Welcome to HostingForumz.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Can't enable NTLM in IIS?

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Next:  IIS 7 remote administration  
Author Message
Alan

External


Since: May 25, 2007
Posts: 4



(Msg. 1) Posted: Fri Feb 08, 2008 1:37 am
Post subject: Can't enable NTLM in IIS?
Archived from groups: microsoft>public>inetserver>iis (more info?)
Hello,

I'm using IIS6 on Windows 2003 R2 server SP2 and I'm having a problem
with NTLM - I can't seem to enable it.

The problem is happening with Exchange virtual directories but I think
that it's an IIS problem.

So the only application installed on the server is Exchange. The
Default Web Site only has "Anonymous" as authentication method, the
Exchange virtual directory under it has Basic and Integrated
Authentication checked.

Using WFETCH, I've sent a GET to http://server/exchange/mailbox/,
specifying NTLM authentication and entering the username, password and
domain of an admin user with full access to all mailboxes. It returns
401.1.0 access denied error. However, the Exchange-side permissions
are good because Basic Authentication opens any mailbox using the same
admin credentials.

The server may have been installed from a slipstreamed SP1. I've
looked in the MetaBase XML and the NtAuthenticationProviders
correspond to what's indicated in the Property Pages.

Any ideas please?

Thanks,

- Alan.

 >> Stay informed about: Can't enable NTLM in IIS? 
Back to top
Login to vote
kenremove

External


Since: Aug 23, 2003
Posts: 3041



(Msg. 2) Posted: Sat Feb 09, 2008 2:04 am
Post subject: Re: Can't enable NTLM in IIS? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
NTLM authentication is a 2-step handshake

The server sends back a HTTP 401 with a challenge. You need to then create
the appropriate response and send that as part of a new request (this is why
NTLM authentication used to be called NT Challenge/Response Authentication)

Cheers
Ken

"Alan" <bruguy DeleteThis @gmail.com> wrote in message
news:bd3f0179-e5b3-44b2-ae8b-7d2794a60b89@1g2000hsl.googlegroups.com...
> Hello,
>
> I'm using IIS6 on Windows 2003 R2 server SP2 and I'm having a problem
> with NTLM - I can't seem to enable it.
>
> The problem is happening with Exchange virtual directories but I think
> that it's an IIS problem.
>
> So the only application installed on the server is Exchange. The
> Default Web Site only has "Anonymous" as authentication method, the
> Exchange virtual directory under it has Basic and Integrated
> Authentication checked.
>
> Using WFETCH, I've sent a GET to http://server/exchange/mailbox/,
> specifying NTLM authentication and entering the username, password and
> domain of an admin user with full access to all mailboxes. It returns
> 401.1.0 access denied error. However, the Exchange-side permissions
> are good because Basic Authentication opens any mailbox using the same
> admin credentials.
>
> The server may have been installed from a slipstreamed SP1. I've
> looked in the MetaBase XML and the NtAuthenticationProviders
> correspond to what's indicated in the Property Pages.
>
> Any ideas please?
>
> Thanks,
>
> - Alan.
>
>

 >> Stay informed about: Can't enable NTLM in IIS? 
Back to top
Login to vote
Alan

External


Since: May 25, 2007
Posts: 4



(Msg. 3) Posted: Sat Feb 09, 2008 3:44 am
Post subject: Re: Can't enable NTLM in IIS? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Thanks very much Ken. That's helped shed some light on it.

I've tried the same WFETCH NTLM test on our production and two,
separate test servers; it returns a 200 0 0 OK on the test servers and
401 0 0 on the production server.

I can't spot any obvious differences in the configuration of IIS (or
Exchange) on any of the servers and I've spent weeks looking. Any idea
why the production server never returns a 200 OK?

Cheers,

- Alan.

On Feb 9, 7:17 am, "Ken Schaefer" <kenREM....RemoveThis@THISadOpenStatic.com>
wrote:
> NTLM authentication is a 2-step handshake
>
> The server sends back a HTTP 401 with a challenge. You need to then create
> the appropriate response and send that as part of a new request (this is why
> NTLM authentication used to be called NT Challenge/Response Authentication)
>
> Cheers
> Ken
>
> "Alan" <bru....RemoveThis@gmail.com> wrote in message
>
> news:bd3f0179-e5b3-44b2-ae8b-7d2794a60b89@1g2000hsl.googlegroups.com...
>
> > Hello,
>
> > I'm using IIS6 on Windows 2003 R2 server SP2 and I'm having a problem
> > with NTLM - I can't seem to enable it.
>
> > The problem is happening with Exchange virtual directories but I think
> > that it's an IIS problem.
>
> > So the only application installed on the server is Exchange. The
> > Default Web Site only has "Anonymous" as authentication method, the
> > Exchange virtual directory under it has Basic and Integrated
> > Authentication checked.
>
> > Using WFETCH, I've sent a GET tohttp://server/exchange/mailbox/,
> > specifying NTLM authentication and entering the username, password and
> > domain of an admin user with full access to all mailboxes. It returns
> > 401.1.0 access denied error. However, the Exchange-side permissions
> > are good because Basic Authentication opens any mailbox using the same
> > admin credentials.
>
> > The server may have been installed from a slipstreamed SP1. I've
> > looked in the MetaBase XML and the NtAuthenticationProviders
> > correspond to what's indicated in the Property Pages.
>
> > Any ideas please?
>
> > Thanks,
>
> > - Alan.
 >> Stay informed about: Can't enable NTLM in IIS? 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting Problem Solving Community! (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]