Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
894
Views
0
Helpful
1
Replies

TMS 13.2.1 in Windows 7 - NTLMv2

luke.bayliss
Level 1
Level 1

‎10-17-2012 10:48 PM - edited ‎03-17-2019 11:59 PM

All,

Apologies if this has already been asked (and answered), but I have been struggling with finding information regarding TMS 13.2.1 and NTLMv2.

We are currently using TMS 13.1.2 with IE7 (I know!) on XP, and have no problems. However, we are trialling a Windows 7 VDI environment and have had issues with accessing CCC from IE9. After reading this thread: https://supportforums.cisco.com/thread/2094180, I changed the Network Security: LAN Manager authentication level to "Send LM & NTLM - use NTLMv2 session security if negotiated" and CCC worked perfectly. The problem I have that due to security reasons, we cannot have this set permanently.

Reading the release notes for 13.2.1, I was unable to determine whether NTLMv2 is in fact supported. Can anyone help with with an answer to this?

Cheers,

Luke

Labels:
0 Helpful
1 Reply 1

daleritc
Cisco Employee
Cisco Employee

‎10-18-2012 12:44 PM

Hi Luke,

It is but this may be more of Windows Server question than a TMS one actually, with a 'twist' of java since this is what the CCC is developed in, i.e. more on that later. In fact, locking NTLMv1 out of the server was part of MS's security practices back in the Windows Server 2003 days, i.e. it was a part fo Win 2003 SP1 and newer installations by default. This setting in the local security was left for compatibiility reasons.Our own former TMS Appliance (now EOS/EOL) and which ran Windows Server 2003, we applied this NTLMv2 required setting as part of security lockdown on that box - because it's what MS recommended for hardening your servers.

And actually making the setting change you did on the client side (LmCompatibilityLevel value of 1), this will use NTLMv2 session security, if negotiated. Clients use LM and NTLM  authentication, and then use NTLMv2 session security if the server supports  it.

Anyway, enough of the history lesson and back to the problem What I think the problem may be is more of a Java authentication issue within the VDI environment. But just a few questions:

- What setting did you change the LAN Manager authentication level from, i.e. assuming it was default 0?

- What Server version is the TMS installed to?

- What Java client version do you have installed?

- Is the user logging into TMS and the virtual desktop in the same domain as the TMS server?

And keep in mind, your in a bit of unchartered territory with regards to VDI environments and TMS

rgds,

Dale

0 Helpful
Customers Also Viewed These Support Documents