ntlmv2 on WXP

[Peter Skvarka]

I have two stand-alone machines with WXP + SP2 and one stand-alone W2K3
Server.
On all three machines in local security policy I set: "Send NTLMv2 response
only".
After this setting I am no able to logon from one WXP machine to second WXP
machine and see network shares.
The same behavior is in opposite direction.
Result is the same when I try to logon to one of WXP machines from W2K3
Server.

Only when I try to log from WXP to W2K3 Server - only in this case logon is
successful and I can browse network shares on W2K3 Server.(In opposite
direction not)

When I set in local security policy: "Send NTLM response only" on all three
machines, logon is always successful, no problem.

Why NTLMv2 is not functional on WXP machines ?

Peter

 

[Steven L Umbach]

I have never had a problem using it . What I would do is to make sure all
computers are in synch time wise as only a thirty minute time skew is
allowed. Be sure to check all possibilities for time - month/year/day/AM or
PM etc. --- Steve

 

[Peter Skvarka]

Thanks Steve, You saved me...
On one of WXP machines I had set old datetime.
I am very surprissed that ntlmv2 logon depends on it.
Why ntlmv2 depends on datetime ?

Peter

 

[Steven L Umbach]

It is used to prevent "playback" attacks where the attacker does know your
credentials but tries to capture authentication sequences on the network and
then tries to reuse them to gain access to a server/share as you. Kerberos
that is used in an Active Directory domain by default allows only a five
minute time skew. Glad it is working for you now. --- Steve