Re: SOLUTION FOUND!!! No more inputting credentials for RPC over HTTP Connections!!!!

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Tue, 19 Apr 2005 13:48:15 -0700, "Daren DiClaudio"
<duomenox@xxxxxxxxxxxxxxxxx> wrote:

>I have asked this question many times on these forums and all the MS peronel
>claimed it was not possible.
>
>I actuall found a KB Article, completely by mistake that shows what needs to
>be done to fix it.
>
>The article is here:: http://support.microsoft.com/default.aspx?
>scid=kb;en-us;820281
>
>The main info you need ot know is as follows,
>
>You must be using NTLM Authentication, not Basic if you wish to bypass the
>prompt for credentials.
>You must be part of a domain or have the passwords saved in your user
>profile (check your managed
> passwords under user accounts).
>
>Edit the following key in the registry to a 2 or a 3 depending on your
>situation:
>(You can copy this into a notpad doc, name it x.reg and import it).
>
>
>Windows Registry Editor Version 5.00
>
>;Stops Outlook from asking for user credentials when using RPC over HTTP
>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
>"lmcompatibilitylevel"=dword:00000002
>
>
>Use the 2 if you have any Windows 9x or 2000 computers/server you need to
>communicate with on your network.
>Use 3 if you have all Windows XP and 2003 computers/servers on your network.
>
>Hope this helps some of you, the KB article was really hard to find for some
>reason, I think I was using bad keywords for a while...
>

You need to make sure that the NTLM credentials pass through the
firewall and also the border routers properly. You need to test with
Basic first and then try with NTLM. Chat to your firewall chaps before
putting the NTLM into production as a solution.
.

Relevant Pages

  • Re: HttpWebRequest and 401
    ... Linux machines do not support NTLM natively (though Mozilla *was* ... >> I think you're confusing authentication types. ... This class would make a call to the>>>protected site with the user's credentials on behalf of the user. ... I understand auth types, NTLM works well for> windows domain acounts, what about other OSes? ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Why unable to proxy NTLM?
    ... Windows authentication mechanisms on a web server. ... The reason I want to be able to pass through NTLM is a bit different. ... I want to enable a customised local proxy that checks whether a GET ... not attempt to send the credentials it just gives up on the request ...
    (microsoft.public.isa)
  • Re: Event log shows NTLM not Kerberos
    ... so this is for a network login. ... Authentication Package: NTLM ... Authentication Package NTLM not Kerberos? ...
    (microsoft.public.security)
  • Re: Integrated windows security HTTP500 error
    ... fix your domain to do Kerberos internally, ... - accessing the website from a PC within the network, ... With Integrated Authentication enabled, it defaults to NTLM on Win2000 ...
    (microsoft.public.inetserver.iis.security)
  • Re: SPNEGO NTLM / Kerberos over HTTP (aka RFC4559) confusion
    ... In our situation the Microsoft SSPI has decided that since there are ... credentials available due to an interactive logon to the same machine ... that happens to run our application it's going to send the NTLM ... That problem doesn't really have anything to do with SPNEGO. ...
    (comp.protocols.kerberos)