10-17-2012 10:48 PM - edited 03-17-2019 11:59 PM
All,
Apologies if this has already been asked (and answered), but I have been struggling with finding information regarding TMS 13.2.1 and NTLMv2.
We are currently using TMS 13.1.2 with IE7 (I know!) on XP, and have no problems. However, we are trialling a Windows 7 VDI environment and have had issues with accessing CCC from IE9. After reading this thread: https://supportforums.cisco.com/thread/2094180, I changed the Network Security: LAN Manager authentication level to "Send LM & NTLM - use NTLMv2 session security if negotiated" and CCC worked perfectly. The problem I have that due to security reasons, we cannot have this set permanently.
Reading the release notes for 13.2.1, I was unable to determine whether NTLMv2 is in fact supported. Can anyone help with with an answer to this?
Cheers,
Luke
10-18-2012 12:44 PM
Hi Luke,
It is but this may be more of Windows Server question than a TMS one actually, with a 'twist' of java since this is what the CCC is developed in, i.e. more on that later. In fact, locking NTLMv1 out of the server was part of MS's security practices back in the Windows Server 2003 days, i.e. it was a part fo Win 2003 SP1 and newer installations by default. This setting in the local security was left for compatibiility reasons.Our own former TMS Appliance (now EOS/EOL) and which ran Windows Server 2003, we applied this NTLMv2 required setting as part of security lockdown on that box - because it's what MS recommended for hardening your servers.
And actually making the setting change you did on the client side (LmCompatibilityLevel value of 1), this will use NTLMv2 session security, if negotiated. Clients use LM and NTLM authentication, and then use NTLMv2 session security if the server supports it.
Anyway, enough of the history lesson and back to the problem What I think the problem may be is more of a Java authentication issue within the VDI environment. But just a few questions:
- What setting did you change the LAN Manager authentication level from, i.e. assuming it was default 0?
- What Server version is the TMS installed to?
- What Java client version do you have installed?
- Is the user logging into TMS and the virtual desktop in the same domain as the TMS server?
And keep in mind, your in a bit of unchartered territory with regards to VDI environments and TMS
rgds,
Dale
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide