Microsoft KB Archive/275482

= FIX: COM+ 1.0 Catalog Requires NTLM-based Authentication =

Article ID: 275482

Article Last Modified on 2/21/2002

-

APPLIES TO


 * Microsoft COM+ 1.0

-



This article was previously published under Q275482



SYMPTOMS
If NTLM-based authentication is disabled on the Domain Controller (for instance, to create a more secure environment on Microsoft Windows 2000 domains), you cannot set the identity of a COM+ application to a particular user.



CAUSE
The COM+ Catalog uses NTLM authentication to verify the user name and password that you specify to set the RunAs identity of a COM+ application.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.



Steps to Reproduce Behavior:
 In the DC Group Policy editor, set the LAN Manager Authentication level to Send NTLMV2 response only \refuse LM and NTLM. Create a COM+ application on the member workstation or server, and set the identity to a valid domain user. The following information appears in the security log:

Reason: Unknown user name or bad password

User Name: SomeUser

Domain: SomeDomain

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Workstation Name: SomeWorkstation

In addition, a message box states that the user name and password are incorrect.

Keywords: kbbug kbfix kbwin2000presp2fix kbsysadmin kbsecurity KB275482

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.