Getting "401 unauthorized" from outside networks RRS feed

  • Question

  • I have configured SSO for Google Apps.  I am able to log into the Google SSO fine from our internal networks.  However, when I try and access it from an internet network (external to our corporate LAN) I get a "401 - unauthorized page".  I am getting the Google SSO "splash page" stating that I am being redirected to my federation server as expected, but then I do not get prompted for my Active Directory (AD) credentials.  The 401 page comes up without asking for any AD credentials. 

    I can do a nslookup for our federation.ourdomain.com and it brings back the correct IP address for the hardware balancer sitting in front of our paired ADFS proxy servers.  A nslookup from within our LAN brings back the hardware balancer in front of our internal ADFS server pair as expected as well. 

    When I check the security and ADFS event logs, there are no events on either the internal ADFS pair nor the proxy ADFS pair when I attempt a log in.  

    Any ideas?

    Tuesday, August 27, 2013 6:11 PM