NTLM Logon Fails Because Network Domain Name Not Passed
Posted on 2004-10-04
Hi all, I hope you can help me with this one since it has been troubling me for a number of weeks and has our IT people stumped as well. You'll have to forgive me if I use incorrect terminology since Networks are not my area.
The basics: I have a client computer running Windows XP Pro and a server running Windows 2000 Server. When I attempt an NTLM network logon from my client to the server using my network domain account credentials it fails.
The nitty-gritty details (which may or may not be pertinent - I just don't know, so I'm giving everthing that might be):
The server computer is not a domain name controller. From our IT people's perspective it is really just another client computer, but it is running SQL Server and IIS (so from my software developer point of view it is a server).
There are two typical cases where an NTLM network logon attempt is made. One, when I try to establish an Enterprise Manager connection to SQL Server running on the server. Two, when I attempt to start a Visual Studio .NET debugging session on a web project based on the server. Both cases result in two Failure Events being logged in the Security Event Viewer, which indicates to me that this likely a Windows security issue and not just an application issue. The first event has ID 681, the second has ID 529. Looking more closely as Event ID 529, the domain name is listed as the local domain name of the server machine, NOT the network domain name of my user account attempting to logon.
Here are some of the results from some experiments we have done to try to isolate where the problem is occurring:
1. If someone else logs on to my client computer and attempts an NTLM network logon to the server, it works (the successful logon Event ID indicates that the nework domain name was properly passed).
2. If I attempt an NTLM nework logon to a different server, it works (again the network domain name is properly passed).
So it seems like this is a problem that is specifically about my particular user account combined with these particular machines. The problem started at about the same time that I created a new ASP.NET project through Visual Studio. This might be coincidence; it might not.
Final note: My wonderful IT folks have provided a bandaid to the problem, by showing me how to create a local user account on the server that matches my network user account (username and password), which makes the logon at least succeed. For various reasons (especially having to do with the VS debugger), this is not really an ideal solution, however.
I appreciate greatly any assistance you can provide. Thanks!