Ok, where to start... I apologize if this has been previously discussed (I'm praying that it has,) but I can't find any usefull info on how to fix this.
Basic win2k srvr (SP3) IIS 5.crap
15 Virtual domains.
Took MS's 'hisecws' security template, made a few minor tweaks to it (like changing banners etc, nothing major), analyzed, and then applied.
Have a plain old .asp file in IIS under one of the domains, that has to be passworded. It had been setup with No anonymous access, so it was using Integrated Windows authentication.
Before security template application, you pull up a remote browser, authentication window pops up, used Administrator's account (for the sake of this discussion) and blank Domain (the server does not use AD) and it would work like a champ.
After the application of 'hisecws' template, pull up a remote browser, do the SAME thing, NO GO! I get the obnoxious;
Reason: Unknown user name or bad password
User Name: Administrator
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: My_ws_name
Joined by another:
The logon to account: administrator
from workstation: WEBAIR-P15E3F1W
failed. The error code was: 3221225578
Pull up a browser locally on the machine, and SAME damned username and password, and it works like a champ.
So ok, let's go and tweak the "Log on locally" and "Access this computer from Network" tokens. Added everyone and their mother (after frustration) to these two. Then, I even turned off the Null Session protection by disabling the "Additional restrictions for anonymous connections" limitations.
Unfortunately I can NOT establish a remote Null session to this machine, but why the HELL would I need to??
STILL NO GO!@#*^
Obviously, when I change the protection in IIS to just use Basic Authentication, same username and password works like a champ remotely and locally.
What in the hell gives??
I have gone through every single setting under Security Settings in GPO and have Laxed up anything I think would be causing a problem, but I've run out of ideas.
I border on desperation for a fix! :)
And I apologize for my tone, I'm just furious at what a pain in the neck securing windows can be.
I'd appreciate any help.