|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
"the function requested is not supported" on IIS6 with Win2K clientI've just deployed a new IIS6 web server. All of my XP-using clients are fine, but the Windows 2000 clients get a 500 error as soon as they try to connect & authenticate which turns out to be "the function requested is not supported" I found http://www.msusenet.com/archive/index.php/t-635508.html which got me 99% of the way there. If I change the security policy on the client, they can get in. However, we can't insist that everyone using our website change their security, so we need to change the policy on the server instead, and it's not working. The server was originally set to: Windows Settings / Security Settings / Local Policies / Security Options - Network security: LAN Manager authentication level - originally set to "Send NTLMv2 response only\refuse LM" - Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - originally all four options checked The client was originally set to: - LAN Manager authentication level - originally set to "Send LM & NTLM responses" If I change the client to "Send LM & NTLM - use NTLMv2 session security if negotiated" it works. However, as I stated above, I don't want to change the client, I want to change the server. I've tried every combination I can think of on the server. I've set it to "Send LM & NTLM - use NTLMv2 session security if negotiated" and to "Send LM & NTLM responses" and turned off all four checkboxes so it says "no minimum security" but it doesn't help. I've tried restarting the web site service, but have not rebooted. On the client the change took effect immediately so I imagine it should on the server as well. Can anyone suggest what I'm missing? I've searched TechNet and not found anything helpful. From what I have found, the changes I made *should* have worked. Thank you very much, Beverley Update:
I have now rebooted, and that didn't help either. But in a scary side note, I no longer can get into the group policy key on the server to make changes. Oh and I fixed my display name in here ;) Beverley Show quoteHide quote "news.microsoft.com" <ali_webit***@hotmail.com> wrote in message news:%231BgbRmUFHA.3584@TK2MSFTNGP14.phx.gbl... > I've tried every combination I can think of on the server. I've set it to > "Send LM & NTLM - use NTLMv2 session security if negotiated" and to "Send > LM & NTLM responses" and turned off all four checkboxes so it says "no > minimum security" but it doesn't help. > > I've tried restarting the web site service, but have not rebooted. On the > client the change took effect immediately so I imagine it should on the > server as well. > > Can anyone suggest what I'm missing? I've searched TechNet and not found > anything helpful. From what I have found, the changes I made *should* have > worked. > > Thank you very much, > > Beverley > > Hi
Those settings do not affect HTTP based authentication (for example, LANMAN is never used when authenticating between browser and IIS). They are for things like SMB, NetBIOS etc. You say you are getting a 500 error (Internal Server Error). In your copy of Internet Explorer, please goto Tools -> Internet Options -> Advanced, and uncheck "Show Friendly HTTP Errors", and reload the page. Post the full error message you see now. Cheer sKen Show quoteHide quote "news.microsoft.com" <ali_webit***@hotmail.com> wrote in message news:%231BgbRmUFHA.3584@TK2MSFTNGP14.phx.gbl... : Hi all, : : I've just deployed a new IIS6 web server. All of my XP-using clients are : fine, but the Windows 2000 clients get a 500 error as soon as they try to : connect & authenticate which turns out to be "the function requested is not : supported" : : I found http://www.msusenet.com/archive/index.php/t-635508.html which got me : 99% of the way there. If I change the security policy on the client, they : can get in. However, we can't insist that everyone using our website change : their security, so we need to change the policy on the server instead, and : it's not working. : : The server was originally set to: : Windows Settings / Security Settings / Local Policies / Security Options : - Network security: LAN Manager authentication level : - originally set to "Send NTLMv2 response only\refuse LM" : - Network security: Minimum session security for NTLM SSP based (including : secure RPC) clients : - originally all four options checked : : The client was originally set to: : - LAN Manager authentication level : - originally set to "Send LM & NTLM responses" : : If I change the client to "Send LM & NTLM - use NTLMv2 session security if : negotiated" it works. However, as I stated above, I don't want to change : the client, I want to change the server. : : I've tried every combination I can think of on the server. I've set it to : "Send LM & NTLM - use NTLMv2 session security if negotiated" and to "Send : LM & NTLM responses" and turned off all four checkboxes so it says "no : minimum security" but it doesn't help. : : I've tried restarting the web site service, but have not rebooted. On the : client the change took effect immediately so I imagine it should on the : server as well. : : Can anyone suggest what I'm missing? I've searched TechNet and not found : anything helpful. From what I have found, the changes I made *should* have : worked. : : Thank you very much, : : Beverley : : Hi, please see below! I gave the "unfriendly" message in my original post,
and in the subject line, actually. Show quoteHide quote "Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message news:OkjhkrwUFHA.3188@TK2MSFTNGP09.phx.gbl... > Hi > > Those settings do not affect HTTP based authentication (for example, LANMAN > is never used when authenticating between browser and IIS). They are for > things like SMB, NetBIOS etc. > > You say you are getting a 500 error (Internal Server Error). In your copy of > Internet Explorer, please goto Tools -> Internet Options -> Advanced, and > uncheck "Show Friendly HTTP Errors", and reload the page. Post the full > error message you see now. > > Cheer > sKen > > -- > Blog: www.adopenstatic.com/cs/blogs/ken/ > Web: www.adopenstatic.com > > > "news.microsoft.com" <ali_webit***@hotmail.com> wrote in message > news:%231BgbRmUFHA.3584@TK2MSFTNGP14.phx.gbl... > : Hi all, > : > : I've just deployed a new IIS6 web server. All of my XP-using clients are > : fine, but the Windows 2000 clients get a 500 error as soon as they try to > : connect & authenticate which turns out to be "the function requested is > not > : supported" For the record, we "solved" this by reformatting the server.... :(
Show quoteHide quote > > : I've just deployed a new IIS6 web server. All of my XP-using clients > are > > : fine, but the Windows 2000 clients get a 500 error as soon as they try > to > > : connect & authenticate which turns out to be "the function requested is > > not > > : supported" > > 
Other interesting topics
Please help, directory level protection needed.
IIS6 ASP Crystal DLL Client Permissions required for Integrated Authentication? ASP.NET, IIS 6 Integrated Win Authentication, Domain usage Multiple SSL identities on the same E3K front end server Unable to set up client certificate, error 403.7 HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Digest authentication why request for cmd.exe had passed UrlScan.dll? Why rename the IUSR account? Selfssl.exe for multiple vhosts |
|||||||||||||||||||||||
