FIX: COM+ 1.0 Catalog Requires NTLM-based Authentication

Article translations Article translations
Article ID: 275482 - View products that this article applies to.
This article was previously published under Q275482
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page


If NTLM-based authentication is disabled on the Domain Controller (for instance, to create a more secure environment on Microsoft Windows 2000 domains), you cannot set the identity of a COM+ application to a particular user.


The COM+ Catalog uses NTLM authentication to verify the user name and password that you specify to set the RunAs identity of a COM+ application.


To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.


Steps to Reproduce Behavior:

  1. In the DC Group Policy editor, set the LAN Manager Authentication level to Send NTLMV2 response only \refuse LM and NTLM.
  2. Create a COM+ application on the member workstation or server, and set the identity to a valid domain user.
  3. The following information appears in the security log:
    Reason: Unknown user name or bad password
    User Name: SomeUser
    Domain: SomeDomain
    Logon Type: 3
    Logon Process: NtLmSsp
    Workstation Name: SomeWorkstation
    In addition, a message box states that the user name and password are incorrect.


Article ID: 275482 - Last Review: October 21, 2013 - Revision: 1.0
  • Microsoft COM+ 1.0
kbnosurvey kbarchive kbbug kbfix kbsecurity kbsysadmin kbwin2000presp2fix KB275482

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from