authentication problems from iphone via ISA-Server (ldap) (Network Steve Forum)

authentication problems from iphone via ISA-Server (ldap)

Hello,

in our environment (Windows Small Business Server 2003 Domain with Microsoft Exchange enabled) we have several users who logon exclusively from smartphone (iphone) to the domain getting their the messages via pushmail. Authentication goes through isa server 2006 via ldap - the server is not member of that domain

Everything works fine for a couple of days but then it comes up a error message that username and/or password might be incorrect. The logon failure will be reported in security log at the domain controller (event-id: 529) with isa server as the source address.

At that time a "compromised" user can log on to a domain member (a client or a terminal server session) without any problems and after that the authentication from it's smartphone is successfully

Users who works on a windows client too doesn't have those problems

Any help would be appreciated

Thanks in advance

Torsten

Edited by Torsten Koehler Tuesday, January 28, 2014 9:39 AM

January 28th, 2014 12:38pm

Hi,

Firstly, would you please post the entire error message to us?

Based on my research, the ISA server will connect to an LDAP server (which is a DC) over an LDAP protocol and the LDAP server has a store of the AD users credentials. Maybe the issue is between the ISA server and LDAP server. The link below may be helpful to you:

LDAP Pre-authentication with ISA 2006 Firewalls: Using LDAP to Pre-authenticate OWA Access (Part 1)

In addition, what do you mean of the compromised user? I would appreciate it if you can explain it.

Best regards,

Susie

Free Windows Admin Tool Kit Click here and download it now

January 29th, 2014 9:12am

Hello,

th only one error message I have is from DC:

---------------------------------------------------------------------------------------

Ereignistyp:   Fehlerberw.
Ereignisquelle:   Security
Ereigniskategorie:   An-/Abmeldung
Ereigniskennung:   529
Datum:       30.01.2014
Zeit:       10:34:52
Benutzer:       NT-AUTORITT\SYSTEM
Computer:   Z1WIRTH
Beschreibung:
Fehlgeschlagene Anmeldung:
    Grund:       Unbekannter Benutzername oder falsches Kennwort
    Benutzername:   dg
    Domne:       dwirth
    Anmeldetyp:   3
    Anmeldevorgang:   NtLmSsp
    Authentifizierungspaket:   NTLM
    Name der Arbeitsstation:   SGES113
    Aufruferbenutzername:   -
    Aufruferdomne:   -
    Aufruferanmeldekennung:   -
    Aufruferprozesskennung:   -
    bertragene Dienste:   -
    Quellnetzwerkadresse:   10.21.82.185
    Quellport:   53818

Weitere Informationen ber die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------

SGES113 and IP-Address 10.21.82.185 are the addresses of the ISA-Server, Z1WIRTH is the Domain Controller from which the message comes from.

The ISA-Server will be managed by our network administrator - I don't know whether to find some designated log messages other than security log - maybe you can give me a hint...

"Compromised" users are those users which only log on during their iphone (mail-access) -they don't use any other services within that domain.

We have other users which log on to the domain by a windows client or by terminal services - they use file services, exchange via outlook and via iphone too but they don't have these authentication problems at all.

Best regards

Torsten

January 30th, 2014 6:52pm

This topic is archived. No further replies will be accepted.