Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

MS security template breaks IIS 5 remote authentication! HELLLP!!

Posted on 2003-03-11
4
Medium Priority
?
1,036 Views
Last Modified: 2013-12-04
Ok, where to start... I apologize if this has been previously discussed (I'm praying that it has,) but I can't find any usefull info on how to fix this.

Setup:
Basic win2k srvr (SP3) IIS 5.crap
15 Virtual domains.

Took MS's 'hisecws' security template, made a few minor tweaks to it (like changing banners etc, nothing major), analyzed, and then applied.

Have a plain old .asp file in IIS under one of the domains, that has to be passworded. It had been setup with No anonymous access, so it was using Integrated Windows authentication.

Before security template application, you pull up a remote browser, authentication window pops up, used Administrator's account (for the sake of this discussion) and blank Domain (the server does not use AD) and it would work like a champ.

After the application of 'hisecws' template, pull up a remote browser, do the SAME thing, NO GO! I get the obnoxious;

Logon Failure:
      Reason:          Unknown user name or bad password
      User Name:     Administrator
      Domain:          WEBAIR-P15E3F1W
      Logon Type:     3
      Logon Process:     NtLmSsp
      Authentication Package:     NTLM
      Workstation Name:     My_ws_name

Joined by another:

The logon to account: administrator
 by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 from workstation: WEBAIR-P15E3F1W
 failed. The error code was: 3221225578

errors!

Pull up a browser locally on the machine, and SAME damned username and password, and it works like a champ.

So ok, let's go and tweak the "Log on locally" and "Access this computer from Network" tokens. Added everyone and their mother (after frustration) to these two. Then, I even turned off the Null Session protection by disabling the "Additional restrictions for anonymous connections" limitations.

Unfortunately I can NOT establish a remote Null session to this machine, but why the HELL would I need to??

STILL NO GO!@#*^

Obviously, when I change the protection in IIS to just use Basic Authentication, same username and password works like a champ remotely and locally.

What in the hell gives??  

I have gone through every single setting under Security Settings in GPO and have Laxed up anything I think would be causing a problem, but I've run out of ideas.

I border on desperation for a fix! :)

And I apologize for my tone, I'm just furious at what a pain in the neck securing windows can be.

I'd appreciate any help.
0
Comment
Question by:aebnerez
  • 3
4 Comments
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8115830
Have you check the version of NTLM being used. The high security template uses NTLMv2 and does not accept LM or NTLMv1 authenication.
0
 
LVL 4

Accepted Solution

by:
Ghost_Hacker earned 300 total points
ID: 8115934
This site shows the settings changed for each template and some things to watch out for.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/sag_SCEdefaultpols.asp


You'll want to look at the "LAN Manager Authentication Level" and see if it's set to "Send NTLM version 2 (NTLMv2) response only". If it is change it so that the server accepts NTLM and you should be good to go.
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8115948
Oh I would reboot after changing it.
0
 

Author Comment

by:aebnerez
ID: 8120458
You are the man! Thanks so much, I can't believe it was right under my nose, I skipped that setting god knows how many times. The reboot btw wasn't necessary, it works like a champ!!
I set it to accept NTLM, but use NTLMv2 if negotiated. I think considering the side effects of NTLMv2-only, that is a fair compromise.

Thanks so much again!
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Screencast - Getting to Know the Pipeline
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question