HP RDP - my Linux PXE does not support NTLMv2 authentication?

Posted on 2009-04-12
Last Modified: 2012-05-06

I have a HP RDP server in my environment which is not joined to domain. Its purpose is to create and deploy images of windows servers and also for scripted installation of ESX server 3.5. Initially I was able to scripted install ESX server and creat/deploy images of my Windows servers without any problems.

After I hardened my servers (i.e. apply security template) I found that I could still create/deploy images of my windows servers. However I was unable to scripted install ESX, the error returned was -13 (unauthorised access, unable to mount eXpress folder). I did some checking on the permissions and access rights to the eXpress folder but found nothing wrong. However I found that if I were to change the local security policy, under Security Settings, Network Security, it worked perfectly fine. Previously my RDP server was set to the default of "Send NTLM response only", after hardening the new setting is "Send NTLMv2 response only, refuse LM and NTLM".

Based on this it seems my Linux PXE can only send NTLMv1 request to my RDP server. But due to security restrictions, I can only use NTLMv2 in my environment. How can I upgrade of modify my Linux PXE to use NTLMv2? I've created a case with HP Tech Support, but its been 3 weeks and they've got given me a solution yet.

I should mention that I'm using a local admin account for the Linux PXE to access my RDP server.
Question by:harnamsc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 16

Expert Comment

ID: 24136377
Unfortunately, you have to disable NTLM for the Linux Box.

When added to the domain, it is taking group policies from the domain.  Depending upon the security options you have set (NTLM, encryption, etc.) this could be stopping the CIFS share authentication.

When the server was not part of the domain, it had default ploicies which did not block this.  Once added, higher security settings block NTLM v1 and require better encryption, which your Linux boot environmnet won't do.

So try this, create a new GPO for that server (meaning, place that server in its own Organizational Unit (OU) and create a new group policy object).  In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: LAN manager authentication level" to "Send LM and NTLM, negotiate V2."

In the same GPO, also In the "Computer Configuration - Windows Settigs - Security settings - Local Policies - Security Options" change the "Network security: Minimum session security for NTLM SSP based (including secue RPC) clients" to have all 4 boxes unchecked.

Now apply this GPO to the OU, move the Altiris Deployment server to the OU, and reboot the server.  Then, try again to see if it works.

**********A side note here, you must use a local account on that server for authentiacation.  If you use a domain account, that account tries to authenticate against the domain controller, and in that case, would still fail.  Because the DC still has the higher NTLM and security settings.  Therefore, use an account that is local to that server and see if it works.

Author Comment

ID: 24137682
Thanks Ai Ja Nai, however the problem is the environment is high security and its very unlikely that my client will accept downgrading the protocol from NTLMv2 to NTLM. Hence my asking this question in the hopes that I will be able to find a way to update / upgrade my Linux PXE.

Also applying a GPO to my RDP server will not work as its not joined to domain, i.e. stand-alone. I should point out that the server images being deployed are joined to domain however. But that doesn't affect the Linux PXE.
LVL 16

Accepted Solution

ai_ja_nai earned 500 total points
ID: 24174488
ok. My answer therefore is "you can't". Windows <-> Linux interoperability is not at such a level
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.


Author Comment

ID: 24192147
I see, thanks ai ja nai.
Moderators: Is there a way to close this thread? Or must I award the point to ai ja nai? Technically there is no solution to this problem.
LVL 16

Expert Comment

ID: 24192257
Even if the solution is "you can't", that is the "correct" answer that deserves points. In the future, people trying to do the same will know that's impossible

Author Comment

ID: 24193500
Alright, Ai Ja Nai thanks for your time and here are the points.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP website on Linux - server DNS address could not be found. 18 112
NTPD Client Port Usage 12 92
Advice on ESXi 5.1 Health / Storage 1 76
CentOs root password/fsck issue 7 60
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question