Users are prompted for username and password when attempting to open Enterprise Vault (EV) archived items.
|Article:TECH56220|||||Created: 2007-01-17|||||Updated: 2012-07-03|||||Article URL http://www.symantec.com/docs/TECH56220|
Several scenarios exist that could cause this error:
There was an error loading this item
Note: Prior to implementing the steps mentioned below, please check if the issue is only on Windows 7 clients, if yes upgrade Windows 7 Client to SP1.
Scenario 1: Site is not listed in the Intranet Zone
1. On the users desktop, when the prompt for the username and password is shown, note the server above the text inputs, this is the server that is requesting authentication.
2. On the EV server, navigate to the properties of the Mailbox Policy (EV 2007 and earlier) or Desktop Policy (EV 8.0 and higher).
3. On the Advanced tab, select either Outlook or Desktop (dependent on the version of EV installed).
4. Choose Add Server To Intranet Zone.
5. Enter all the Short Names and Fully Qualified Domain Names (FQDN) for the EV Servers, including the Server name noted from Step 1 and press OK. Note: this is a Semi Colon delimited list.
6. Navigate to the Exchange Mailbox Archiving Task and synchronize all mailboxes from the Synchronization tab.
7. After synchronization has taken place, close Outlook on the affected users Desktop and then re-open it and test again.
Scenario 2: User has set to Always Prompt for Password
1. On the Users desktop, open Internet Explorer.
2. Go to Tools > Internet Options > Security.
3. Select Local Intranet and click Custom Level.
4. Scroll down to the bottom to reach the User Authentication: Login section.
5. Make sure that either Automatic Logon only in intranet zone or Automatic Logon with current username and password is checked.
6. Press OK and attempt to download an item again.
Note: If Automatic Logon only in intranet zone is set you may try changing it to Automatic Logon with current username and password.
Scenario 3: EnterpriseVault virtual directory has Integrated Windows Authentication unchecked
1. On the EV server, open Internet Information Services (IIS).
2. Navigate to Websites > Default Website > EnterpriseVault.
3. Right-click EnterpriseVault and select Properties.
4. Click the Directory Security tab and under Authentication and Access Control click Edit.
5. Verify that Integrated Windows Authentication and Basic Authentication are the only options selected.
6. Click OK and then OK again, no restart of IIS is required.
Scenario 4: The WebApp directory has NT File System (NTFS) permissions removed for users to execute Active Server Pages (ASP)
1. On the EV server, open up Internet Information Services (IIS).
2. Navigate to Websites > Default Website > EnterpriseVault.
3. Right-click EnterpriseVault and select Permissions.
4. Make sure that SYSTEM and Administrators have Full Control permissions on the server.
5. Test downloading items from Outlook, no reset of IIS is required.
Scenario 5: Remote Procedure Call (RPC) over Hyper Text Transfer Protocol (HTTP) is being utilized
1. On the users desktop, hold Ctrl+Shift and right-click the Outlook icon in the system tray.
2. Select the Connection Status option.
3. Verify that the Connection is set to TCP/IP, if it is set to HTTP/S then RPC over HTTP is being Utilized.
4. This is expected behavior to be authenticated in an RPC over HTTP environment.
Scenario 6: A cached Username and Password is being used on the Desktop
This issue is caused by the server name being placed into an entry in the Password Management utility within the User Accounts application in the workstation control panel. To resolve this issue, follow these steps:
1. Open the User Accounts application by navigating to Start | Control Panel and double-clicking on the User Accounts icon.
2. Click the Advanced tab and click Manage Passwords
3. The entries listed in the Stored User Names and Passwords pane provide details for the logon information for the server listed.
4. The listing for the EV server is causing the user to be prompted for their credentials. Select the entry with the EV server name, then click the Remove button to delete the entry.
5. Retrieving, restoring, or manually archiving an item in the user's mailbox will not cause the credentials prompt to display again. There is no need to restart Outlook for this correction to take place.
Scenario 7: DisableLoopBackCheck is not enabled on the server
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.
1. On the EV Server, go to Start | Run type regedit and click OK.
2. In Registry Editor, locate and then click the following registry key:
3. Right-click LSA and select New > DWORD.
4. Type DisableLoopBackCheck and then click Enter.
5. Right-click DisableLoopBackCheck and click Modify.
6. Give it a value of 1 and click OK.
7. Quit Registry Editor and restart the server for the setting to take affect.
8. After the server has been restarted, attempt to download the items again.
Scenario 8: A proxy server is hard-coded in the Internet Options
1. On the client, open Internet Explorer.
2. Click Tools > Internet Options > Connections > LAN settings.
3. In the Local Area Network Settings page, if Use a proxy server for your LAN is selected, uncheck it and select Automatically detect settings.
4. Attempt to download the items again.
1. On the EV Server, open Windows Explorer and browse to C:\WINDOWS\System32\inetsrv.
2. Verify that asp.dll is the Windows 2003 RTM version 6.0.3790.0.
3. Reapply the latest Windows service pack to update files to the correct version.
4. Restart the EV server.
Scenario 10: Mozilla Firefox is set as the default browser
Note: At this time Mozilla Firefox is not supported for 8.0 and earlier. It is currently Pending certification for versions 9.0 and higher. For more information refer to the Compatibility Charts.
1. Set Internet Explorer as the default browser.
1. Download the IE Tab add-in for Firefox.
2. Click on Tools > IE Tab Options.
Scenario 11: Windows Intranet Zone policy applied overrides EV desktop policy
If there are Windows policies applied for Internet Explorer security verify which policy is applying to that specific user:
2. Add the Resultant Set of policies add-in
3. Specify the user and computer that you want to verify
4. Check which policy is applying for Internet Explorer settings
Solution 1: Disable the entire policy and verify that the issue has solved.
Solution 2: Set the default values without any block restriction.
Scenario 12: IIS Windows Authentication Providers Order
In some cases, it was found that having Negotiate in the top of the order was causing the issue. This is the default setting in IIS 7.
Changing the order so that NTLM is at the top of the order resolved the issue.
1. Open IIS Manager | Sites | Default Web Site | Highlight EnterpriseVault
2. In the right pane, double-click Authentication
3. Highlight Windows Authentication in the right pane and click on Providers on the right most pane
4. Change the order as appropriate
Article URL http://www.symantec.com/docs/TECH56220