This article was previously published under Q275482
This article has been archived. It is offered "as is" and will no longer be updated.
If NTLM-based authentication is disabled on the Domain Controller (for instance, to create a more secure environment on Microsoft Windows 2000 domains), you cannot set the identity of a COM+ application to a particular user.
The COM+ Catalog uses NTLM authentication to verify the user name and password that you specify to set the RunAs identity of a COM+ application.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.
Steps to Reproduce Behavior:
In the DC Group Policy editor, set the LAN Manager Authentication level to Send NTLMV2 response only \refuse LM and NTLM.
Create a COM+ application on the member workstation or server, and set the identity to a valid domain user.
The following information appears in the security log:
Reason: Unknown user name or bad password User Name: SomeUser Domain: SomeDomain Logon Type: 3 Logon Process: NtLmSsp Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: SomeWorkstation
In addition, a message box states that the user name and password are incorrect.