Strange issue with Integrated authentication and 3G

Hi All,

(I am hoping for some inspiration here)

We have a problem which has appeared in the past few weeks where our
laptop users remotely connect with XP SP1 and SP2 laptops to Windows
2003 SP1 AD network using Cisco VPN client. Transport is one of:

1) modem PSTN connection
2) broadband connection
3) Vodaphone 3G datacard connection.

They connect to Cisco VPN before logging onto Windows so the Windows
login process completes cleanly and scripts run etc...They then launch
IE which has our https intranet page as home page and which is
configured to use integrated authentication (hosted on IIS 6 + Windows
server 2003 SP1). HERE is the problem - when the connection is made
over 1) or 2) then the integrated authentication works correctly but
when 3) is used then the user is prompted for credentials which must be
entered in the format domain\username + password before the page is
displayed.

We have tried security auditing on DC, IIS server and on laptop but
only get success and failures for logons when correct / incorrect
credentials are entered at the pop-up box after integrated
authentication has failed.

Anyone got any ideas how I could get to the bottom of this? Why would
it be different with a 3G card - it does not make sense? any IIS log
files or traces I could run (I have tried packet sniffing with Ethereal
but can't see unencrypted VPN traffic)

Thx, S

Re: Strange issue with Integrated authentication and 3G

Hi,

Have you checked this KB article yet to verify that all the conditions for
an IE auto-logon attempt are in place?
http://support.microsoft.com/?id=258063

Cheers
Ken

"Sunny" wrote in message
news:1145999598.376696.15860@i39g2000cwa.googlegroups.com...
> Hi All,
>
> (I am hoping for some inspiration here)
>
> We have a problem which has appeared in the past few weeks where our
> laptop users remotely connect with XP SP1 and SP2 laptops to Windows
> 2003 SP1 AD network using Cisco VPN client. Transport is one of:
>
> 1) modem PSTN connection
> 2) broadband connection
> 3) Vodaphone 3G datacard connection.
>
> They connect to Cisco VPN before logging onto Windows so the Windows
> login process completes cleanly and scripts run etc...They then launch
> IE which has our https intranet page as home page and which is
> configured to use integrated authentication (hosted on IIS 6 + Windows
> server 2003 SP1). HERE is the problem - when the connection is made
> over 1) or 2) then the integrated authentication works correctly but
> when 3) is used then the user is prompted for credentials which must be
> entered in the format domain\username + password before the page is
> displayed.
>
> We have tried security auditing on DC, IIS server and on laptop but
> only get success and failures for logons when correct / incorrect
> credentials are entered at the pop-up box after integrated
> authentication has failed.
>
> Anyone got any ideas how I could get to the bottom of this? Why would
> it be different with a 3G card - it does not make sense? any IIS log
> files or traces I could run (I have tried packet sniffing with Ethereal
> but can't see unencrypted VPN traffic)
>
> Thx, S
>

Re: Strange issue with Integrated authentication and 3G

Thanks Ken -

The article has helped me to solve the issue. Basically the 3G
connection was not resolving the Intranet address to local Intranet
zone and this is because we had different by-pass proxy settings on the
3G connection in IE.

Thanks again for the pointer


Ken Schaefer wrote:
> Hi,
>
> Have you checked this KB article yet to verify that all the conditions for
> an IE auto-logon attempt are in place?
> http://support.microsoft.com/?id=258063
>
> Cheers
> Ken
>
> "Sunny" wrote in message
> news:1145999598.376696.15860@i39g2000cwa.googlegroups.com...
> > Hi All,
> >
> > (I am hoping for some inspiration here)
> >
> > We have a problem which has appeared in the past few weeks where our
> > laptop users remotely connect with XP SP1 and SP2 laptops to Windows
> > 2003 SP1 AD network using Cisco VPN client. Transport is one of:
> >
> > 1) modem PSTN connection
> > 2) broadband connection
> > 3) Vodaphone 3G datacard connection.
> >
> > They connect to Cisco VPN before logging onto Windows so the Windows
> > login process completes cleanly and scripts run etc...They then launch
> > IE which has our https intranet page as home page and which is
> > configured to use integrated authentication (hosted on IIS 6 + Windows
> > server 2003 SP1). HERE is the problem - when the connection is made
> > over 1) or 2) then the integrated authentication works correctly but
> > when 3) is used then the user is prompted for credentials which must be
> > entered in the format domain\username + password before the page is
> > displayed.
> >
> > We have tried security auditing on DC, IIS server and on laptop but
> > only get success and failures for logons when correct / incorrect
> > credentials are entered at the pop-up box after integrated
> > authentication has failed.
> >
> > Anyone got any ideas how I could get to the bottom of this? Why would
> > it be different with a 3G card - it does not make sense? any IIS log
> > files or traces I could run (I have tried packet sniffing with Ethereal
> > but can't see unencrypted VPN traffic)
> >
> > Thx, S
> >