Got "companyweb" prompting you to log in?

This one has been bugging me for a while.

Nice shiney SBS2003 Premium and the network clients can happily access the companyweb intranet site. When we introduce a W2K3 terminal server into the mix though, whenever we go to access the companyweb it prompts for a username and password.

Hmmm - check event logs, security permissions etc etc but nothing makes sense. Even played around with ISA despite knowing this couldn't be part of the equation.

In chatting with some fellow SBSers, most of them would suggest I check DNS and making sure companyweb is in the Internet Explorer “trusted sites” site. But it already was!!!

OK, thinking about this....it's actually part of our own network, which we naturally trust anyway, and more specifically it's our intranet. Check that site - nup, not there. So I added it in (got prompted about moving it from the trusted sites to the intranet sites - hit the OK button and you're in) and voila - prompt removed.

I can now happily open and close my companyweb from my terminal server (aka remote desktop server) without being prompted. Time to go check group policy to see if I can have this done automatically for TS users.

So - remember the enhanced W2K3 Server IE security settings and that even though you can TRUST your SBS, you want it in your INTRANET site.

Posted: Jan 27 2005, 10:02 PM by calvert | with 7 comment(s)
Filed under: ,

Comments

calvert said:

This is because IE naturally determines whether a website is in the Intranet zone or not by looking for dots (periods) in the name. If it sees no dots, it's a local Intranet website because it's not discoverable or routable on the Internet.

If it has dots, then no matter where the site is located it's considered potentially not trusted, at least for automatic Windows Authentication.

Congrats, you figured out how to create an exception to the rule IE uses and it's a better solution than loosening up the security for one of the other zones.

Note though that if you used the unqualified name (http://companyweb) and not the FQDN from your Terminal Server you wouldn't have had your problem.

At least, that's the way things are supposed to work...

Tony
# January 28, 2005 1:20 PM

calvert said:

Thanks Tony,
Although I was browsing to "http://companyweb" and getting the prompt (being the home page set by SBS) so one would "assume" it should have worked straight off anyway, as there are no dots in the name.
One to add to the bag of tricks
Dean
# January 28, 2005 1:28 PM

calvert said:

Hmmmm...
That's a new one I haven't run into or heard about, then.

Still, congrats on finding the solution!

Tony
# January 29, 2005 12:44 PM

calvert said:

Just setting up SBS2003 for the first time to do some exchange coding at home without having to do it live on a company's net and got hit with this one. MS server setups have come a long way but little things like this just kill yer spirit. :)

Thanks for posting, it was a big help.
# April 9, 2005 7:42 AM

Rick said:

Hey,
I've found out that the enhanced security feauture in Server 2003 is the problem.
When you remove it from software the problem's gone like snow in the sun!

Greetings,
Rick
# May 2, 2006 1:39 PM

Doug said:

Worked great.....Thanks!

# May 18, 2007 12:05 PM

Lee Edge said:

I had this and noticed that even though the address in the explorer address bar was http:\\companyweb the location in the login prompt showed as companyweb.domainname.local - so I added the FQDN to the local intranet zone and voila! how annoying straight out of the box!

Lee Edge

# October 22, 2007 5:44 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)