SharePoint connector, 500 error: "The Local Security Authority cannot be contacted"

[Ola]

Hi guys,

I'm having trouble with the SharePoint connector -- I'm new to this,
so please let me know if there's a more appropriate group to post this
question. In our test environment, the connector works great. But
when we try to deploy it in a different environment, we get a 500
(internal server error) and the message "The Local Security Authority
cannot be contacted".

Digging into the code, we ended up in the Axis code, in the class
org.apache.axis.transport.http.CommonsHTTPSender, method
addContextInfo(), line 535:

proxyCred = new NTCredentials(user,
passwd,
NetworkUtils.getLocalHostname(),
domain);

Specifically, the call to NetworkUtils.getLocalHostname() populates
the NTCredentials with a host name -- this ends up evoking the error.
I have tested the HttpClient separately, setting the NTCredentials
without the hostname -- then the connection works just fine. I'm
guessing this has something to do with how NTLM authentication works,
that SharePoint sees the hostname in the request and somehow tries to
authenticate the user using that information. But that's just a
guess.

So, to the question: has anybody else encountered this issue? Is
there a workaround short of compiling my own axis jar file with
customized code...?

Thanks,

Ola

[Dave Watts]

> Specifically, the call to NetworkUtils.getLocalHostname() populates
> the NTCredentials with a host name -- this ends up evoking the error.
> I have tested the HttpClient separately, setting the NTCredentials
> without the hostname -- then the connection works just fine.  I'm
> guessing this has something to do with how NTLM authentication works,
> that SharePoint sees the hostname in the request and somehow tries to
> authenticate the user using that information.  But that's just a
> guess.

I've never encountered this problem. What is the hostname of the
machine, out of curiosity?

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

[Ola]

The hostname reported by NetworkUtils is just
java.net.InetAddress.getLocalHost().getHostName() (which in our case
is just the name of the machine). I'm guessing the issue is the
SharePoint server doesn't know about this machine, due to security
zoning/restrictions -- could that be the issue? I don't know anything
about how NTLM auth works, but it seems like if it sees a hostname in
the NTCredentials, it somehow tries to contact the host for
authentication purposes?

On Jun 27, 5:25 pm, Dave Watts <dwa...@figleaf.com> wrote:
> > Specifically, the call to NetworkUtils.getLocalHostname() populates
> > the NTCredentials with a host name -- this ends up evoking the error.
> > I have tested the HttpClient separately, setting the NTCredentials
> > without the hostname -- then the connection works just fine.  I'm
> > guessing this has something to do with how NTLM authentication works,
> > that SharePoint sees the hostname in the request and somehow tries to
> > authenticate the user using that information.  But that's just a
> > guess.
>
> I've never encountered this problem. What is the hostname of the
> machine, out of curiosity?
>

> Dave Watts, CTO, Fig Leaf Softwarehttp://www.figleaf.com/http://training.figleaf.com/

[Dave Watts]

> The hostname reported by NetworkUtils is just
> java.net.InetAddress.getLocalHost().getHostName() (which in our case
> is just the name of the machine).  I'm guessing the issue is the
> SharePoint server doesn't know about this machine, due to security
> zoning/restrictions -- could that be the issue?  I don't know anything
> about how NTLM auth works, but it seems like if it sees a hostname in
> the NTCredentials, it somehow tries to contact the host for
> authentication purposes?

I was wondering if the hostname of the machine doesn't conform to
standard Windows machine naming conventions.

[Ola]

The hostname is of the format 'abcdefg1234' -- it's a Linux box. I do
think it's a zoning/security issue -- I'm able to get the same error
message if I try to log into the SharePoint server using IE from a
Windows machine that is outside the "trusted" zone. It's weird
though, that I'm able to connect if I omit the hostname (send '') in
NTCredentials.

On Jun 27, 6:05 pm, Dave Watts <dwa...@figleaf.com> wrote:
> > The hostname reported by NetworkUtils is just
> > java.net.InetAddress.getLocalHost().getHostName() (which in our case
> > is just the name of the machine).  I'm guessing the issue is the
> > SharePoint server doesn't know about this machine, due to security
> > zoning/restrictions -- could that be the issue?  I don't know anything
> > about how NTLM auth works, but it seems like if it sees a hostname in
> > the NTCredentials, it somehow tries to contact the host for
> > authentication purposes?
>
> I was wondering if the hostname of the machine doesn't conform to
> standard Windows machine naming conventions.
>

> Dave Watts, CTO, Fig Leaf Softwarehttp://www.figleaf.com/http://training.figleaf.com/

[Dave Watts]

> The hostname is of the format 'abcdefg1234' -- it's a Linux box.  I do
> think it's a zoning/security issue -- I'm able to get the same error
> message if I try to log into the SharePoint server using IE from a
> Windows machine that is outside the "trusted" zone.  It's weird
> though, that I'm able to connect if I omit the hostname (send '') in
> NTCredentials.

Well, normally, that's not an issue - you should be able to
authenticate from any machine via NTLM. Perhaps there's something
non-standard in your SharePoint configuration, though.