IIS6 site using integrated authentication (NTLM) fails when accessed with Win7 / IE8
I'm having pretty similar problems as described in case 139099, but the fix there doesn't seem to work for me. Here's the details:
Server:
- Win2003Srv R2 SP2
- Stadalone, not a member of a domain.
- IIS6, TCP/443 (https).
- Anonymous access disabled.
- Integrated Windows authentication enabled.
- Local useraccouts
- Each useraccount has own virtual folder with change access and read access to site root.
- The 'adsutil NTAuthenticationProviders "NTLM"' -thing set to site root and useraccount's virtual folder (as described in MS KB article 215383).
Client:
- Win7 Enterprise
- Member of a AD-Domain
- IE8
- Allows three login attepts then fails.
- Using [webservername]\[username] in the logon window (Windows security)
- Logon using other browsers (Chrome and Firefox) works OK.
The Web services log shows one 401.2 and two 401.1 events. The Security Event log shows two events, first is Fauilure Audit (680), The second event is Fauilure Audit (529) with these details:
Logon Failure:
Reason: Unknown user name or bad password
User Name: [username]
Domain: [webservername]
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: [MyWorkstation]
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: [999.999.999.999]
Source Port: 20089
Any ideas appreciated.
Solution 1:
The solution is: YOU CANNOT PASTE PASSWORD in WINDOWS 7 and/or IE8. This 'feature' is described e.g. here.
Thank you mikeymousesoft for this.
Well, actually there might be some sense to this. Here is a simple javascript, which reveals password in java-capable browser. However, since the Windows passwords aren't located in the actual browser window, but in a window called 'Windows Security', this script most propably won't apply in this case.
I've thought that copying/pasting passwords is secure because:
- It prevents typos,
- Keyloggers won't be able to detect the password, since it's not typed.
Many thanks for your assistance.
It took me a week to figure out this. Can I send bill to Bill?