0

I'm having an issue with two sites on my intranet that now is being accessed using windows authentication and a domain name; something.domain.com/appname.

It worked fine in the past via the server name with windows authentication (server/appname) but as soon as we moved to using a domain name, windows authentication triggers users to login again in Chrome/IE.

I've referenced following posts below of steps already done:

My only clue is it works in FireFox via http/https by simply adding the domains to trusted sites. The sites are in the trusted list in Chrome/IE via the group policy but there is no change in the behavior; users are asked to re-authenticate.

Additional Info:

  • Windows 2016 Server
  • Windows forms site 4.7 .NET
  • Trusted sites and settings are managed by a group policy

Anyone familiar with group policy conflicts that would prevent trusted sites from windows authentication? How can I troubleshoot a group policy?

tree
  • 391
  • 2
  • 16
  • 1
    Both gpresult /H and RSOP.msc are the standard tools for troubleshooting group policy issues. For more information about gpresult, you can refer to this link: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult – Ding Peng Dec 22 '20 at 06:32
  • Thanks @dingpeng. I did figure that out yesterday and was able to confirm group policy was the issue and why. – tree Dec 22 '20 at 18:59

1 Answers1

0

Anyone experiencing this issue where they have a site on an intranet and are using a FQDN. Confirm if you have a group policy implemented. Once the urls are added to the trusted zone and a group policy is present make sure that the urls are identified properly. AS @DingPeng pointed out and I figured out yesterday that the rsop.msc tool allows you to view the group policy.

In group policy I looked under Administrative Templates\Windows Components\ Internet Explorer\Internet Control Panel\Security Page\ and double click Site to Zone Assignments and under the settings tab click the show button to view how the FQDN and other urls are assigned per zone. In that panel look at the value column next to the value name to see the assignment and compare to the list below.

  1. Intranet zone**
  2. Trusted Sites zone
  3. Internet zone
  4. Restricted Sites zone

My solution was since the urls were already in the trusted zone was to check the urls settings in the group policy. Changing the values there to intranet and Windows Authentication worked on a domain url.

Notes

  • Group policy overrides local settings this includes any changes to the registry.
  • Any url in the group policy that appears to be dot anything(FQDN), it's automatically identified as external.
tree
  • 391
  • 2
  • 16