NTLM authentication fails - Need tips on how to configure Server 2008
Hello,I am member of a smallsolutiondevelopment team and have no formal background i Window Server, only years of "school-of-life" practical experience with computer systems.In our system test lab we have two servers (servers A and B) both running WinServer2008 SE SP2 in a more or less "out-of-the-box" state regarding GPOs: Default Domain Controllers Policy and Default Domain Policy are the only two defined. There are a small number of XP-based workstations as well. All this run as clockwork :-). The two servers are both set up to be DC.On server Athere is a Tomcat webserver (ver 5.0.28) which asks for a spesificweb page by providing an URLto the IIS of server B. This request is denied because the NTLM authentication of the requesting "user" fails from the Tomcat Server fails. The Event log on server B shows authentication failure because of uknown user or incorrect password. In the course of this problem solving I have read that this is also the symptom one gets if the real reason is a failure of the authentication mechanism itself, despite using correct user name and password. We have seen by logging network traffic other places in the system chain (Wireshark) that the supplied user name / password is correct (no typos).This authentication succeeded in a previous setup, which was abandoned this summer. This setup was somewhat different: The Tomcat webserver ran on a WinServer2003 (can't remember the SP, but Iam sure it was the latest one at the time) The Tomcat webserver sent the URL to the ISS of an XP-based workstation Also, if I insert th URL in an IE browser on server A addressing server B, I get the desired response. Then the authentication takes place based on NTLMv2.I have tried all the six settings of Network Security: LAN Manager authentication level with any change in behaviour.Are there any other policies that I need to check / define (remember, the two GPOs are fairly basic at the moment)?I am thankful for any tips leading to the resolution of this issue :-)RegardsErling Rsg
August 25th, 2009 11:17am

IIUC, you need to enable Integrated Authentication on your web-server.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2009 12:26pm

IIUC, you need to enable Integrated Authentication on your web-server. [http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds I am just checking it now, and it seems to be enabled. But, of course, I may misundertand how to enable this; itis a hierarchy of enabling mechanisms as far as I can see. I do not knowwhich level overrides which.Besides, I get the desired response when I insert the URL in a IE browser. Doesn't that also use the same authentication mechanisms?RegardsErlingR
August 25th, 2009 1:38pm

I don't know anything about Tomcat software, so you need to read software manuals.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2009 2:32pm

Ok, thanks anyway :-)I have someone looking at it from the Tomcat side.RegardsErlingR
August 25th, 2009 3:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics