Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. "Sign in as a Different User" component does not work on a SharePoint website that is published by Forefront TMG 2010

"Sign in as a Different User" component does not work on a SharePoint website that is published by Forefront TMG 2010

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You publish a Microsoft SharePoint website by using a publishing rule in Microsoft Forefront Threat Management Gateway (TMG) 2010.
  • The publishing rule uses Kerberos Constrained Delegation (KCD).
  • The web listener for the website uses Windows authentication or forms-based authentication (FBA).
  • A user logs on to the SharePoint website.

In this scenario, the Sign in as a Different User component does not work on the SharePoint website.

↑ Back to the top

Cause

This issue occurs because of a code bug.

↑ Back to the top

Resolution

Update information

The software update that is required to resolve this issue is described in the following Microsoft Knowledge Base (KB) article:
2498770 Software Update 1 rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

To resolve this issue, apply this update, and then run the following script on any array member.

Note This script enables SharePoint Server (SPS) publishing that uses FBA and authentication delegation that uses KCD. If you want to enable SPS publishing that uses integrated authentication, and if you want authentication delegation to use KCD, run this script. Then, run the additional script that immediately follows: 
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "EnableSharepointSignIn"
Const SE_VPS_VALUE = true
 
Sub SetValue()
 
    ' Create the root object.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")
 
    'Declare the other objects that are needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object
 
    ' Get references to the array object
    ' and to the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets
 
    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )
 
    If Err.Number <> 0 Then
        Err.Clear
 
        ' Add the item.
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name
 
    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
    End If
 
    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
 
        Err.Clear
        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
 
        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError
 
            If Err.Number = 0 Then
                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
            End If
        End If
    Else
        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
    End If
 
End Sub
 
Sub CheckError()
 
    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If
 
End Sub
 
SetValue
If you want to enable SPS publishing that uses integrated authentication, and if you want authentication delegation to use KCD, also run the following script: 
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "UseOnlyNTLMForWindowsAuth"
Const SE_VPS_VALUE = 1
 
Sub SetValue()
 
    ' Create the root object.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")
 
    'Declare the other objects that are needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object
 
    ' Get references to the array object
    ' and to the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets
 
    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )
 
    If Err.Number <> 0 Then
        Err.Clear
 
        ' Add the item.
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name
 
    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
    End If
 
    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
 
        Err.Clear
        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
 
        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError
 
            If Err.Number = 0 Then
                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
            End If
        End If
    Else
        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
    End If
 
End Sub
 
Sub CheckError()
 
    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If
 
End Sub
 
SetValue

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 2445386
Revision : 1
Created on : 1/7/2017
Published on : 3/25/2011
Exists online : False
Views : 160