Other Software > Developer's Corner
Kerberos and VMs and NLB
Stoic Joker:
What was the 401 sub status code - 401.? if any?
I could be totally out in the weeds here, but I just ran into a rather annoy authentication issue with a RemoteApp server that was refusing to authenticate anything from the outside. After some digging I ran across the EnforceChannelBinding registry setting which - when set on the target IIS8 server - got things going finally. The article snippet I put in my notes is below.
External RDP Logon Failures: Audit Failure Event 4625 – Status Code: 0x000035B
Resolution Options:
Method 1:
Adjust the LmCompatibility registry value not to force NTLMv1 by setting it to a value of 3 or larger.
For more information about the LmCompatibility registry value, see included file: LmCompatibilityLevel.pdf
Method 2 (Currently Used in Lab Configuration):
Set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server. To do this, locate the following registry subkey, and use the given specifications:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core
Type: REG_DWORD
Name: EnforceChannelBinding
Value: 0 (Decimal)
Note: By default, the EnforceChannelBinding value does not exist on the Gateway server. You must create this value.
--- End quote ---
Are there any corresponding entries in the event logs of any of the systems crossed that may shed some light on who is dropping the ball why?
wraith808:
Thanks for that SJ! I'll check that on Monday- I'd not heard any of that before. I'll also check the 401 - I think it was just a plain 401 still, which has been the problem from the beginning- no context. I was able to get past all of the others with that setup... but it's been a pain without context. The wireshark even returned just a 401, but I was able to get it from the Event logs.
Navigation
[0] Message Index
[*] Previous page
Go to full version