As you might have thought, I installed several Team foundation servers for different customers I work for.
Last week I experienced troubles with the Team Foundation Share Point website all of a sudden, while doing my routine as many times before. I installed the server on a Clean Windows 2003 Server and used the SQL Server September CTP. Because I did not have share point available, I downloaded the installation package and there I should have been more careful. I downloaded the Share Point version that has SP2 slipstreamed. This never bit me before, but this time I installed the server in a domain that is not “Kerberos” enabled.
Share Point now installs with “Kerberos” authentication enabled by default. Because this server can not use Kerberos authentication (we don’t have a KDC running) I ran into trouble. I was able to create the team projects, but I was not able to access the Team Project site. Not even on my local server logged in as Admin. When providing the domain account password I still got the message: HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials.Internet Information Services (IIS)
It took me some while to figure out what the problem was, but found this document to be very helpful.
The only thing I needed to do is to change the web server configuration to use NTLM. This can be done using the following steps: (excerp from document)
To configure Windows SharePoint Services to use NTLM authentication
- Determine the virtual server ID for the SharePoint Central Administration and SharePoint content virtual servers.
- On the IIS server, click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
- Locate the virtual server you need to find the ID for, right-click it, and then click Properties.
- On the Web Site tab, , next to the Active Log Format box, click Properties.
- Next to Log file name, you can see a path and file name, such as W3SVCxxexyymmdd.log. The number replacing the xx after W3SVC is the virtual server ID.
- On the IIS server, click Start, and then click Run. In the Open box, type cmd, and then click Open.
- Change to the InetpubAdminscripts folder, by typing the following line, where Drive is the drive where Windows is installed:
- To see the currently-configured authentication, type the following line, and then press ENTER, where xx is the virtual server ID number:
cscript adsutil.vbs get w3svc/xx/NTAuthenticationProviders
Note: The virtual server ID of the Default Web site in IIS is 1. If the virtual server is configured for NTLM it will return the following value: If the virtual server is configured for Kerberos it will return one of the following two statements: Note: The virtual server ID of the Default Web site in IIS is 1. [edit: added the solution as well, not only diagnostics :-)]
NTAuthenticationProviders : (STRING) “NTLM”
NTAuthenticationProviders : (STRING) “ Negotiate,NTLM“
The parameter “NTAuthenticationProviders” is not set at this node.
cscript adsutil.vbs set w3svc/xx/NTAuthenticationProviders “NTLM”
If the virtual server is configured for NTLM it will return the following value:
If the virtual server is configured for Kerberos it will return one of the following two statements:
Note: The virtual server ID of the Default Web site in IIS is 1.
[edit: added the solution as well, not only diagnostics :-)]