JSI Tip 10303. You are prompted for credentials when you browse a virtual Network Load Balancing cluster name that runs on Windows Server 2003 SP1?

When you attempt to browse the virtual NLB cluster name that runs on Windows Server 2003 Service Pack 1, you are prompted for credentials. Once you enter them, you can access all shares.

This behavior occurs because a new security feature removes the last available authentication mechanism in NLB Manager to prevent Man-In-The-Middle (MITM) attacks on NTLM.

To workaround this behavior, you can create the Local Security Authority host names that can be referenced in an NTLM authentication request, or you can disable the authentication loopback check.

To create the LSA host names:

1. Open a CMD.EXE window.

2. Type the following command and press Enter:

REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 /V BackConnectionHostNames /T REG_MULTI_SZ /F /D "NLBClusterHostName"

Where NLBClusterHostName is the host name that is used for the NLB cluster.

3. Shutdown and restart your server.

To disable the authentication loopback check:

1. Open a CMD.EXE window.

2. Type the following command and press Enter:

REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Lsa /V DisableLoopbackCheck /T REG_DWORD /F /D 1

3. Shutdown and restart your server.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish