TMS Automatic Logon Does Not Work

Available Languages

Updated:October 29, 2014
Document ID:118385

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the reasons why the automatic-logon feature on Cisco TelePresence Management Suite (TMS) might fail to work.

Automatic Logon Does Not Work

Sometimes you encounter a problem where the automatic logon does not work in Cisco TMS, and you are prompted for your username and password. Single sign-on with Integrated Authentication requires web browser, URL, and network compatibility.

Note: Ensure the username and password used to log on to Microsoft Windows is used to log on to Cisco TMS.

Compatible Browsers

Automatic logon is supported in Internet Explorer (IE) on Microsoft Windows, but might be disabled due to Security Settings and Zones in the browser's Internet Options. This can be modified if you either add the Cisco TMS server to a more trusted security zone in IE, or if you change the User Authentication settings in the zone's security settings.

Mozilla Firefox does not support single sign-on by default, but it can be configured to do so:

  1. In the URL field, type about:config.
  2. In the Filter field, type ntlm.
  3. Double-click or right-click network.automatic-ntlm-auth.trusted-uris in order to modify the setting.
  4. Type in the Cisco TMS domain. If you need to add more domains, separate them with commas without any spaces.
  5. Click OK. The change is applied immediately.

Compatible URL

Automatic logon requires the use of a URL that maps to the correct internal Fully Qualified Domain Name (FQDN) for the machine, not just the correct IP address of the server.

For example, if the machine is named CORPTMS2.example.int and its IP address is 43.33.23.2, then automatic logon:

  • is possible if a user enters http://CORPTMS2.example.int/tms
  • is not possible if the user enters http://43.33.23.2/tms

The use of a Domain Name System (DNS) name that maps to the IP address, but not the internal FQDN, does not allow automatic logon.

For example, if you have DNS A record mapping tms.example.com to 43.33.23.2, then users who enter http://tms.example.com/tms will not be able to log on automatically. This is because the address maps directly to the IP address instead of to the Active Directory FQDN name of the machine.

 

Compatible Network

Networks that include web proxies often break Kerberos or Windows NT LAN Manager (NTLM) authentication methods, which renders Integrated Authentication unusable, because Integrated Authentication was designed for internal networks that do not require web proxies to be traversed. In these situations, the web browser and web server negotiate the next available authentication method.

Revision History

Revision Publish Date Comments
1.0
29-Oct-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products