Hi all,

I've just deployed a new IIS6 web server.  All of my XP-using clients are
fine, but the Windows 2000 clients get a 500 error as soon as they try to
connect & authenticate which turns out to be "the function requested is not
supported"

I found http://www.msmcse.ms/archive/index.php/t-635508.html which got me
99% of the way there.  If I change the security policy on the client, they
can get in.  However, we can't insist that everyone using our website change
their security, so we need to change the policy on the server instead, and
it's not working.

The server was originally set to:
Windows Settings / Security Settings / Local Policies / Security Options
- Network security: LAN Manager authentication level
- originally set to "Send NTLMv2 response only\refuse LM"
- Network security: Minimum session security for NTLM SSP based (including
secure RPC) clients
- originally all four options checked

The client was originally set to:
- LAN Manager authentication level
- originally set to "Send  LM & NTLM responses"

If I change the client to "Send LM & NTLM - use NTLMv2 session security if
negotiated" it works.  However, as I stated above, I don't want to change
the client, I want to change the server.

I've tried every combination I can think of on the server.  I've set it to
"Send LM & NTLM - use NTLMv2 session security if negotiated" and to "Send
LM & NTLM responses" and turned off all four checkboxes so it says "no
minimum security" but it doesn't help.

I've tried restarting the web site service, but have not rebooted.  On the
client the change took effect immediately so I imagine it should on the
server as well.

Can anyone suggest what I'm missing?  I've searched technet and not found
anything helpful.  From what I have found, the changes I made *should* have
worked.

Thank you very much,

Beverley

[ Post a follow-up to this message ]

Update:

I have now rebooted, and that didn't help either.  But in a scary side note,
I no longer can get into the group policy key on the server to make changes.

Oh and I fixed my display name in here ;)

Beverley

"news.microsoft.com" <ali_webitems@hotmail.com> wrote in message
news:%231BgbRmUFHA.3584@TK2MSFTNGP14.phx.gbl...

> I've tried every combination I can think of on the server.  I've set it to
> "Send LM & NTLM - use NTLMv2 session security if negotiated" and to "Send
> LM & NTLM responses" and turned off all four checkboxes so it says "no
> minimum security" but it doesn't help.
>
> I've tried restarting the web site service, but have not rebooted.  On the
> client the change took effect immediately so I imagine it should on the
> server as well.
>
> Can anyone suggest what I'm missing?  I've searched technet and not found
> anything helpful.  From what I have found, the changes I made *should*
have
> worked.
>
> Thank you very much,
>
> Beverley
>
>

[ Post a follow-up to this message ]

Hi

Those settings do not affect HTTP based authentication (for example, LANMAN
is never used when authenticating between browser and IIS). They are for
things like SMB, NetBIOS etc.

You say you are getting a 500 error (Internal Server Error). In your copy of
Internet Explorer, please goto Tools -> Internet Options -> Advanced, and
uncheck "Show Friendly HTTP Errors", and reload the page. Post the full
error message you see now.

Cheer
sKen

--
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com


"news.microsoft.com" <ali_webitems@hotmail.com> wrote in message
news:%231BgbRmUFHA.3584@TK2MSFTNGP14.phx.gbl...
: Hi all,
:
: I've just deployed a new IIS6 web server.  All of my XP-using clients are
: fine, but the Windows 2000 clients get a 500 error as soon as they try to
: connect & authenticate which turns out to be "the function requested is
not
: supported"
:
: I found http://www.msmcse.ms/archive/index.php/t-635508.html which got
me
: 99% of the way there.  If I change the security policy on the client, they
: can get in.  However, we can't insist that everyone using our website
change
: their security, so we need to change the policy on the server instead, and
: it's not working.
:
: The server was originally set to:
: Windows Settings / Security Settings / Local Policies / Security Options
: - Network security: LAN Manager authentication level
: - originally set to "Send NTLMv2 response only\refuse LM"
: - Network security: Minimum session security for NTLM SSP based (including
: secure RPC) clients
: - originally all four options checked
:
: The client was originally set to:
: - LAN Manager authentication level
: - originally set to "Send  LM & NTLM responses"
:
: If I change the client to "Send LM & NTLM - use NTLMv2 session security if
: negotiated" it works.  However, as I stated above, I don't want to change
: the client, I want to change the server.
:
: I've tried every combination I can think of on the server.  I've set it to
: "Send LM & NTLM - use NTLMv2 session security if negotiated" and to "Send
: LM & NTLM responses" and turned off all four checkboxes so it says "no
: minimum security" but it doesn't help.
:
: I've tried restarting the web site service, but have not rebooted.  On the
: client the change took effect immediately so I imagine it should on the
: server as well.
:
: Can anyone suggest what I'm missing?  I've searched technet and not found
: anything helpful.  From what I have found, the changes I made *should*
have
: worked.
:
: Thank you very much,
:
: Beverley
:
:

[ Post a follow-up to this message ]

Hi, please see below!  I gave the "unfriendly" message in my original post,
and in the subject line, actually.

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:OkjhkrwUFHA.3188@TK2MSFTNGP09.phx.gbl...
> Hi
>
> Those settings do not affect HTTP based authentication (for example,
LANMAN
> is never used when authenticating between browser and IIS). They are for
> things like SMB, NetBIOS etc.
>
> You say you are getting a 500 error (Internal Server Error). In your copy
of
> Internet Explorer, please goto Tools -> Internet Options -> Advanced, and
> uncheck "Show Friendly HTTP Errors", and reload the page. Post the full
> error message you see now.
>
> Cheer
> sKen
>
> --
> Blog: www.adopenstatic.com/cs/blogs/ken/
> Web: www.adopenstatic.com
>
>
> "news.microsoft.com" <ali_webitems@hotmail.com> wrote in message
> news:%231BgbRmUFHA.3584@TK2MSFTNGP14.phx.gbl...
> : Hi all,
> :
> : I've just deployed a new IIS6 web server.  All of my XP-using clients
are
> : fine, but the Windows 2000 clients get a 500 error as soon as they try
to
> : connect & authenticate which turns out to be "the function requested is
> not
> : supported"

[ Post a follow-up to this message ]

For the record, we "solved" this by reformatting the server.... 
 
> are 
> to 
is[vbcol=seagreen] 
>
>

[ Post a follow-up to this message ]