Re: XP Users Can't Access After Upgrade/Migration

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 07/01/03


Date: Mon, 30 Jun 2003 23:46:09 -0700


There are a few things you can check, and just what one may
be operative will depend on what Bernard has asked, and also
possibly on whether the webserver and/or clients are within an
uplevel domain or are being used stand-alone or with local login.

The following are all to be found in the group policy effective
for the machines, and are worth checking if the IIS is set to
allow Windows authentication and the browser is IE
First, XP Pro tends for some incomprehensible reason to not
   come by default set to do NTLM v2. If you check in the local
   security settings within policy you may find it is set (at least
   initially) to use LM and NTLM . This is a problem if the W2k
   is set to only use NTLM v2 and you are using Windows
   authentication on the IIS.
Second, if the above does not fix you up, examine the settings
   on client and server, for signing digital communications. If you
   find them such that server requires, or tries, and client will always
   or if server agrees, basically any combo so that they will come
   up with a negotiation to use digital signing, then this can be the
   problem if the XP is at Sp1 and W2k at Sp3 or 2. Try setting
   so that they will not agree to digitally sign communications.
   I am hoping this is fixed with W2k Sp4 but I have not had time
   to investigate.

Roger

"Rick" <Bob@bob.net> wrote in message
news:3f0096e5$0$99$8f4e7992@newsreader.goldengate.net...
> We have a website that is running IIS 4 and Windows NT 4 server. I
migrated
> the website to IIS5 Windows 2000 server. The website authenticates
users
> from the web server to a midrange box.
>
> There is the problem:
>
> Users with Windows XP can not login to the website after moving the
website
> to IIS 5 and W2K server (NT workstations works fine) .
>
> The same website running on IIS4 and NT 4 server allows both users with XP
> and NT workstations to authenticate. Its not a rights issue because the
> same users on different OS seem to encounter problems when try to
> authenticate for via the XP OS. Any ideas ? The IIS settings are exactly
> the same on both IIS 4 and IIS 5. I even drilled down to the file leave
> security. The obvious difference is between IIS 4 vs. IIS 5 and NT4
server
> vs. W2K server.
>
>