Symptom
Windows 7 Browser prompts with window for username/password every time when tried to access outside web page through ISA Server.
Does anyone have a hint about this issue ?
Background
Client is the Windows 7 Home, does not join the domain. The company’s proxy, ISA server 2006 was part of one domain. So, when I tried to connect to the ISA proxy it was not possible to be authenticated in it.
I disabled the windows integrated authentication in IE8 and ensure that input the correct credentials for the proxy, but it did not work, a message was shown telling that the proxy authentication failed.
I’ve try all the Windows 7 browsers, for example: IE version 8, FF version 16 and Chrome version 23.
The results of the testing is the same, a message proxy authentication failed.
Troubleshooting and Solution
- Try to check Date and Time, Timezone and recommend to use time server to synchronize your window time with it.
- Try to adjust and add parameters by choosing only 1 method
- Local Security Policy Editor
- Registry Editor
- Restart windows to take effect
Local Security Policy Editor
The Local Security Policy Editor will only be available in the Windows 7 Professional, Ultimate, and Enterpise editions.
You will not have the Local Security Policy Editor available in the Windows 7 Starter and Home Premium editions.
So if your OS is based on Windows 7 Starter or Home Premium editions, try next method below !
- Click Start, then Run (or press [windows button] + [R] on the keyboard)
- Then type “gpedit.msc” , Goto Local Computer Policy → Windows Settings → Security Settings
or shortcut by type “secpol.msc” This should bring up the Security Policy system window. - On the left, select Local Policies → Security Options.
- On the right, scroll down to and double-click on each parameters :
- “Network Security: LAN Manager authentication level” change the setting to “Send LM & NTLM — Use NTLMv2 session security if negotiated”.
- Restart the computer
- If not work try to change more these parameters :
- “Network Security: Allow Local System to use computer identity for NTLM” change the setting to “Enabled”
- “Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients” to “No minimum”
- “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers” to “No minimum”
- Restart the computer again
Registry Editor
- Click Start, then Run (or press [windows button] + [R] on the keyboard)
- Then type “regedit” or “regedt32” and OK, Registry Editor window bring up.
- On the left, Browse and goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Find LmCompatibilityLevel then set the value to 2, If the key does not exist, create a DWORD value named LmCompatibilityLevel and set the value to 2 to use NTLM and NTLMv2 if is negotiated
- If you are System Administrator, you can check which mode is used during authentication.
- Restart Windows to make changes to this entry effective
LmCompatibilityLevel
Specifies the mode of authentication and session security to be used for network logons
Address and Data Type
Address : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Type : REG_DWORD
Possible Value : 0 – 5
Default Value : 0
Table Values
Value | Meaning |
0 | Clients use LM and NTLM authentication, but they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication. |
1 | lients use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. |
2 | Clients use only NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controller accepts LM, NTLM, and NTLMv2 authentication. |
3 | Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. |
4 | Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controller refuses LM authentication responses, but it accepts NTLM and NTLMv2. |
5 | Clients use only NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controller refuses LM and NTLM authentication responses, but it accepts NTLMv2. |
- http://technet.microsoft.com/en-us/library/cc960646.aspx
- The Most Misunderstood Windows Security Setting of All Time