Uncategorized

HTTP 401 Unauthorized Access is denied to invalid credentials on Exchange 2013 Default Website

Posted on by ahakim99

Recently in order to fix one problem a new problem was created where after a HTTP redirect was working successfully, for some reason it stopped working on the default domain. E.g. http://mydomain.com/OWA to https://mydomain.com/OWA

The HTTPS link was working successfully yet the redirect kept on displaying HTTP 401 Unauthorized Access is denied. I spent a while troubleshooting in the end I enabled FailRequestTrace and noticed the following error in the logs: –

176. KERBAUTH_ERROR

Error
Message=”Error on CKerberosAuthenticationModule processing.”, Context=”OnAuthenticateRequest”, ErrorCode=”The operation completed successfully.
(0x0)”

This led me to investigate the Kerberos modules in IIS – so I realised that I must have enabled it on the default site – so I launched IIS Manager – Default Site – Selected Modules from the right hand pane. Found KerbAuth Module and removed it.

It started working again.

From

https://social.technet.microsoft.com/Forums/exchange/en-US/1ac98780-1b71-49c1-91ae-2a4592390934/installed-exchange-2010-on-new-win-2008-server-winrm-cannot-process-request-error-in-iis?forum=exchange2010

 

Note:  If The KerbAuth.dll module had been loaded at the Default Web Site level this can cause OWA as well as the Exchange Management tools (EMC/EMS) not to work.

-KERBAUTH should only be registered in IIS under modules on the PowerShell Site (not at the Default Site, and not at the Server level)
-KERBAUTH should only be registered as NATIVE, not as Managed at the PowerShell Site in IIS
-KERBAUTH should only be registered directly at the PowerShell Site in IIS, not Inherited.

If the Kerbauth.dll is registered as a “Managed” module not a “Native” Module, do the following:
• Remove Kerbauth from the Powershell web site as a Managed Module
• Verify if Kerbauth.dll is in the C:/Program Files/Microsoft/Exchange/V14/BIN directory.
• In IIS go to the server level and register Kerbauth.dll using the name “Kerbauth” and the path to  C:/Program Files/Microsoft/Exchange/V14/BIN/KERBAUTH.DLL
• Go back to the Server level in IIS and Remove Kerbauth.
Note: We are simply removing it from the server level, and since it is registered now, it should be available at lower levels.
• Under IIS Powershell in MODULES select Manage Native Modules, and check by Kerbauth which now should appear.
• Ran IISRESET from a Command Prompt

 

 

How to assign a reserved IP address on Fortigate 60C

Posted on by ahakim99

Sometimes the simplest of things can be time consuming – and manufacturers just don’t make it easy. I hadn’t used a Fortigate firewall before so wasn’t familiar with the functions and had to make a simple change – assigning the same IP address to a device. Trawling through the instructions just wasn’t easy. Anyway rant over and here’s how you do it – just in case you have to one day.

  1. Login to Firewall via web dashboard (optionally you can connect via SSH)

Click on Dashboard option on left hand side of the navigation pane and if you hover over the CLI Console menu bar it gives you the option to detach. Select Detach to go full screen

Fortigate 60c web gui

Fortigate 60c web gui

  1. Enter the following command Config System DHCP Reserved-Address and press enter, prompt will change and will have (reserved-address) in parenthesis.
  2. The name of the new reservation item needs to be entered: Type in Edit “name of device” and press enter – note you need the quotation mark
  1. Now you need to assign the IP and MAC address using the command Set ip 192.168.x.x – press enter. x is the last two octets – Set mac 00:XX:XX:XX:XX:XX – press enter
  1. Type in the command next and then end
  2. Confirm the setting by typing in the command Show : – you should see a response with the new settings
  • Reserved addresses must belong to an address in the DHCP IP address pool range
  • There is no indication on the web GUI that an address is reserved. This has to be done via the CLI.
  • If it is Windows device then ensure that you renew the IP lease on the device (in Command Prompt – ipconfig /renew all or ipconfig /renew eth*