Wednesday, July 1, 2009

Problem with two domains automatically authenticating

After joining two domains I discovered that only users from one domain where automatically logged on to SharePoint. After checking with Google I tried to give the users Access using the Built-in groups, and changing the web application policy. I even checked the possibility to create different zones etc.

The two domains trust each other, and the users in one domain is included in a domain group in the “source domain”. So theoretically this should work…

After checking nearly all settings in SharePoint I took a look at the client, Internet Explorer. Since all settings in IIS and SharePoint looked OK, I figured that it may be the client.

After configuring the SharePoint URL as a trusted site, and changing the User Authentication in IE the problem was solved.

twodomains_001

Thinking about the problem, and the simple solution I found that always starting the problem solving at the server end may result in many hours of headache. Next time I will check the client configuration…

To configure the “Automatic logon with current user name and password” Choose Tools->Internet Options, Security Tab, and click on the “Custom Level” button. Scroll down to the bottom of the settings list.

This can easily be distributed with a GPO, and for my lesson learned, I always check for the sites to be a trusted site, or in the local intranet zone before checking the server configuration.

No comments: