Other Software > Developer's Corner

Kerberos and VMs and NLB

<< < (2/2)

Stoic Joker:
What was the 401 sub status code - 401.? if any?

I could be totally out in the weeds here, but I just ran into a rather annoy authentication issue with a RemoteApp server that was refusing to authenticate anything from the outside. After some digging I ran across the EnforceChannelBinding registry setting which - when set on the target IIS8 server -  got things going finally. The article snippet I put in my notes is below.

External RDP Logon Failures: Audit Failure Event 4625 – Status Code: 0x000035B
Resolution Options:
Method 1:
Adjust the LmCompatibility registry value not to force NTLMv1 by setting it to a value of 3 or larger.
For more information about the LmCompatibility registry value, see included file: LmCompatibilityLevel.pdf
Method 2 (Currently Used in Lab Configuration):
Set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server. To do this, locate the following registry subkey, and use the given specifications:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core
Type: REG_DWORD
Name: EnforceChannelBinding
Value: 0 (Decimal)
Note: By default, the EnforceChannelBinding value does not exist on the Gateway server. You must create this value.

--- End quote ---

Are there any corresponding entries in the event logs of any of the systems crossed that may shed some light on who is dropping the ball why?

wraith808:
Thanks for that SJ!  I'll check that on Monday- I'd not heard any of that before.  I'll also check the 401 - I think it was just a plain 401 still, which has been the problem from the beginning- no context.  I was able to get past all of the others with that setup... but it's been a pain without context.  The wireshark even returned just a 401, but I was able to get it from the Event logs.

Navigation

[0] Message Index

[*] Previous page