NTLM

[news.starhub.com.sg]

Hi All,

It seems that I have a problem with NTLM in my Windows 2003. I tried to
access a program located in Windows 2003 server using my Win2K Professional.
When I tried to log into the application, it says "Access is Denied".

In the Event Log, I found this error,

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 30-Dec-03
Time: 2:58:53 PM
User: NT AUTHORITY\SYSTEM
Computer: OSAN
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: wyc
Domain: AAF
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: HELP
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: xx.xxx.xxx.xx
Source Port: 1496

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I search for help in both MSKB and Windows 2003 Help file. In Windows 2003
server, I found this article,

"You can configure this security setting by opening the appropriate policy
and expanding the console tree as such: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\"

May I know where can I find it? Also, does anyone has experience this
before?

Thanks in advance.

 

[Karin Galli [MS]]

This article may be helpful:

289243 MS02-001: Forged SID Could Result in Elevated Privileges in Windows
2000
http://support.microsoft.com/?id=289243

Also, if you have trust with an NT domain and W2K machines are on this
domain, check that the W2K stations have synchronized the time with the W2K
domain.

--
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Citimouse]

Hi,

Thanks for your reply. But the Win2K professional has been patch with the
latest Service Pack and all security hotfixes.

Any other ideas that I can try?

Thanks.

 

[Citimouse]

By the way, this happens when the client is XP too. Our DC is Windows 2000
SP2 and remember the server that is hosting the application is Windows 2003.

Thanks.

 

[Drew Cooper [MSFT]]

Um . . . I'm not an authentication expert, but this sounds like it might be
that NTLM doesn't do double-hop auth. If it's you own in-house app, the
solution is to use kerberos and delegation. I don't know what
kb/whitepapers cover this, but there ought to be good enough search terms in
those previous 2 sentences for you to find a good explanation with your
favorite search engine.


If that's not it, I'd start sniffing the network traffic.

(btw: The path you asked about in your first post looks like it was from the
group policy snapin in mmc.)