FIX: COM+ 1.0 Catalog Requires NTLM-based Authentication

This article was previously published under Q275482
This article has been archived. It is offered "as is" and will no longer be updated.
If NTLM-based authentication is disabled on the Domain Controller (for instance, to create a more secure environment on Microsoft Windows 2000 domains), you cannot set the identity of a COM+ application to a particular user.
The COM+ Catalog uses NTLM authentication to verify the user name and password that you specify to set the RunAs identity of a COM+ application.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

Steps to Reproduce Behavior:

  1. In the DC Group Policy editor, set the LAN Manager Authentication level to Send NTLMV2 response only \refuse LM and NTLM.
  2. Create a COM+ application on the member workstation or server, and set the identity to a valid domain user.
  3. The following information appears in the security log:
    Reason: Unknown user name or bad password
    User Name: SomeUser
    Domain: SomeDomain
    Logon Type: 3
    Logon Process: NtLmSsp
    Workstation Name: SomeWorkstation
    In addition, a message box states that the user name and password are incorrect.

Article ID: 275482 - Last Review: 10/21/2013 02:15:37 - Revision: 1.0

Microsoft COM+ 1.0

  • kbnosurvey kbarchive kbbug kbfix kbsecurity kbsysadmin kbwin2000presp2fix KB275482