ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Other Software > Developer's Corner

Kerberos and VMs and NLB

<< < (2/2)

Stoic Joker:
What was the 401 sub status code - 401.? if any?

I could be totally out in the weeds here, but I just ran into a rather annoy authentication issue with a RemoteApp server that was refusing to authenticate anything from the outside. After some digging I ran across the EnforceChannelBinding registry setting which - when set on the target IIS8 server -  got things going finally. The article snippet I put in my notes is below.

External RDP Logon Failures: Audit Failure Event 4625 – Status Code: 0x000035B
Resolution Options:
Method 1:
Adjust the LmCompatibility registry value not to force NTLMv1 by setting it to a value of 3 or larger.
For more information about the LmCompatibility registry value, see included file: LmCompatibilityLevel.pdf
Method 2 (Currently Used in Lab Configuration):
Set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server. To do this, locate the following registry subkey, and use the given specifications:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core
Name: EnforceChannelBinding
Value: 0 (Decimal)
Note: By default, the EnforceChannelBinding value does not exist on the Gateway server. You must create this value.

--- End quote ---

Are there any corresponding entries in the event logs of any of the systems crossed that may shed some light on who is dropping the ball why?

Thanks for that SJ!  I'll check that on Monday- I'd not heard any of that before.  I'll also check the 401 - I think it was just a plain 401 still, which has been the problem from the beginning- no context.  I was able to get past all of the others with that setup... but it's been a pain without context.  The wireshark even returned just a 401, but I was able to get it from the Event logs.


[0] Message Index

[*] Previous page

Go to full version