Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


HP RDP - my Linux PXE does not support NTLMv2 authentication?

Posted on 2009-04-12
Medium Priority
Last Modified: 2012-05-06

I have a HP RDP server in my environment which is not joined to domain. Its purpose is to create and deploy images of windows servers and also for scripted installation of ESX server 3.5. Initially I was able to scripted install ESX server and creat/deploy images of my Windows servers without any problems.

After I hardened my servers (i.e. apply security template) I found that I could still create/deploy images of my windows servers. However I was unable to scripted install ESX, the error returned was -13 (unauthorised access, unable to mount eXpress folder). I did some checking on the permissions and access rights to the eXpress folder but found nothing wrong. However I found that if I were to change the local security policy, under Security Settings, Network Security, it worked perfectly fine. Previously my RDP server was set to the default of "Send NTLM response only", after hardening the new setting is "Send NTLMv2 response only, refuse LM and NTLM".

Based on this it seems my Linux PXE can only send NTLMv1 request to my RDP server. But due to security restrictions, I can only use NTLMv2 in my environment. How can I upgrade of modify my Linux PXE to use NTLMv2? I've created a case with HP Tech Support, but its been 3 weeks and they've got given me a solution yet.

I should mention that I'm using a local admin account for the Linux PXE to access my RDP server.
Question by:harnamsc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 16

Expert Comment

ID: 24136377
Unfortunately, you have to disable NTLM for the Linux Box.

When added to the domain, it is taking group policies from the domain.  Depending upon the security options you have set (NTLM, encryption, etc.) this could be stopping the CIFS share authentication.

When the server was not part of the domain, it had default ploicies which did not block this.  Once added, higher security settings block NTLM v1 and require better encryption, which your Linux boot environmnet won't do.

So try this, create a new GPO for that server (meaning, place that server in its own Organizational Unit (OU) and create a new group policy object).  In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: LAN manager authentication level" to "Send LM and NTLM, negotiate V2."

In the same GPO, also In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: Minimum session security for NTLM SSP based (including secue RPC) clients" to have all 4 boxes unchecked.

Now apply this GPO to the OU, move the Altiris Deployment server to the OU, and reboot the server.  Then, try again to see if it works.

**********A side note here, you must use a local account on that server for authentiacation.  If you use a domain account, that account tries to authenticate against the domain controller, and in that case, would still fail.  Because the DC still has the higher NTLM and security settings.  Therefore, use an account that is local to that server and see if it works.

Author Comment

ID: 24137682
Thanks Ai Ja Nai, however the problem is the environment is high security and its very unlikely that my client will accept downgrading the protocol from NTLMv2 to NTLM. Hence my asking this question in the hopes that I will be able to find a way to update / upgrade my Linux PXE.

Also applying a GPO to my RDP server will not work as its not joined to domain, i.e. stand-alone. I should point out that the server images being deployed are joined to domain however. But that doesn't affect the Linux PXE.
LVL 16

Accepted Solution

ai_ja_nai earned 2000 total points
ID: 24174488
ok. My answer therefore is "you can't". Windows <-> Linux interoperability is not at such a level
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.


Author Comment

ID: 24192147
I see, thanks ai ja nai.
Moderators: Is there a way to close this thread? Or must I award the point to ai ja nai? Technically there is no solution to this problem.
LVL 16

Expert Comment

ID: 24192257
Even if the solution is "you can't", that is the "correct" answer that deserves points. In the future, people trying to do the same will know that's impossible

Author Comment

ID: 24193500
Alright, Ai Ja Nai thanks for your time and here are the points.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question