Overnight, seemingly, SharePoint on a server in our domain has stopped automatically logging in users via Windows Authentication, in two instances:
- a local intranet site that is SharePoint (intranet.domain.com, IP x.x.x.a)
- a WebDav drive mapping to a SharePoint list (http://x.x.x.b/sites/Site Name/List Name)
Note that the IPs are different for the intranet site than for the drive mapping (two interfaces on the same NIC -- the SharePoint server is a VM).
The SharePoint site is hosted in and among dozens of other applications using Windows Authentication via NTLM on the same domain (but on other servers); in no other instance except this are users being prompted for credentials, even on web applications hosted on the same server, which is why we believe it is a SharePoint issue. Adding intranet.domain.com to IE's "safe sites" list seems to suppress the login prompt for the website, but users are still asked for credentials when mapping the drive.
The drive mapping occurs via user logon scripts. It has worked up until now for years, even through server moves and password resets, again suggesting that something is off with SharePoint.
So far we have tried:
- Rebooting the SharePoint server
- Disabling Kernel-mode authentication for the two SharePoint sites
- Adding the second IP, x.x.x.b, also to the safe sites list in IE
- Have dug through SharePoint settings for things related to authentication, but didn't see anything of interest
Any ideas?
We discovered that the team who maintains the proxy auto-config (PAC) files for the corporation made a change that included the SharePoint server in a list to be routed through a proxy. The Windows Authentication credentials were being lost at the proxy server (which is on a different domain).
Once the SharePoint server was removed from the PAC file rules, normal operation was restored.