Re: NTLM strange problem - some MACHINES can't authenticate

From: Peter Gervais (nospam@insitetng.com)
Date: 01/29/03 

From: Peter Gervais <nospam@insitetng.com>
Date: Wed, 29 Jan 2003 19:57:17 GMT

I'm inclined to suggest checking that the suspect machines are patched
accordingly (OS and Browser). NTLM does require HTTP Keep-Alive
(persistant connections) to negotiate the session. A packet-trace (sniff)
would verify that the Keep-Alives are working.

There are also a number of Registry settings for tuning (hardening)
LM/NTLM authentication. Is it possible that the server's have been
hardened and are therefore no longer compatible with old and non-updated
software?

Regards,
Peter

suess@mac.com (Stephen) wrote in
news:e864bd05.0301290909.38fac56b@posting.google.com:

> Yes, all normal traffic to the web server NOT using NTLM works fine.
>
> "Steve Klise" <sklise@pacbell.net> wrote in message
> news:<0CGZ9.447$6W6.53872867@newssvr21.news.prodigy.com>...
>> Does the machines that cant access the website, are you blocking any
>> ports? Can you ping the website name?
>> "Stephen" <suess@mac.com> wrote in message
>> news:e864bd05.0301280924.28ce3c35@posting.google.com...
>> > I have a problem that is driving me crazy and i hope someone can
>> > help. I have set up a web server that has some pages using ntlm
>> > authentication. Some machines on our company network can't login,
>> > no matter the user. They can access the web server just fine and
>> > any pages not requiring ntlm authentication. The weird thing is,
>> > this has nothing to do with any particular USER, it is certain
>> > MACHINES which can't authenticate. The same users can authenticate
>> > from other machines on the same network.
>> >
>> > The web server is II5 running on win2000 pro. The clients are
>> > either win 98 or win 2000 (some of each can login and some can't)
>> >
>> > does this sound familiar to anyone? Thanks in advance for any help.
>

Relevant Pages

  • Re: AD Authentication
    ... My understanding is that if two machines are members of the same domain then they will use kerberos not LM, NTLM, or NTLMv2. ... I realize that some of the mmc snap ins and ie web browse will use NTLM authentication but when mapping a drive it should be using kerberos right? ...
    (microsoft.public.win2000.active_directory)
  • Re: AD Authentication
    ... default will use kerberos it will not. ... As you have not told me the levels these machines ... Level 2 - Send NTLM authenication ONLY ... This parameter specifies the type of authentication to ...
    (microsoft.public.win2000.active_directory)
  • NTLM strange problem - some MACHINES cant authenticate
    ... I have set up a web server that has some pages using ntlm ... Some machines on our company network can't login, ... pages not requiring ntlm authentication. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: NTLM strange problem - some MACHINES cant authenticate
    ... Some machines on our company network can't login, ... They can access the web server just fine and any ... > pages not requiring ntlm authentication. ... question is not excluded from using the proxy server. ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: telnet failed while connecting to a windows 2000 system
    ... my initial reply was assuming you are using default windows telnet ... As for your client, unfortunately I can say nothing special. ... need to enable NTLM authentication, if your client supports it - I'm ... Both machines are connected in a LAN. ...
    (microsoft.public.win2000.security)