Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

TMS Automatic Logon Does Not Work

Available Languages

Updated:October 29, 2014
Document ID:118385

Introduction

This document describes the reasons why the automatic-logon feature on Cisco TelePresence Management Suite (TMS) might fail to work.

Automatic Logon Does Not Work

Sometimes you encounter a problem where the automatic logon does not work in Cisco TMS, and you are prompted for your username and password. Single sign-on with Integrated Authentication requires web browser, URL, and network compatibility.

Note: Ensure the username and password used to log on to Microsoft Windows is used to log on to Cisco TMS.

Compatible Browsers

Automatic logon is supported in Internet Explorer (IE) on Microsoft Windows, but might be disabled due to Security Settings and Zones in the browser's Internet Options. This can be modified if you either add the Cisco TMS server to a more trusted security zone in IE, or if you change the User Authentication settings in the zone's security settings.

Mozilla Firefox does not support single sign-on by default, but it can be configured to do so:

  1. In the URL field, type about:config.
  2. In the Filter field, type ntlm.
  3. Double-click or right-click network.automatic-ntlm-auth.trusted-uris in order to modify the setting.
  4. Type in the Cisco TMS domain. If you need to add more domains, separate them with commas without any spaces.
  5. Click OK. The change is applied immediately.

Compatible URL

Automatic logon requires the use of a URL that maps to the correct internal Fully Qualified Domain Name (FQDN) for the machine, not just the correct IP address of the server.

For example, if the machine is named CORPTMS2.example.int and its IP address is 43.33.23.2, then automatic logon:

  • is possible if a user enters http://CORPTMS2.example.int/tms
  • is not possible if the user enters http://43.33.23.2/tms

The use of a Domain Name System (DNS) name that maps to the IP address, but not the internal FQDN, does not allow automatic logon.

For example, if you have DNS A record mapping tms.example.com to 43.33.23.2, then users who enter http://tms.example.com/tms will not be able to log on automatically. This is because the address maps directly to the IP address instead of to the Active Directory FQDN name of the machine.

 

Compatible Network

Networks that include web proxies often break Kerberos or Windows NT LAN Manager (NTLM) authentication methods, which renders Integrated Authentication unusable, because Integrated Authentication was designed for internal networks that do not require web proxies to be traversed. In these situations, the web browser and web server negotiate the next available authentication method.

TAC Authored

Contributed by Cisco Engineers

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

Related Cisco Community Discussions

This Document Applies to These Products

About Us
Contact Us
Work with Us