question

gmj-4555 avatar image
0 Votes"
gmj-4555 asked CaseyYangMSFT-4714 edited

SharePoint 2019 (on-premise) authentication - unexpected login prompt on selected web applications (same server)

Normally, when authenticating to a web application, you immediately get the windows security prompt (to enter your Active Directory credentials) - the expected behavior:

Image

However, on a subset of the web applications (on that same SharePoint server), you get a two-part credential prompt - the unexpected behavior. First a drop-down menu:

Image

After selecting, say the first "Windows Authentication" option, you are then presented with a sign-in for your credentials (i.e., AD\username and password):

Image

Can anyone provide suggestions on where to start the problem solving process? I.e., all the web apps should have the first "expected" behavior.

The attributes of both sites appear to be the same (both in the SharePoint and IIS consoles).

Thanks!


Note: At the request of the moderator, my original post (https://answers.microsoft.com/en-us/msoffice/forum/msoffice_sharepoint-mso_winother-mso_o365b/sharepoint-2019-on-premise-authentication/a1a33ea3-6b7a-4297-a477-002b2b772ddf) has been reposted in this forum.




office-sharepoint-server-administrationoffice-sharepoint-server-itpro
img1.png (6.3 KiB)
img2.png (4.4 KiB)
img3.png (3.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gmj-4555 avatar image
0 Votes"
gmj-4555 answered CaseyYangMSFT-4714 commented

Hi @CaseyYangMSFT-4714 - Thank you for your response!

To verify that there weren't multiple authentication providers configured for the web application, I checked Central Administration for the web application in question (as well as the ones that are working correctly). They each show only one authentication provider (all web applications are in the default zone):

116012-teams-authentication-providers.png

And it is configured as follows:

115936-teams-authentication-type.png

I also checked the web.config for this web application and compared it with one that was working correctly and there doesn't appear to be more than one provider listed.

As for recent changes, our systems administrator recently changed the URL for the web application but he has done that before without this issue coming up. We typically create a new site with a temporary name, e.g., teams.ad.domain.org, and then when it is launched we change that to teams.domain.org.

Thanks again for your post, if there is any other information I can provide please let me know.




· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @gmj-4555,

Have you tried to change the authentication provider in CA for each application to NTLM, then back to Negotiate(Kerberos)?

Similar issue for reference:
https://social.technet.microsoft.com/Forums/office/en-US/08462862-6110-4499-aea3-330eed366531/sign-in-select-the-credentials-you-want-to-use?forum=sharepointgeneralprevious

0 Votes 0 ·
gmj-4555 avatar image gmj-4555 CaseyYangMSFT-4714 ·

This appears to work ... thank you!

P.S. I have no clue as to why the web application got into this state, however. Ideas?


0 Votes 0 ·

Hi @gmj-4555,

like pabs83 said, with this change it may reset the web.config file. I have updated my answer, Please remember to accept it as answer. It will do great help to those who meet the similar question in this forum. Thanks.

0 Votes 0 ·
CaseyYangMSFT-4714 avatar image
0 Votes"
CaseyYangMSFT-4714 answered CaseyYangMSFT-4714 edited

Hi @gmj-4555,

Is there anything has been changed before the issue occurs?

This window "Select the credentials you want to use to logon to this SharePoint site" is shown when several authentication providers are configured for the same web application.

1.Please check which are configured for your web application.
Central administration > Manage web applications > select web app > authentication provider.

115774-1.png

2.You could try to change the authentication provider in CA for each application to NTLM, then back to Negotiate(Kerberos).

Similar issue for reference:
https://social.technet.microsoft.com/Forums/office/en-US/08462862-6110-4499-aea3-330eed366531/sign-in-select-the-credentials-you-want-to-use?forum=sharepointgeneralprevious


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




1.png (6.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gmj-4555 avatar image
0 Votes"
gmj-4555 answered

If it is useful, here is the authentication provider section of web.config (which is the same for both the websites that exhibit the expected and unexpected behavior):

   <system.web>
      ...
     <membership defaultProvider="i">
       <providers>
         <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
       </providers>
     </membership>
     <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
       <providers>
         <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
       </providers>
     </roleManager>
   </system.web


Any suggestions on where to start the problem solving process would be most welcome!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.