Issue:
===============We used to get three prompts resulting in 401.1 while our website hosted on IIS 6 was configured to use NTLM. The event logs showed following entries during the issue. Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/08/2009
Time: 16:30:27
User: NT AUTHORITY\SYSTEM
Computer: ********
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: ****
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ******
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ***********
Source Port: 1856
Resolution:
===============We found that even the file shares were not working, so this was not just a website specific problem. We took the network traces and found from the network traces that we were using NTLM v1 on the client as opposed to NTLM v2. The v2 is more secure and is preferred. Probably they had set LMCompatibility to 0 as discussed in http://support.microsoft.com/kb/239869 So we focussed our investigation towards the NTLM versions being used and the group policy settings for them. We found that our security group policies had prohibited NTLNv1 due to which we had the issue. Read more: Simple Solutions To Strange Problems!!
===============We used to get three prompts resulting in 401.1 while our website hosted on IIS 6 was configured to use NTLM. The event logs showed following entries during the issue. Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/08/2009
Time: 16:30:27
User: NT AUTHORITY\SYSTEM
Computer: ********
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: ****
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ******
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: ***********
Source Port: 1856
Resolution:
===============We found that even the file shares were not working, so this was not just a website specific problem. We took the network traces and found from the network traces that we were using NTLM v1 on the client as opposed to NTLM v2. The v2 is more secure and is preferred. Probably they had set LMCompatibility to 0 as discussed in http://support.microsoft.com/kb/239869 So we focussed our investigation towards the NTLM versions being used and the group policy settings for them. We found that our security group policies had prohibited NTLNv1 due to which we had the issue. Read more: Simple Solutions To Strange Problems!!
Posts
0 comments:
Post a Comment