Users from another domain can't log in

[Dave Mochalsky]

Hi

I have two domains: Domain A and Domain B. I have installed Project Server
2003 on Domain A. Users of Domain B can log into systems running in Domain A
using Domain B usernames but can not log into Project Server 2003 through
web access. I changed the authentication type from windows to Project Server
in web access. Project Server now accepts the projectserver username and
password but still asks for the domain username and password. How can i
resolve this issue? Will i have to buy external connector to connect users
from another domain to the Project Server? Please advise!

Thanks and Best Regards,

Dave

--

 

[Rolly Perreaux]

Hi

I have two domains: Domain A and Domain B. I have installed Project Server
2003 on Domain A. Users of Domain B can log into systems running in Domain A
using Domain B usernames but can not log into Project Server 2003 through
web access. I changed the authentication type from windows to Project Server
in web access. Project Server now accepts the projectserver username and
password but still asks for the domain username and password. How can i
resolve this issue? Will i have to buy external connector to connect users
from another domain to the Project Server? Please advise!

Thanks and Best Regards,

Dave

Hi Dave,

As a quick answer to your question, whenever you see a pop up domain
username and password dialog box it's trying to authenticate using
Windows Authentication. So if you change to Project Server
authentication, then it tells me that you're running SharePoint in
conjunction with Project Server. Is that the case here?

But in any case, we need a bit more info on your environment...

1. Are these Windows Server 200x domains?
If so, are they in the same Active Directory forest or 2 separate AD
forests and namespaces?

2. Are these 2 domains connected via the Internet
If so, how do they connect to each other? VPN, IPSEC or PPTP tunnel?

3. How many Domain Controllers are there in each domain? If there are
more than one in each domain, do you use AD Bridgehead servers between
the domains?

4. Are you using/installed SharePoint with Project Server? Are they both
on the same server?

That should get us at a good starting point

Cheers,

--
Rolly Perreaux, PMP, MCSE
Project Server Trainer/Consultant

TriMagna Corporation
Microsoft Gold Partner
http://www.trimagna.com

 

[Dave Mochalsky]

Thanks Rolly.

1. These are Win2003 domains and exist in the same forest.
2. Domains connect through VPN
3. 1 Controller in each domain
4. Yes, we are using SharePoint with Project Server. No, both of them are
on separate machines.

Another thing that i noticed is that user has to give complete URL including
pagename in the address box in order to access the login page.
http://server/projectserver gives page not found error but
http://server/projectserver/lgnps.asp works fine. This is unusual as all
other users can access the project server without specifying the pagename in
the URL.

Thanks,

Dave

 

[Rolly Perreaux]

Thanks Rolly.

1. These are Win2003 domains and exist in the same forest.
2. Domains connect through VPN
3. 1 Controller in each domain
4. Yes, we are using SharePoint with Project Server. No, both of them are
on separate machines.

Another thing that i noticed is that user has to give complete URL including
pagename in the address box in order to access the login page.
http://server/projectserver gives page not found error but
http://server/projectserver/lgnps.asp works fine. This is unusual as all
other users can access the project server without specifying the pagename in
the URL.

Thanks,

Dave

Hi Dave,

Do you know what the functional level the AD forest and both domains are
currently set?

The following article is called, "How to raise domain and forest
functional levels in Windows Server 2003"
http://support.microsoft.com/kb/322692/

At the Table of Contents click the following links for the procedure:
Raise the Domain Functional Level
Raise the Forest Functional Level

PLEASE NOTE
Do Not Change the Functional Level!!!
I just want to know what the levels are currently set at.

Also something else to check

On the server where Project Server is installed, check the permissions
on IIS 6.0 for the website that is hosting PWA. You might need to add
your users from Domain B into the permissions for the PWA server.

Procedure:
1. In IIS Manager, right click on the web site name hosting PWA and
click permissions.
2. By default, the local built-in groups called Users should be listed
with the following permissions:
Read & Execute
List Folder Contents
Read
3. Click the Add button.
4. In the Select Users or Groups dialog box, click Locations.
5. In the Locations dialog box, drill down to Domain B, and click OK.
6. In the Select Users or Groups dialog box, type DOMAIN USERS in the
Enter the object names to select box and click Check Names to verify.
If you do not receive any errors then click OK.
7. At the permissions list ensure that only Read & Execute, List Folder
Contents, and Read permissions are selected, then Click OK.

*Note: You could add the DOMAIN USERS group to the Local Built-in Users
group using Computer Management in Admin Tools on the PWA Server. Either
procedure will work

Let us know what happens...

--
Rolly Perreaux, PMP, MCSE
Project Server Trainer/Consultant

TriMagna Corporation
Microsoft Gold Partner
http://www.trimagna.com

 

[Dave Mochalsky]

Rolly,

Thank you very much for such a comprehensive reply. I am really grateful to
you. Our IT Manager is out sick, therefore, i can't answer your technical
questions regarding AD. I will try the other option though and will let
you know the result.

Thanks indeed.

Regards,

Dave

--