Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Loging in over the internet.

I have a customer who has allowed me access to Unity over the internet thru the firewall. When I go to the address I get a www authentication error. The laptop I'm logging in with has an account on Unity that matches my laptop account, so that when I'm on site I can plug into their network and get to the SA with my browser. Why wont it work over the internet? Is it seeing the account I used to log into my ISP? How do I set up in Internet Explorer so I can login thru the fire wall using my ISP? Thanks in advance.<br>David Borden<br><br>

3 REPLIES
Anonymous
N/A

Re: Loging in over the internet.

Hi David.
Are you getting an authentication error or is it not finding the web page itself? When coming in from the outside (i.e. you’re not authenticated on their domain yet as you are when you attach your laptop locally and log in) you should get a “challenge and response” login to enter an account name and password. It doesn’t sound like you’re even getting that far. If you are getting that far, be sure to fill in the login name with the domain as well (i.e. login with "DOMAINNAME\Jsmith" instead of just “jsmith”… that sometimes trips people up).

I suspect, however, that the problem is they don’t have access through the firewall to the web server on our box setup properly. You can verify that by connecting to one of the generic web pages on the IIS server on our box. For instance my text box that has Unity installed on it is called “JeffsTest” and I can surf to “http://jeffstest/samples/sampsite/default.htm” . This takes me to the sample coffee house web page installed by IIS. I’m guessing you wont be able to connect to that site as well.

Setting up web access to work through a fire wall in general (this has nothing to do with Unity specifically) can be tricky stuff. In the release notes for Unity on your CD you’ll find some general information about this and some references to Microsoft documentation for more specifics in Appendix B.


Jeff Lindborg
Unity Product Architect
Active Voice Corp
jlindborg@activevoice.com

Anonymous
N/A

Re: Loging in over the internet.

I have this same problem. It only seems to be with the Unity user and administration interfaces. I have OWA on the same Exchange box and running through the same Proxy with the same permissions and pointer on the Proxy, but for some reason I can't get to the Unity pages.

I sort of gave up and I VPN in, but I would like to get this to work.

Bill

Anonymous
N/A

Re: Loging in over the internet.

OK… spent some time doing a little checking on this with the SA folks today since a few folks have been asking about this.

For some folks in the field this works ok and for others the login dialog wont accept their domain\login and PW (i.e. it just keeps popping back up on you). In all the cases I’ve looked at (where it wasn’t a fire wall issue) there was a proxy server involved somewhere between the client trying to log into the SA or AA and the Unity server itself.

NTs Challenge and Response protocol (CHAPS) apparently does have known problems where it will fail to work properly with proxy servers. Here’s a link to a knowledge base article discussing the problem:

http://support.microsoft.com/support/kb/articles/Q175/8/05.ASP

Also, it does look like our SA connection does check to be sure CHAPS is on (NT challenge and response) and will not allow clear text authentication even if you've gone into your IIS server and enabled that option for the SAWEB page. This was done to prevent a problem when “anonymous access” was enabled which caused us a lot of grief. We did have some sites that wanted to go clear text such that they could connect. In 2.4.0 build 105 and earlier, this wont be possible. I’ve asked for this to be changed to allow clear text authentication (even though I think that’s a really bad idea) if the customer really wants to enable it in 2.4.5.

The fact that you have OWA enabled on our box and you’re connecting to us and it works ok but SAWeb access is denied is pretty confusing... I don't suppose you're forcing clear text? We're not doing anything fancy with our connection protocol other than making sure it was CHAPS. Once it's authenticated via NT we move on to check and see that you’re a Unity user that has rights to gain access to the SA and or AA. If you’re getting a specific error message on the SA (or better, in your event log) that means the NT authentication is cool but we’re failing to allow access, most likely based on your COS setting. I’m assuming that’s not the case since it’ll say explicitly “Your COS does not allow this operation…” type thing.

You can test this real quick by just requiring CHAPS (be sure to uncheck both anonymous access and clear text options) for one of the default web pages created when you install IIS on our box and trying to connect to that remotely. If it goes through, we have something very weird going on. If not, I’m betting it’s CHAPs failing due to your proxy.


Jeff Lindborg
Unity Product Architect
jlindborg@activevoice.com
http://members.home.net/jlindborg

163
Views
0
Helpful
3
Replies
CreatePlease login to create content