NTLM

  • Thread starter Thread starter news.starhub.com.sg
  • Start date Start date
N

news.starhub.com.sg

Hi All,

It seems that I have a problem with NTLM in my Windows 2003. I tried to
access a program located in Windows 2003 server using my Win2K Professional.
When I tried to log into the application, it says "Access is Denied".

In the Event Log, I found this error,

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 30-Dec-03
Time: 2:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: OSAN
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: wyc
Domain: AAF
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HELP
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xx.xxx.xxx.xx
Source Port: 1496

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I search for help in both MSKB and Windows 2003 Help file. In Windows 2003
server, I found this article,

"You can configure this security setting by opening the appropriate policy
and expanding the console tree as such: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\"

May I know where can I find it? Also, does anyone has experience this
before?

Thanks in advance.
 
This article may be helpful:

289243 MS02-001: Forged SID Could Result in Elevated Privileges in Windows
2000
http://support.microsoft.com/?id=289243

Also, if you have trust with an NT domain and W2K machines are on this
domain, check that the W2K stations have synchronized the time with the W2K
domain.

--
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi,

Thanks for your reply. But the Win2K professional has been patch with the
latest Service Pack and all security hotfixes.

Any other ideas that I can try?

Thanks.
 
By the way, this happens when the client is XP too. Our DC is Windows 2000
SP2 and remember the server that is hosting the application is Windows 2003.

Thanks. :)
 
Um . . . I'm not an authentication expert, but this sounds like it might be
that NTLM doesn't do double-hop auth. If it's you own in-house app, the
solution is to use kerberos and delegation. I don't know what
kb/whitepapers cover this, but there ought to be good enough search terms in
those previous 2 sentences for you to find a good explanation with your
favorite search engine.


If that's not it, I'd start sniffing the network traffic.

(btw: The path you asked about in your first post looks like it was from the
group policy snapin in mmc.)
 
Back
Top