Skip navigation

JSI Tip 5068. After you upgrade to IE 6.0 on Windows 2000, you are unable to negotiate Kerberos authentication?

Internet Explorer 6.0 does NOT respond to a negotiate challenge and defaults to NTLM or Windows NT Challenge/Response.

You can force Internet Explorer 6.0 to respond to a negotiate challenge and perform Kerberos authentication:

1. Open a single instance of Internet Explorer.

2. Press Internet Options on the Tools menu.

3. Select the Advanced tab.

4. Under the Security icon, select the Enable Integrated Windows Authentication (requires restart) box and press Apply and OK.

5. Exit Internet Explorer.

NOTE: If you need to do this on multiple clients, use Workstation.bat to run IEKerberos.bat:

@echo on
if /i "%OS%" NEQ "Windows_NT" goto :EOF
for /f "Tokens=3" %%v in ('ver') do if "%%v" NEQ "2000" goto :EOF
@echo REGEDIT4>"%TEMP%\IEKerberos.reg"
@echo \[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\]>>"%TEMP%\IEKerberos.reg"
@echo "EnableNegotiate"=dword:00000001>>"%TEMP%\IEKerberos.reg"
regedit /s "%TEMP%\IEKerberos.reg"
del /q "%TEMP%\IEKerberos.reg"

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.