Hello from Microsoft: KB3002657 breaks ntlmssp on Windows 2003
I consider it necessary to warn our community about the wonderful patch number KB3002657 , released by Microsoft as part of the March patch tuesday. After installation on CD, the ability to authenticate via NTLMSSP falls off tightly. Because of this, there are many curious side effects:
Solving the problem (by simplix ):
Computer Configuration >> Windows Settings >> Local Polices >> Security Options >> Network Security: LAN Manager authentication level -> Send LM & NTLM responses
Turning on the audit of everything and everything in the policy of domain controllers reveals the following errors:
')
After removing the KB3002657 update from all domain controllers, the problems were fixed.
- Does not allow on smb-balls by \\ ip, but \\ FQDN works
- Does not allow terminals through third-party rdp clients to Windows 7 \ 2008
- In Eventlog, nothing is fixed by default.
- Domain authentication in 1C and other services that are not able to kerberos falls off
- Authorization in the trusted domain is broken (reports the Ersh habrauzer )
Solving the problem (by simplix ):
Computer Configuration >> Windows Settings >> Local Polices >> Security Options >> Network Security: LAN Manager authentication level -> Send LM & NTLM responses
Turning on the audit of everything and everything in the policy of domain controllers reveals the following errors:
')
Type: Failure Audit, Code: 537
Login failed:
Reason: Error logging in
User: username
Domain: DOMAIN
Input Type: 3
Login process: NtLmSsp
Verification package: NTLM
Workstation: WORKSTATION
Status code: 0xC000006D
Substate code: 0x0
Caller's name: - Caller's domain: - Caller's login code: - Caller's process code: - Intermediate services: - Source network address: 10.1.0.44
Source Port: 0
After removing the KB3002657 update from all domain controllers, the problems were fixed.
Links from foreign comrades in misfortune:
Source: https://habr.com/ru/post/252875/
All Articles