You cannot log on to a local intranet site that you publish by using ISA Server 2006 when there are multiple user accounts that have the same account name in different domains

Article translations Article translations
Article ID: 952675 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You use Microsoft Internet Security and Acceleration (ISA) Server 2006 to publish a local intranet site.
  • You enable forms-based authentication (FBA) and the Allow users to change their passwords feature for the Web Listener.
  • The ISA Server is a member of a domain. For example, the domain is Domain1.
  • There are multiple domains in the forest, and there are user accounts that exist with the same account name in different domains. For example, the user accounts are Domain1\user1 and Domain2\user1.
  • One of the user accounts is disabled. For example, Domain1\user1 is disabled.
  • You try to use the other user account to log on to the local intranet site. For example, you use Domain2\user1 to log on to the local intranet site.
In this scenario, you receive the following error message:
Your account has been disabled. Please contact technical support for your organization.
Additionally, you cannot log on to the local intranet site.

CAUSE

This problem occurs because ISA Server first searches for the user name in the domain where the ISA Server exists. Then, ISA Server finds an account that has the same account name. However, this is not the correct user account that the user requested.

RESOLUTION

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

To resolve this problem, follow these steps:
  1. Install ISA Server 2006 Service Pack 1. For more information about how to obtain ISA Server 2006 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
    954258 How to obtain the latest Internet Security and Acceleration (ISA) Server 2006 service pack
  2. Run a script to enable the functionality that is provided by this service pack. To do this, follow these steps:
    1. Click Start, click Run, type notepad, and then click OK.
    2. Copy the following script into a Notepad file, and then save the text file as a Microsoft Visual Basic file by using the .vbs file name extension.
      Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
      Const SE_VPS_NAME = "EnableMultipleFlatUserName"
      Const SE_VPS_VALUE = true
      
      Sub SetValue()
      
          ' Create the root obect.
          Dim root  ' The FPCLib.FPC root object
          Set root = CreateObject("FPC.Root")
      
          'Declare the other objects needed.
          Dim array       ' An FPCArray object
          Dim VendorSets  ' An FPCVendorParametersSets collection
          Dim VendorSet   ' An FPCVendorParametersSet object
      
          ' Get references to the array object
          ' and the network rules collection.
          Set array = root.GetContainingArray
          Set VendorSets = array.VendorParametersSets
      
          On Error Resume Next
          Set VendorSet = VendorSets.Item( SE_VPS_GUID )
      
          If Err.Number <> 0 Then
              Err.Clear
      
              ' Add the item
              Set VendorSet = VendorSets.Add( SE_VPS_GUID )
              CheckError
              WScript.Echo "New VendorSet added... " & VendorSet.Name
      
          Else
              WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
          End If
      
          if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
      
              Err.Clear
              VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
      
              If Err.Number <> 0 Then
                  CheckError
              Else
                  VendorSets.Save false, true
                  CheckError
      
                  If Err.Number = 0 Then
                      WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
                  End If
              End If
          Else
              WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
          End If
      
      End Sub
      
      Sub CheckError()
      
          If Err.Number <> 0 Then
              WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
              Err.Clear
          End If
      
      End Sub
      
      SetValue
      
    3. Save the file to a temporary folder. For example, save the file as EnableMultipleFlatUserName.vbs to the C:\EnableMultipleFlatUserName folder.
    4. At a command prompt, move to the location in which you saved the .vbs file in step 2c, and then run the .vbs file. For example, run the following commands:
      cd C:\EnableMultipleFlatUserName
      cscript EnableMultipleFlatUserName.vbs

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 952675 - Last Review: July 2, 2008 - Revision: 1.0
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Keywords: 
kbexpertiseinter kbtshoot kbprb KB952675

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com