005

Time: 4:59:56 PM

User: NT AUTHORITY\SYSTEM

Computer: OPAPP01

Description:

Logon Failure:

Reason: Unknown user name or bad password

User Name:

Domain:

Logon Type: 3

Logon Process: Kerberos

Authentication Package: Kerberos

Workstation Name: -

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: x.x.x.x

Source Port: 3958





For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



<!----------------------------------------->



I have signed in to my PC as local administrator (not on the domain), and then used basic authentication with my domain account and everything works fine in PWA. However, if I sign in to the domain it does not work. Yet for some users it works even when they are on the domain.



I have another user who has no problems, yet when I sign on to the domain using his PC I have the same problems that I have on my PC.



So it seems to me that I have some users who cannot use integrated windows authentication for certain components on project server.



Any help you could offer would be greatly appreciated.



Thanks



Marc A. Tidd

 

[Gary L. Chefetz \(MVP\)]

Marc:

Try upgrading MDAC on the offending machines and see if that helps. You
should consider deploying 2.8 across the board.

--

Gary L. Chefetz, MVP
"We wrote the books on Project Server"
http://www.msprojectexperts.com

-
Hello,



I have recently installed Project Server SP1 and now I have users who cannot
access pages with grids on them. Both servers are in the trusted sites zone
and all IE security settings are set to enabled or prompt. The MSADC path
is excluded on the SharePoint server.



System Information

Server A - WSS, Project Server SP1

Server B - SQL Server



This problem is not affecting certain people; however I can find no
conclusive differences between the two groups.



Each time I access a page with a grid I get a login prompt. Signing in to
the prompt always fails even with valid credentials. I then get three
failed attempts and I am redirected to the Project Home page.



In the security event logs on Server A, I get the following failure audit
for each attempt.



<!----------------------------------------->



Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 529

Date: 1/26/2005

Time: 4:59:56 PM

User: NT AUTHORITY\SYSTEM

Computer: OPAPP01

Description:

Logon Failure:

Reason: Unknown user name or bad password

User Name:

Domain:

Logon Type: 3

Logon Process: Kerberos

Authentication Package: Kerberos

Workstation Name: -

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: x.x.x.x

Source Port: 3958





For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



<!----------------------------------------->



I have signed in to my PC as local administrator (not on the domain), and
then used basic authentication with my domain account and everything works
fine in PWA. However, if I sign in to the domain it does not work. Yet for
some users it works even when they are on the domain.



I have another user who has no problems, yet when I sign on to the domain
using his PC I have the same problems that I have on my PC.



So it seems to me that I have some users who cannot use integrated windows
authentication for certain components on project server.



Any help you could offer would be greatly appreciated.



Thanks



Marc A. Tidd

 

[MARC TIDD]

Thanks Gary,

Unfortunately, that doesn't appear to be my problem. I have MDAC 2.8 SP1 on
Windows XP SP2. Most of the offending machines are XP SP2 but not all of
them.

I did some experimenting today and found that:

Users who can access grids on PWA on their machines cannot access then on my
machine.
I have been unable to access the grid pages with my domain account from any
PC even when other users can use that PC successfully.

I am baffled. I opened an email support ticket with Microsoft today. I
will let you know if I ever get the solution. I am thinking that I have
multiple issues.

Marc

 

[Gary L. Chefetz \(MVP\)]

Marc:

The fact that the problem follows your account would suggest the possibility
that the issue is related to security applied at a group level or profile
level in the domain.

--

Gary L. Chefetz, MVP
"We wrote the books on Project Server"
http://www.msprojectexperts.com

-

Thanks Gary,

Unfortunately, that doesn't appear to be my problem. I have MDAC 2.8 SP1 on
Windows XP SP2. Most of the offending machines are XP SP2 but not all of
them.

I did some experimenting today and found that:

Users who can access grids on PWA on their machines cannot access then on my
machine.
I have been unable to access the grid pages with my domain account from any
PC even when other users can use that PC successfully.

I am baffled. I opened an email support ticket with Microsoft today. I
will let you know if I ever get the solution. I am thinking that I have
multiple issues.

Marc

 

[MARC TIDD]

Well, I wouldn't rule that out completely because I haven't dug into that
possibility very much.

PWA worked for everyone before SP1. Also, I believe all my users are in the
same security group on the domain.

That leaves us with the possibility of a profile level problem that affected
6 out of 8 of my users. Also the fact that I can operate fine when I am not
on the domain suggests something that is applied to my environment when I am
on the domain.

I will research the domain security.

Thanks,

--
MARC TIDD

Marc:

The fact that the problem follows your account would suggest the
possibility
that the issue is related to security applied at a group level or profile
level in the domain.

--

Gary L. Chefetz, MVP
"We wrote the books on Project Server"
http://www.msprojectexperts.com

-

 

[Gary L. Chefetz \(MVP\)]

Marc:

Hmmm. More than likely, we're looking at more than one issue. You could ask
your network team to recreate your user profile and see if that clears
things up for your account, and eliminate one possibility.

--

Gary L. Chefetz, MVP
"We wrote the books on Project Server"
http://www.msprojectexperts.com

-

 

[MARC TIDD]

Hello,

I believe I have isolated our problem. Under the Internet Explorer advanced
settings I have unchecked the "Enable Integrated Windows Authentication"
option. This has allowed us to work with the grid controls. I have also
confirmed that this setting is the difference between the functioning and
non-functioning clients.



Our Project Server is in the Trusted Sites zone and the option for automatic
logon with current user name and password is working fine.



Is there something else wrong in our environment that is not allowing the
integrated windows authentication method? Or, does the option need to be
unchecked for Project Server?


Thanks,

 

[JuergN]

Hello

We experience the same problem on a client as Marc does. We have also follow
all proposed steps to solve it: SharePoint excluded MSADC folder (KB 832588),
no firewall present, msadcs.dll is only available in the latest version
(delete an old version in the English common files folder; German client
installations with Gemeinsame Dateien) und the unchecked Windows
Authentication.

But we still experience the problem described in this threat.

Who has a further input to get the issue solved? BTW: It's not an issue of
the user account. On a different machine the user can access without any
problems.

Thanks from Switzerland