Wednesday, February 1, 2012

SBS 2011 Remote Web Workplace "Login attempt failed" bug

Spent a few hours of my life that I never should have, figuring out this little gem. I had a freshly installed SBS 2011 server, with exchange mailboxes migrated and most of the migration wizard completed, when suddenly I noticed I could no longer use the remote web workplace to remote control any of my workstations or servers from the outside. I would get the login credentials box correctly identifying the server i was connecting to, but after entering my username and password it would come back indicating "The logon attempt failed." It worked just fine in tests earlier on, so something in the setup and migration wizard must have incorrectly tweaked something.

Turns out, it was an IIS configuration issue that appeared most likely after running the Network Preparation / Outlook Anywhere wizards. I opened IIS, expanded the default website, and inspected the authentication options for RPC and RPC with cert... both had only 'basic authentication' checked, which I was fairly certain would not work with Remote Desktop web access services. Enabling 'Windows Authentication' and performing an iisreset did the trick... but after a few minutes, it got set back to disabled! An event in the logs from "MSExchange RPC Over HTTP Autoconfig" source indicated that the settings for Outlook Anywhere had been updated, setting it back to Basic only!

The fix that eventually worked (and stuck) was to make the following change in the Exchange Management Shell:

Get-OutlookAnywhere | Set-OutlookAnywhere –IISAuthenticationMethods: Basic, ntlm

After making that change, it may not show up in IIS right away... wait a few minutes, and that same Autoconfig service will update IIS for you, this time adding both Basic and Windows authentication. Voila!