MS security template breaks IIS 5 remote authentication! HELLLP!!

Posted on 2003-03-11
Medium Priority
Last Modified: 2013-12-04
Ok, where to start... I apologize if this has been previously discussed (I'm praying that it has,) but I can't find any usefull info on how to fix this.

Basic win2k srvr (SP3) IIS 5.crap
15 Virtual domains.

Took MS's 'hisecws' security template, made a few minor tweaks to it (like changing banners etc, nothing major), analyzed, and then applied.

Have a plain old .asp file in IIS under one of the domains, that has to be passworded. It had been setup with No anonymous access, so it was using Integrated Windows authentication.

Before security template application, you pull up a remote browser, authentication window pops up, used Administrator's account (for the sake of this discussion) and blank Domain (the server does not use AD) and it would work like a champ.

After the application of 'hisecws' template, pull up a remote browser, do the SAME thing, NO GO! I get the obnoxious;

Logon Failure:
      Reason:          Unknown user name or bad password
      User Name:     Administrator
      Domain:          WEBAIR-P15E3F1W
      Logon Type:     3
      Logon Process:     NtLmSsp
      Authentication Package:     NTLM
      Workstation Name:     My_ws_name

Joined by another:

The logon to account: administrator
 from workstation: WEBAIR-P15E3F1W
 failed. The error code was: 3221225578


Pull up a browser locally on the machine, and SAME damned username and password, and it works like a champ.

So ok, let's go and tweak the "Log on locally" and "Access this computer from Network" tokens. Added everyone and their mother (after frustration) to these two. Then, I even turned off the Null Session protection by disabling the "Additional restrictions for anonymous connections" limitations.

Unfortunately I can NOT establish a remote Null session to this machine, but why the HELL would I need to??


Obviously, when I change the protection in IIS to just use Basic Authentication, same username and password works like a champ remotely and locally.

What in the hell gives??  

I have gone through every single setting under Security Settings in GPO and have Laxed up anything I think would be causing a problem, but I've run out of ideas.

I border on desperation for a fix! :)

And I apologize for my tone, I'm just furious at what a pain in the neck securing windows can be.

I'd appreciate any help.
Question by:aebnerez
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Expert Comment

ID: 8115830
Have you check the version of NTLM being used. The high security template uses NTLMv2 and does not accept LM or NTLMv1 authenication.

Accepted Solution

Ghost_Hacker earned 300 total points
ID: 8115934
This site shows the settings changed for each template and some things to watch out for.


You'll want to look at the "LAN Manager Authentication Level" and see if it's set to "Send NTLM version 2 (NTLMv2) response only". If it is change it so that the server accepts NTLM and you should be good to go.

Expert Comment

ID: 8115948
Oh I would reboot after changing it.

Author Comment

ID: 8120458
You are the man! Thanks so much, I can't believe it was right under my nose, I skipped that setting god knows how many times. The reboot btw wasn't necessary, it works like a champ!!
I set it to accept NTLM, but use NTLMv2 if negotiated. I think considering the side effects of NTLMv2-only, that is a fair compromise.

Thanks so much again!

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question