Re: Authentication troubles

From: Jerry (jerry.giacinto_at_ketteng.com.nospam.com)
Date: 03/23/04


Date: Tue, 23 Mar 2004 08:00:31 -0700

Thanks for your responses, Ken and Bernard.

  I don't think that he is using NTLM v.2, but I'm really not sure how to
tell. The reason I think that he's not is because I know it's not "default"
behavior for Win 9x clients, and I setup his computer to begin with.
However, one of my tests was to enable NTLM v.2 per MS KB Q239869
(http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869). When
that didn't work, I removed the registry change that forced NTLM v.2. Now
that I think of it, I never tried the setting to force LM and NTLM only -
may be worth a shot.

  I should've mentioned that the web server is not part of a domain. Good
idea, though.

  As for SSL, I actually would prefer that myself. Is the only way to
enable SSL to purchase a security certificate from a company such as
Verisign? And, if so, once I have the certificate, how do I apply it just
to the Virtual Directory in IIS (the web folder)? When I view the
properties for the virtual directory, the Server Certificate button is
grayed out. Currently, the web folder is a virtual directory under the
actual website. So users access it as www.domainname.com/webfolder, for
example. I think that's the only way for me to set it up. I guess I would
apply the certificate at the site level and require secure communications at
the web folder level?

Thanks and best regards,
  Jerry

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:e1MRgvJEEHA.3980@TK2MSFTNGP09.phx.gbl...
> If user are coming from the internet, I would suggest you configured Basic
> Auth with SSL.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:eyehAOIEEHA.3372@TK2MSFTNGP10.phx.gbl...
> > a) NTLM v2 authentication does not work through most proxy servers,
> because
> > it requires an open end-to-end connection between server and client for
a
> > couple of back-and-forward messages. If there is a proxy server between
> him
> > and your server, NTLM v2 authentication will most likely fail
> >
> > b) Ensure that he is including the appropriate Domain Name in the user
> > crentials: Domain\Username, otherwise IIS will use the local machine,
i.e.
> > assume that the user wants WebServerName\UserName which may not be a
valid
> > account.
> >
> > Cheers
> > Ken
> >
> > "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
> > news:%232d11lGEEHA.2908@TK2MSFTNGP09.phx.gbl...
> > : I have a web folder setup on IIS 5 on Win 2K server. The
> authentication
> > : level is set to Integrated Windows Authentication, and I do not allow
> > : anonymous access. It wouldn't matter if I did, because the folder and
> > it's
> > : contents have specific NTFS permissions. This has been working well
for
> > all
> > : clients accessing it until now.
> > :
> > : One client is running Win 98 se with IE 5.5 SP2 - current on all
> > patches.
> > : When the user tries to connect from that machine using IE, he gets
> > prompted
> > : three times for a username and password, then it gives the "You are
not
> > : authorized to view this page" message in IE. When he tries to add the
> web
> > : folder in Windows Explorer, he gets prompted three times, then gets
the
> > : message, "You do not have permission to access this web folder
> location."
> > : All I get in the IIS log is a 401 entry, but no error messages or
> > indication
> > : of what is happening.
> > :
> > : When I switch the authentication to Basic, he is able to logon just
> > fine.
> > : It appears that the username is not being received correctly by IIS
> > because
> > : he is not able to lock out the account after enough tries with an
> > : intentionally wrong password (but it can be done by a client that is
> able
> > to
> > : logon normally).
> > :
> > : He is running Roadrunner-provided hi-speed internet with Norton
> Personal
> > : Firewall. He has tried with the firewall software disabled, but that
> did
> > : not work. I have verified that the server will accept LM, NTLM, and
> NTLM
> > : v.2 requests. I have verified his IE Security and Advanced settings
> with
> > a
> > : similar client that is able to logon correctly. I am running out of
> > ideas.
> > : The only thing I can figure is that Roadrunner may have something in
> their
> > : setup that is not allowing this to function - but that seems like a
> > : longshot.
> > :
> > : Although I have found several posts dealing with Integrated Windows
> > : Authentication and logon failures, I have not found any that solve or
> > : explain my circumstance. Any help would be greatly appreciated.
> > :
> > : One side note about the IIS logs - when it logs his attempt to
> connect,
> > : his client information is listed as
> > : (compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the T312461
> > : because it doesn't show up on any other clients that I've seen, even
if
> > they
> > : are current on MS patches. It does not appear to be part of the
> > : authentication problem, but I'm including it just in case it sticks
out
> to
> > : someone.
> > :
> > : Thanks for your help,
> > : Jerry
> > :
> > :
> >
> >
>
>



Relevant Pages

  • Re: Authentication troubles
    ... one of my tests was to enable NTLM v.2 per MS KB Q239869 ... And, if so, once I have the certificate, how do I apply it just ... properties for the virtual directory, ... the web folder is a virtual directory under the ...
    (microsoft.public.inetserver.iis)
  • Re: (New Subject): How to eliminate prompt for credentials when using RPC over HTTP
    ... I went over your instructions and can't find what I'm missing; ... NTLM password prompt, but I'm not seeing it anymore. ... and it wouldn't work if there were certificate problems. ...
    (microsoft.public.windows.server.sbs)
  • Re: Authentication troubles
    ... Integrated Windows Authentication offers two authentication mechanisms: ... then the Win95 client can not be used Kerberos ... I think you are using NTLM v2. ... Certificate Services. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Authentication troubles
    ... Integrated Windows Authentication offers two authentication mechanisms: ... then the Win95 client can not be used Kerberos ... I think you are using NTLM v2. ... Certificate Services. ...
    (microsoft.public.inetserver.iis)
  • Re: Authentication tag confusion
    ... make sure you setup the virtual directory to run as a user that has ... the authentication to be NTLM or Basic and this would still work. ... Please do not send email directly to this alias. ...
    (microsoft.public.data.xmlanalysis)