Article ID: 275482
Article Last Modified on 2/21/2002
APPLIES TO
- Microsoft COM+ 1.0
This article was previously published under Q275482
SYMPTOMS
If NTLM-based authentication is disabled on the Domain Controller (for instance, to create a more secure environment on Microsoft Windows 2000 domains), you cannot set the identity of a COM+ application to a particular user.
CAUSE
The COM+ Catalog uses NTLM authentication to verify the user name and password that you specify to set the RunAs identity of a COM+ application.
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.
MORE INFORMATION
Steps to Reproduce Behavior:
- In the DC Group Policy editor, set the LAN Manager Authentication level to Send NTLMV2 response only \refuse LM and NTLM.
- Create a COM+ application on the member workstation or server, and set the identity to a valid domain user.
- The following information appears in the security log: In addition, a message box states that the user name and password are incorrect.
Keywords: kbbug kbfix kbwin2000presp2fix kbsysadmin kbsecurity KB275482
