Re: RIS 2003 won't work with NTLMv2!!
From: NIC Student (nospam_at_nospam.land)
Date: 01/13/05
- Next message: Yancey B. Jones: "OEM Install and password saving issues"
- Previous message: Chris E.: "RE: XP Home new installation hangs in config wizard"
- In reply to: Research Services: "Re: RIS 2003 won't work with NTLMv2!!"
- Next in thread: Research Services: "Re: RIS 2003 won't work with NTLMv2!!"
- Reply: Research Services: "Re: RIS 2003 won't work with NTLMv2!!"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 Jan 2005 08:39:54 -0800
Hi,
If you can give me a complete summary of your environment, I would be happy
to forward the information to the RIS/Deploy group for you.
I need to know:
OS and service pack levels of all DCs and RIS servers.
RIS server also a DC or a DHCP server?
Your findings with the root & child NTLM settings.
Forest and domain functional levels (2000 native, etc...)
If you prefer to email me the results, please do so:
sbaldridge@NOSPAMmvps.org (remove nospam).
-- Scott Baldridge Windows Server MVP, MCSE "Research Services" > So I'm wondering if someone at Microsoft (RIS Group?) is going to take a > look at this and find a fix? With all of the concern about Security > lately, it only seems that more people are going to run into this problem. > > > > "NIC Student" >> Thanks for your update! >> >> -- >> Scott Baldridge >> Windows Server MVP, MCSE >> >> >> "Research Services" >>> Yes, we can create new images (riprep) without a problem up to the RIS >>> 2003 Server with NTLMv2 set on our Child DCs. >>> We verified that the DCs in the root of the Forest above us are all >>> Windows 2000 SP4 or Windows 2003. >>> However, the root DCs are NOT set to: Send NTLMv2 response only\refuse >>> LM & NTLM >>> >>> Minutes after I make the change to the GPO for our Child DCs to: Send >>> NTLMv2 response only\refuse LM >>> RIS 2003 works just fine. >>> >>> Thanks for your help. >>> >>> >>> >>> >>> >>> "NIC Student" >> Hi, you have a good question here. >>>> >>>> When I look at the chart you provided, and after looking at the KB >>>> article, it appears to me that the NTLM2 will work with RIS if: >>>> >>>> DCs are W2003 or W2kSP4. >>>> RIS server is 2003 >>>> Client OS is XPSP1 or greater. >>>> >>>> I also found one additional bit of information, be sure to verify: >>>> Important If your computer is in a child domain with a parent domain >>>> above it, and the parent domain has not been updated, the Q327536 fix >>>> does not work in the child domain. >>>> >>>> Have you tried making a new, slipstreamed image of XP with SP2 and >>>> creating a RIS image on the server? Don't slipstream an existing >>>> image, make a new one. I'd be curious if that works. I don't have >>>> access to a lab with the right mix of DCs to test it until this >>>> weekend. >>>> >>>> -- >>>> Scott Baldridge >>>> Windows Server MVP, MCSE >>>> >>>> >>>> "Research Services" >>>> >>>>> RIS 2003 won't work with NTLMv2!! >>>>> >>>>> >>>>> >>>>> Why won't RIS 2003 work with NTLMv2 on Domain Controllers? >>>>> >>>>> We are a Child Domain within an Active Directory Forest, we've got 1 >>>>> Windows 2003 DC, and 2 Windows 2000 SP4 DCs in our Child Domain. All >>>>> DCs are Critical and Suggested Patched. >>>>> >>>>> RIS is running on Windows 2003. >>>>> >>>>> >>>>> >>>>> RIS works fine as long as this is the NTLM setting on our DCs: >>>>> >>>>> Network security: LAN Manager authentication level >>>>> >>>>> - Send NTLMv2 response only\refuse LM >>>>> >>>>> >>>>> >>>>> Unless we are interpreting the article linked below wrong, why won't >>>>> RIS work with the following NTLM setting on our DCs: >>>>> >>>>> Network security: LAN Manager authentication level >>>>> >>>>> - Send NTLMv2 response only\refuse LM & NTLM >>>>> >>>>> >>>>> >>>>> RIS Security Log throws hundreds of 529 Errors as the RIS client sits >>>>> indefinitely at the "Setup is starting Windows" screen. >>>>> >>>>> >>>>> >>>>> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_RIS_NTLM_NTLMv2_choices.asp >>>>> >>>>> >>>>> >>>>> Microsoft KB Articles 285901 & 327536 appear to apply only to Windows >>>>> 2000 SP3 and earlier. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> If this is an issue with RIS 2003, will it be corrected in W2K3 SP1 >>>>> (so that RIS 2003 will work at NTLMv2)? Is there a PSS Patch >>>>> available until then? >>>>> >>>>> >>>>> >>>>> Thank you for any input or help. >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
- Next message: Yancey B. Jones: "OEM Install and password saving issues"
- Previous message: Chris E.: "RE: XP Home new installation hangs in config wizard"
- In reply to: Research Services: "Re: RIS 2003 won't work with NTLMv2!!"
- Next in thread: Research Services: "Re: RIS 2003 won't work with NTLMv2!!"
- Reply: Research Services: "Re: RIS 2003 won't work with NTLMv2!!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
