« previous next »
Pages: [1]   Go Down

Author Topic: Netscaler VPX authentication issue using LB+Sharepoint 2010=401  (Read 1106 times)

Offline svenw

  • Sr. Member
  • **
  • Posts: 11
  • Karma: 1
Netscaler VPX authentication issue using LB+Sharepoint 2010=401
« on: September 14, 2011, 03:24:58 AM »
Hi,
 
we are using Windows 7 for the Clients and Sharepoint 2010 on Windows 2008 R2.

We use Netscaler VPX and currently just to have a clean start I recreated a virtual server using loadbalancing and two SP2010 webfrontents.

I tried to bypass this issue with editing my local hosts file and point directly at one of the two SP2010 servers. This works. Only using the load balanced IP I receive this issue.

Since a couple of days we are not able to login anymore using the load balanced FQDN. I downloaded Fiddler and saw that I receive a 401
 

HTTP/1.1 401 Unauthorized
 
Server: Microsoft-IIS/7.5
 
SPRequestGuid: 42ce1f27-c5ee-4754-8b93-d018dd2c0eac
 
WWW-Authenticate: NTLM
 
X-Powered-By: ASP.NET
 
MicrosoftSharePointTeamServices: 14.0.0.4762
 
Date: Tue, 13 Sep 2011 20:27:53 GMT
 
Content-Length: 0
 
Set-Cookie: NSC_JOiozf0qdcextpndsika01b20jxi3bu=ffffffff09c71a0b45525d5f4f58455e445a4a423660;expires=Tue, 13-Sep-2011 20:27:31 GMT;path=/;httponly
 
Proxy-Support: Session-Based-Authentication
 

Does anyone know why this might happen ? I have added the hostheader to "Local Intranet". Since screen stays blank it seems as if IIS blocks the authentication. Can this have something to do with GPOs or Windows updates ?
 
Comment:
For persistence we used COOKIEINSERT. It seems that this does not work anymore in the LAN. I switched to SOURCEIP and atleast on my test clients it works again. Strange is that it worked before. We switched to COOKIEINSERT before, because in some cases they use a local proxy and in that case SOURCEIP is the proxy and then people start taking over sessions from other users. That is why we changed to COOKIEINSERT, but are there any scenarios when COOKIEINSERT do not work ?

thanks
 
Sven
Logged

Offline svenw

  • Sr. Member
  • **
  • Posts: 11
  • Karma: 1
Re: Netscaler VPX authentication issue using LB+Sharepoint 2010=401
« Reply #1 on: September 15, 2011, 07:23:28 AM »
I changed from session persistence from

COOKIEINSERT, Timeout 2 to COOKIEINSERT, Timeout 0.

It works again and people are automatically signed in. Does anyone know why this solved this issue ?
Logged

Offline Paul B

  • Hero Member
  • *****
  • Posts: 193
  • Karma: 20
Re: Netscaler VPX authentication issue using LB+Sharepoint 2010=401
« Reply #2 on: October 14, 2011, 05:34:06 AM »
Quote from: svenw on September 15, 2011, 07:23:28 AM
I changed from session persistence from

COOKIEINSERT, Timeout 2 to COOKIEINSERT, Timeout 0.

It works again and people are automatically signed in. Does anyone know why this solved this issue ?

With it set to 2 mins, NS sets a persistant cookie, which is valid for 2 minutes.... if the clock on the client is wrong, then the cookie is either not yet valid, or has already expired. 2 minutes is probably far too low if you want this to work!

With it set to 0, it instead uses a session cookie, which expires when the browser is closed.

To be honest, I always use session cookies for this reason.
Logged
Pages: [1]   Go Up
« previous next »