JSI Tip 10303. You are prompted for credentials when you browse a virtual Network Load Balancing cluster name that runs on Windows Server 2003 SP1?
March 21, 2006
When you attempt to browse the virtual NLB cluster name that runs on Windows Server 2003 Service Pack 1, you are prompted for credentials. Once you enter them, you can access all shares.
This behavior occurs because a new security feature removes the last available authentication mechanism in NLB Manager to prevent Man-In-The-Middle (MITM) attacks on NTLM.
To workaround this behavior, you can create the Local Security Authority host names that can be referenced in an NTLM authentication request, or you can disable the authentication loopback check.
To create the LSA host names:
1. Open a CMD.EXE window.
2. Type the following command and press Enter:
REG ADD HKLMSYSTEMCurrentControlSetControlLsaMSV1_0 /V BackConnectionHostNames /T REG_MULTI_SZ /F /D "NLBClusterHostName"
Where NLBClusterHostName is the host name that is used for the NLB cluster.
3. Shutdown and restart your server.
To disable the authentication loopback check:
1. Open a CMD.EXE window.
2. Type the following command and press Enter:
REG ADD HKLMSYSTEMCurrentControlSetControlLsa /V DisableLoopbackCheck /T REG_DWORD /F /D 1
3. Shutdown and restart your server.
About the Author
You May Also Like