+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 Thread, Terminal Server 2008 NTLMV2 issues! in Technical; ...
  1. #1

    Join Date
    Apr 2007
    Posts
    22
    Thank Post
    0
    Thanked 6 Times in 3 Posts
    Rep Power
    17

    Terminal Server 2008 NTLMV2 issues!

    Hey All,

    Just polishing off my Terminal Server 2008 setup and have left this issue to last...

    I'm trying to get my clients to use NTLMV2 to authenticate, however they seem to be only authenticating to the Gateway using NTLMV1...

    I have setup the computer I'm using to test the RDP connection to use Security Policy: Send NTLMv2 response only/refuse LM and NTLM

    However it seems to be only Authenticating Using NTLM... so I went onto the Terminal Server and setup a Network Policy Constraint to use Authentication Methods of (MS-CHAP-V2) rather then Allow Clients to connect without negotiating an authentication method.

    However when I do this I get the following error:

    The user "domain\testuser", on client computer "10.1.1.40", did not meet connection authorization policy requirements and was therefore not authorized to access the TS Gateway server. The following authentication method was attempted: "NTLM". The following error occurred: "23003".

    Currently a user will go to the gateway, which will then authorise the user to access the terminal server. The gateway checks the users details using a radius server, then the network policy is applied... and then the user is logged on… (At the moment only using NTLMV1 )

    Any Ideas…?

    DK

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    To 'require' NTLMv2 means you must also 'require' 128-bit encyption. If you do not do both of these, than NTLM will be negotiated instead.

  3. #3

    Join Date
    Apr 2007
    Posts
    22
    Thank Post
    0
    Thanked 6 Times in 3 Posts
    Rep Power
    17
    Quote Originally Posted by Geoff View Post
    To 'require' NTLMv2 means you must also 'require' 128-bit encyption. If you do not do both of these, than NTLM will be negotiated instead.
    Here comes the noob question....

    Any ideas where I would specify this on the Gateway Policy? I have specified the 128bit Encryption on the network policy... but this negotiates the use of NTLMV1 not V2.

    I suspect that I am authenticating to the gateway using NTLM... which is causing the issue... but I can't see where I can specify which sort of connection to negotiate using NTLMV2.

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    I believe you must enforce it in the connection authorization policy.



SHARE:
+ Post New Thread

Similar Threads

  1. Windows 2008 Terminal Services Seamless client & Lock Down
    By benIT in forum Windows Server 2008
    Replies: 5
    Last Post: 15th April 2008, 11:39 PM
  2. 2008 Terminal Services
    By cookie_monster in forum Windows Server 2008
    Replies: 10
    Last Post: 15th April 2008, 05:01 PM
  3. Windows Server 2000 DC to Server 2008 DC
    By ZeroHour in forum Windows Server 2008
    Replies: 9
    Last Post: 25th March 2008, 11:57 PM
  4. Eclipse.Net 31/01/2008 Release issues
    By Nexus-6 in forum Educational Software
    Replies: 6
    Last Post: 4th February 2008, 07:54 PM
  5. Terminal Server
    By wesleyw in forum Thin Client and Virtual Machines
    Replies: 8
    Last Post: 26th February 2007, 02:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •