Re: Tough password question!

Is it possible that NTLMv2 login is failing for some reason and the server /
clients are trying to fall back to NTLM auth? If NTLM supports a smaller
character set, this could be a reason for it failing. How do I know if my
login is authenticated by NTLMv2?

There is a reg hack or a policy setting which forces NTLMv2 and fails other
types of auth - I'll try to find that...

If I work anything out I'll let you know.

If the question was not clear - sorry! Let me know which bits you need me
to expand on. JL

"Herb Martin" wrote:

> >> Somebody please save me from insanity!! Thanks.
> >
> > 15 characters is too long. 14 is the max
> >
> > Step-by-Step Guide to Enforcing Strong Password Policies:
> > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx
> >
> > You'll need to reset the password and follow the maximum length allowed of
> > 14 characters.
> >
>
> Something wrong here -- the question wasn't real clear -- because
> I have (consistently) used passwords longer than 14 characters on
> Win2000 member servers and domains both.
>
> NT had a problem here. Win2000 does not in my experience.
>
> What are we missing in this discussion?
>
> In fact I recommend that people use MORE than 14 characters
> whenever there is no need to support NT and LMHashes. Part
> of the value is the long password effectively disables the weaker
> hash storage.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx> wrote in
> message news:uc3v0YkAGHA.4080@xxxxxxxxxxxxxxxxxxxxxxx
> > In news:A4ECA5D6-5D07-4D75-9EEB-A73CF432B4AB@xxxxxxxxxxxxx,
> > J Lloyd <JLloyd@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I commented on
> > below:
> >> I have a Windows 2003 Native mode domain & forest. I am joining a
> >> 2000 member server to it. It will not accept the domain
> >> administrator username and password which is 15 characters long and
> >> complicated including non-alpha chars to join the domain.
> >>
> >> If I change the password to something shorter like Password1 it
> >> works. When I reboot the server, it will not login when the admin
> >> password is reset to the hard password. It will login locally with
> >> this password set to the local admin account, or to a domain user
> >> account and it will login if I change the domain admin password to
> >> the simple example above.
> >>
> >> No event log issues on either the (single) DC or server. It is not a
> >> keyboard / languange issue as I type the password in to the username
> >> box it and looks correct.
> >>
> >> I am stumped as to why this can be! The password is okay when used
> >> on a normal user account, or even another domain admin. If the
> >> Administrator account is set to this password, it cannot login. It
> >> doesn't make sense...
> >>
> > --
> > Ace
> >
> > This posting is provided "AS-IS" with no warranties or guarantees and
> > confers no rights.
> >
> > If you are having difficulty in reading or finding responses to your post,
> > instead of the website you are using, I would suggest to use OEx (Outlook
> > Express or any other newsreader of your choosing), and configure a
> > newsgroup account, pointing to news.microsoft.com. This is a direct link
> > into the Microsoft Public Newsgroups, and it is FREE and DOES NOT require
> > a Usenet account with your ISP. With OEx , you can easily find your post
> > and watch & track threads, sort by date, poster's name, watched threads or
> > subject.
> >
> > Not sure how? It's easy and you'll enjoy it
> > How to Configure OEx for Internet News
> > http://support.microsoft.com/?id=171164
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> > Microsoft MVP - Windows Server Directory Services
> > Microsoft Certified Trainer
> > Assimilation Imminent. Resistance is Futile.
> > Infinite Diversities in Infinite Combinations.
> > =================================
> >
> >
>
>
>
.

Relevant Pages

  • Secure web authentication system w/o SSL and PKI
    ... In the beginning, a user should be able to register for an account, ... minted one-time password to their email address. ... it is assumed that only both the server and the end ... I'm making the big assumption that the user's email login has not been ...
    (comp.security.misc)
  • Re: user cant access OWA or RWW
    ... I filtered the Security log on the server using her name in the User box and unchecked Success. ... Now I see Event 533's for her account when I tried it this morning. ... There should be a couple of events during this login process. ...
    (microsoft.public.windows.server.sbs)
  • Re: Error 10061, 0x800ccc0e, bug?
    ... message 'connection to server cannot be established. ... booting and in your first XP login session, ... * changing windows account is not important, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: 0x800ccc0e & 0x800ccc0d
    ... Are you saying that I,:login username@xxxxxxxxxxxxx? ... Tiscali is my ISP but I have not got an e-mail account with them, ... server, set a reasonable number of days to delete from server, or your ISP ... Your Live mail account Will NOT work in WM, ...
    (microsoft.public.windows.vista.mail)
  • Re: What is the maximal length of usernames on Solaris?
    ... > characters is limiting to some users. ... >> It is quite common for users to want a shorter login ... can't have a name that's already taken, and nobody has to have meetings ... appeared as part of an account name. ...
    (comp.sys.sun.admin)