FIX: COM+ 1.0 Catalog Requires NTLM-based Authentication (275482)


The information in this article applies to:

  • Microsoft COM+ 1.0
This article was previously published under Q275482

SYMPTOMS

If NTLM-based authentication is disabled on the Domain Controller (for instance, to create a more secure environment on Microsoft Windows 2000 domains), you cannot set the identity of a COM+ application to a particular user.

CAUSE

The COM+ Catalog uses NTLM authentication to verify the user name and password that you specify to set the RunAs identity of a COM+ application.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

MORE INFORMATION

Steps to Reproduce Behavior:

  1. In the DC Group Policy editor, set the LAN Manager Authentication level to Send NTLMV2 response only \refuse LM and NTLM.
  2. Create a COM+ application on the member workstation or server, and set the identity to a valid domain user.
  3. The following information appears in the security log:
    Reason: Unknown user name or bad password
    User Name: SomeUser
    Domain: SomeDomain
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name: SomeWorkstation
    In addition, a message box states that the user name and password are incorrect.
Modification Type:MajorLast Reviewed:2/21/2002
Keywords:kbbug kbDSupport kbSecurity kbSysAdmin kbWin2000PreSP2Fix kbWin2000SP2Fix KB275482
©2002 Microsoft Corporation. All rights reserved.