1

I'm having pretty similar problems as described in case 139099, but the fix there doesn't seem to work for me. Here's the details:

Server:

  • Win2003Srv R2 SP2
  • Stadalone, not a member of a domain.
  • IIS6, TCP/443 (https).
  • Anonymous access disabled.
  • Integrated Windows authentication enabled.
  • Local useraccouts
  • Each useraccount has own virtual folder with change access and read access to site root.
  • The 'adsutil NTAuthenticationProviders "NTLM"' -thing set to site root and useraccount's virtual folder (as described in MS KB article 215383).

Client:

  • Win7 Enterprise
  • Member of a AD-Domain
  • IE8
  • Allows three login attepts then fails.
  • Using [webservername]\[username] in the logon window (Windows security)
  • Logon using other browsers (Chrome and Firefox) works OK.

The Web services log shows one 401.2 and two 401.1 events. The Security Event log shows two events, first is Fauilure Audit (680), The second event is Fauilure Audit (529) with these details:

Logon Failure:
Reason:     Unknown user name or bad password
User Name:  [username]
Domain:     [webservername]
Logon Type: 3
Logon Process:  NtLmSsp 
Authentication Package: NTLM
Workstation Name:   [MyWorkstation]
Caller User Name:   -
Caller Domain:  -
Caller Logon ID:    -
Caller Process ID:  -
Transited Services: -
Source Network Address: [999.999.999.999]
Source Port:    20089

Any ideas appreciated.

Community
  • 1
Ciove
  • 211
  • 2
  • 8

4 Answers4

1

The solution is: YOU CANNOT PASTE PASSWORD in WINDOWS 7 and/or IE8. This 'feature' is described e.g. here.

Thank you mikeymousesoft for this.

Well, actually there might be some sense to this. Here is a simple javascript, which reveals password in java-capable browser. However, since the Windows passwords aren't located in the actual browser window, but in a window called 'Windows Security', this script most propably won't apply in this case.

I've thought that copying/pasting passwords is secure because:

  1. It prevents typos,
  2. Keyloggers won't be able to detect the password, since it's not typed.

Many thanks for your assistance.

It took me a week to figure out this. Can I send bill to Bill?

Ciove
  • 211
  • 2
  • 8
0

Logging on using [webservername][username] and Integrated Windows Authentication are mutually exclusive. You should not have Integrated authentication checked if you want to logon by specifying a user account. Integrated Authentication means that IE will use the user's AD credentials to logon to the application.

Greg Askew
  • 39,132
0

Sounds like you're having a problem with "Extended Protection" outlined here. If IIS6 is set to "Negotiate,NTLM" (or nothing) you're likely going to get the 401.2 error using IE8. You can check/set the authentication value by following these instructions.

vinny
  • 456
0

Workaround: How to Copy+Paste passwords in Windows 7 and/or InternetExplorer 8

You can copy and paste passwords in in Win7 and IE8

  1. Mark and copy the password to clipboard with mouse's right-click+Copy function.
  2. Paste the password hitting Ctrl+V -keys.

This solution is described here:
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/80f59d82-84ca-4d87-93d4-dacc61f46a3f

Ciove
  • 211
  • 2
  • 8