We have a group of remote users who are unable to log into Service Portal.
They can navigate to the portal and are prompted for username and password but on entering the prompt repeatedly appears until a 401 error page is displayed. This is reproducible for all of that particular group of remote users. Known-working accounts that work locally have the same behavior when they attempt to use those credentials remotely.
IIS W3SVC2 log shows repeated messages like the following:
2018-01-19 17:54:38 192.168.40.56 GET / - 80 - 10.100.200.3 Mozilla/5.0+(Windows+NT+6.1;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/63.0.3239.132+Safari/537.36 - 401 1 2148074248 406
Has anyone encountered this before?
Answers
Sounds like whatever path/software you have them going thru from remote is changing their SSO profile.
Thanks for the suggestion @Brian_Wiest,
I've checked all DCs during a few attempts and ADAudit for any logon failures and I'm not seeing anything. I think you're right on the site-to-site playing a part here. I had one of the users remote onto a local box and attempt to login and that went through. So, I've got a known-working account that doesn't work when used on their site-to-site and one of their non-working accounts that works when local..