Microsoft KB Archive/296688

= Problems with User IDs and Passwords Containing Special Characters with Windows NT Challenge/Response Authentication =

Article ID: 296688

Article Last Modified on 5/8/2003

-

APPLIES TO

 Microsoft Internet Explorer 4.0 128-Bit Edition, when used with:  Microsoft Windows 2000 Standard Edition

 Microsoft Windows 98 Standard Edition  Microsoft Internet Explorer 4.01 Service Pack 2, when used with:  Microsoft Windows 2000 Standard Edition

 Microsoft Windows 98 Standard Edition</li></ul> </li> Microsoft Internet Explorer 4.01 Service Pack 1, when used with:  Microsoft Windows 2000 Standard Edition</li></ul>

 Microsoft Windows 98 Standard Edition</li></ul> </li> Microsoft Internet Explorer 4.01 Service Pack 2, when used with:  Microsoft Windows 2000 Standard Edition</li></ul>

 Microsoft Windows 98 Standard Edition</li></ul> </li> Microsoft Internet Explorer 5.0, when used with:  Microsoft Windows 2000 Standard Edition</li></ul>

 <li>Microsoft Windows 98 Standard Edition</li></ul> </li> <li>Microsoft Internet Explorer 5.01, when used with: <ul> <li>Microsoft Windows 2000 Standard Edition</li></ul>

<ul> <li>Microsoft Windows 98 Standard Edition</li></ul> </li> <li>Microsoft Internet Explorer (Programming) 5.01 SP1, when used with: <ul> <li>Microsoft Windows 2000 Standard Edition</li></ul>

<ul> <li>Microsoft Windows 98 Standard Edition</li></ul> </li></ul>

-

<div class="notice_section">

This article was previously published under Q296688

<div class="symptoms_section">

SYMPTOMS
If a user is prompted for his or her credentials from a Web server that supports Windows NT Challenge/Response authentication, a dialog box with three input lines (for the user ID, password, and domain) is presented to the user. If the user ID, password, or domain entry contains a special character with a code point outside of the range from 32 to 126, the user's account is not granted access to the resource. If the password contains the special character, domain policies may force the account to be locked out after multiple retries.

<div class="cause_section">

CAUSE
The input fields in Internet Explorer are interpreted as ASCII input fields. Input that is entered by using the keyboard is encoded with the ANSI code page. The domain controller detects that an incorrect user ID or password has been typed because the character mapping between ASCII and ANSI is different for multiple characters (including language-specific special characters such as the German umlaut character).

Only characters that are identical in ASCII and ANSI are treated correctly. These characters have the same mapping in ANSI and ASCII:

<pre class="fixed_text">!&quot;#$%&'*+,-./ 0123456789:;<=>? @ABCDEFGHIJKLMNO PQRSTUVWXYZ[\]^

<div class="workaround_section">

WORKAROUND
To work around this issue, use either of the following methods:
 * Allow only characters in the upper table to be used for the user ID and password.
 * Use Basic authentication.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbenv kbprb KB296688

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.