Doing IT Virtual

This post is content adapted from Chapter 11 of the Microsoft Virtual Server 2005 R2 Resource Kit.

Always Prompted for Credentials

Another common problem is that you are prompted to enter your credentials every time you access the Administration Website using the FQDN of the Virtual Server host, even after it has been added as a trusted site. This is another issue that is related to the baseline configuration of Internet Explorer. By default, user credentials are automatically submitted for authentication only to sites that are interpreted to be in the Intranet zone. For all other zones, including Trusted Sites, the user authentication dialog box is displayed and credentials must be entered manually.

Resolution

To resolve this problem on Windows Server 2003, you can modify the Internet Explorer configuration to automatically submit user credentials for authentication regardless of the zone. Follow these steps to change the Internet Explorer user authentication settings:

• Open Internet Explorer and on the Tools menu, click Internet Options.
• Click the Security tab, and then click the Custom Level button.
• Scroll down to the User Authentication section, and click the Automatic Logon With Current User Name And Password option button.
• Click OK twice.

The drawback of this method is that you might encounter authentication failures if you have configured other trusted sites for which you need to present a separate set of user credentials. Alternatively, if you are accessing a local instance of the Administration Website (running on the computer that you are logged in on), you can use a non-FQDN for the Virtual Server host in the URL (for example, http://localhost:1024).

When you are running Windows Vista, you have the added complexity of having to run the Administration Website in Internet Explorer as administrator when User Account Control (UAC) is enabled. If you are running in an isolated test environment, you can avoid this additional step by disabling UAC. Otherwise, follow these steps to grant your user account full administrative privilege in Virtual Server and eliminate the need for UAC:

• Right-click the Internet Explorer icon in the Quick Launch section of the task bar, and choose Run As Administrator from the menu.
• In the User Access Control dialog box, click Allow.
• In the Internet Explorer address bar, type in the URL to the Administration Website.
• In the Virtual Server navigation menu, click Server Properties.
• Click the Add Entry button.
• In the new Permission Entry, type in your account name in the User Or Group text box.
• In Permissions, select the Full check box to give your account full control.
• Click OK.

Important: In Internet Explorer 7, you must also ensure that the Enable Protected Mode option remains disabled for Trusted Sites. If Protected Mode is enabled, you will receive the following error when you attempt to access the Administration Website: “Could not connect to Virtual Server. Please add the Virtual Server administration Website to the Internet Explorer trusted sites list. You can specify an alternate Virtual Server below.” To learn more about Internet Explorer 7 Protected Mode, review the blog entry written by a member of the Internet Explorer security team at http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx.