Re: NTLM through firewall?

From: Karl Levinson [x y], mvp (
Date: 03/26/03

From: "Karl Levinson [x y], mvp" <>
Date: Wed, 26 Mar 2003 08:22:53 -0500

I believe the relevant Microsoft KB documents do vaguely claim that NTLM has
issues through firewalls, but I'm not sure that's as informative as it could
be or that it has anything to do with ports being closed. I'm also not sure
that NTLM uses any port other than TCP 80. I remember someone else here
stating that NTLM should work through firewalls, though maybe not proxy
servers. Clearly in your case it seems to be working.

"Jeff Mallinger" <> wrote in message
> Hello -
> I was testing NTLM (challenge/response) authentication with one of my IIS
> servers (which sits on the other side of our firewall) and when I accessed
> the site, it prompted me with a username/password box. When I entered my
> credentials for the domain that the site belongs to, it granted me access
> the site.
> I've read that NTLM isn't supported through *most* firewalls, since most
> firewalls don't have ports 137/138 open (for NetBIOS - or NetBT ?). I
> administer our firewall and double-checked that those ports aren't open -
> which seems wierd to me that I was able to get the prompt & authenticate.
> I thought that IIS perhaps rolled-back and authenticated me with
> Basic authentication - but in my IIS website properties, I had Anonymous
> access turned off & the Basic authentication option unchecked -- only
> Integrated Windows authentication.
> Both the server and client machines are Win2k Server - but both belong to
> separate NT4 domains.
> Does anyone have any idea how authentication was successful - what method
> was used & why?
> Thanks for the info!
> -j