Re: XP Users Can't Access After Upgrade/Migration
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: Mon, 30 Jun 2003 23:46:09 -0700
There are a few things you can check, and just what one may
be operative will depend on what Bernard has asked, and also
possibly on whether the webserver and/or clients are within an
uplevel domain or are being used stand-alone or with local login.
The following are all to be found in the group policy effective
for the machines, and are worth checking if the IIS is set to
allow Windows authentication and the browser is IE
First, XP Pro tends for some incomprehensible reason to not
come by default set to do NTLM v2. If you check in the local
security settings within policy you may find it is set (at least
initially) to use LM and NTLM . This is a problem if the W2k
is set to only use NTLM v2 and you are using Windows
authentication on the IIS.
Second, if the above does not fix you up, examine the settings
on client and server, for signing digital communications. If you
find them such that server requires, or tries, and client will always
or if server agrees, basically any combo so that they will come
up with a negotiation to use digital signing, then this can be the
problem if the XP is at Sp1 and W2k at Sp3 or 2. Try setting
so that they will not agree to digitally sign communications.
I am hoping this is fixed with W2k Sp4 but I have not had time
"Rick" <Bob@bob.net> wrote in message
> We have a website that is running IIS 4 and Windows NT 4 server. I
> the website to IIS5 Windows 2000 server. The website authenticates
> from the web server to a midrange box.
> There is the problem:
> Users with Windows XP can not login to the website after moving the
> to IIS 5 and W2K server (NT workstations works fine) .
> The same website running on IIS4 and NT 4 server allows both users with XP
> and NT workstations to authenticate. Its not a rights issue because the
> same users on different OS seem to encounter problems when try to
> authenticate for via the XP OS. Any ideas ? The IIS settings are exactly
> the same on both IIS 4 and IIS 5. I even drilled down to the file leave
> security. The obvious difference is between IIS 4 vs. IIS 5 and NT4
> vs. W2K server.