NT Authentication failing for some users

Hi

We have a windows 2003 SP1 server running IIS (as a reverse proxy). Our
users access a website using the FQDN of the site, i.e. mysite.myorg.int. We
have added http://*.myorg.int to the trusted sites category in internet
explorer to prevent the NT challenge/response dialog from appearing, i.e.
allow pass through authentication.

The problem is that (for some users), when their password expires (every N
days), they get prompted for a logon by IE when browsing the site (NT
challenge/response). They continue to get prompted until the check the box to
save their new password. The problem then re-occurs in N days.

Why do some of our users need to store their password in IE, while others
have authentication handled for them automatically?

Thanks

Re: NT Authentication failing for some users

They should not have to save their password. Have you checked:
http://support.microsoft.com/?id=258063

Cheers
Ken

"Indigenous" wrote in message
news:DACB4BD5-1454-40BB-8178-D8F058B8A70E@microsoft.com...
> Hi
>
> We have a windows 2003 SP1 server running IIS (as a reverse proxy). Our
> users access a website using the FQDN of the site, i.e. mysite.myorg.int.
> We
> have added http://*.myorg.int to the trusted sites category in internet
> explorer to prevent the NT challenge/response dialog from appearing, i.e.
> allow pass through authentication.
>
> The problem is that (for some users), when their password expires (every N
> days), they get prompted for a logon by IE when browsing the site (NT
> challenge/response). They continue to get prompted until the check the box
> to
> save their new password. The problem then re-occurs in N days.
>
> Why do some of our users need to store their password in IE, while others
> have authentication handled for them automatically?
>
> Thanks
>

Re: NT Authentication failing for some users

Ken

Thanks for this. I have checked all the points in this note and still (for
some users only) they get prompted. They definitely have permissions to the
website because if they put in their NT account and password into the
authentication dialog it works.

I even tried putting the site in the local intranet zone instead of trusted
sites and it still prompted.



"Ken Schaefer" wrote:

> They should not have to save their password. Have you checked:
> http://support.microsoft.com/?id=258063
>
> Cheers
> Ken
>
> "Indigenous" wrote in message
> news:DACB4BD5-1454-40BB-8178-D8F058B8A70E@microsoft.com...
> > Hi
> >
> > We have a windows 2003 SP1 server running IIS (as a reverse proxy). Our
> > users access a website using the FQDN of the site, i.e. mysite.myorg.int.
> > We
> > have added http://*.myorg.int to the trusted sites category in internet
> > explorer to prevent the NT challenge/response dialog from appearing, i.e.
> > allow pass through authentication.
> >
> > The problem is that (for some users), when their password expires (every N
> > days), they get prompted for a logon by IE when browsing the site (NT
> > challenge/response). They continue to get prompted until the check the box
> > to
> > save their new password. The problem then re-occurs in N days.
> >
> > Why do some of our users need to store their password in IE, while others
> > have authentication handled for them automatically?
> >
> > Thanks
> >
>
>

RE: NT Authentication failing for some users

Ken

Following from my previous note, it appears to predominantly affect users
who have previously selected the 'save password' option when prompted for
credentials.

I have tried clicking 'clear passwords' in IE in case the browser is trying
to authenticate using their old nt password stored in IE but that doesn't
help. Do you know where IE stores saved passwords and how we can clear them
out?


"Indigenous" wrote:

> Hi
>
> We have a windows 2003 SP1 server running IIS (as a reverse proxy). Our
> users access a website using the FQDN of the site, i.e. mysite.myorg.int. We
> have added http://*.myorg.int to the trusted sites category in internet
> explorer to prevent the NT challenge/response dialog from appearing, i.e.
> allow pass through authentication.
>
> The problem is that (for some users), when their password expires (every N
> days), they get prompted for a logon by IE when browsing the site (NT
> challenge/response). They continue to get prompted until the check the box to
> save their new password. The problem then re-occurs in N days.
>
> Why do some of our users need to store their password in IE, while others
> have authentication handled for them automatically?
>
> Thanks
>

Re: NT Authentication failing for some users

Hi,

Control Panel -> User Accounts -> Advanced -> Manage Passwords button

The path to get to that setting may be slight different depending on how you
have XP configured (e.g. Classic -vs- XP control panels display)

Cheers
Ken


"Indigenous" wrote in message
news:3B8B9051-B43C-421E-8888-10BF17918736@microsoft.com...
> Ken
>
> Following from my previous note, it appears to predominantly affect users
> who have previously selected the 'save password' option when prompted for
> credentials.
>
> I have tried clicking 'clear passwords' in IE in case the browser is
> trying
> to authenticate using their old nt password stored in IE but that doesn't
> help. Do you know where IE stores saved passwords and how we can clear
> them
> out?
>
>
> "Indigenous" wrote:
>
>> Hi
>>
>> We have a windows 2003 SP1 server running IIS (as a reverse proxy). Our
>> users access a website using the FQDN of the site, i.e. mysite.myorg.int.
>> We
>> have added http://*.myorg.int to the trusted sites category in internet
>> explorer to prevent the NT challenge/response dialog from appearing, i.e.
>> allow pass through authentication.
>>
>> The problem is that (for some users), when their password expires (every
>> N
>> days), they get prompted for a logon by IE when browsing the site (NT
>> challenge/response). They continue to get prompted until the check the
>> box to
>> save their new password. The problem then re-occurs in N days.
>>
>> Why do some of our users need to store their password in IE, while others
>> have authentication handled for them automatically?
>>
>> Thanks
>>