IWA NTLM authentication after upgrading WinXP to SP3

Solutions ID:    KB4766
Version:    1.0
Status:    Published
Published date:    11/23/2011

Problem Description

Sometimes, after upgrading to SP3, the OS is not able to pass properly the security challenge using NTLMv2. , while Vista and Win7 have no problem.

Looking into PCAP it confirms we are in this case


Take a packet capture of the authentication stream and check if you are in this case.

Please use this external link if you need help how to use WireShark to check this


If you are in this case, in order to force the NTLMv2 protocol, you can configure manually the client configuration to force it:

Note: Windows 7 and Vista default to using NTLMv2 authentication.


To use the local security settings to force Windows XP and 2000 to use NTLMv2:

1.       Open the Local Security Policy console, using one of the following methods:

o    From the Control Panel, through Administrative Tools:

1.       From the Start menu, select Control Panel (Windows XP default view) or Settings and then Control Panel (Windows 2000 or 2003, or Windows XP Classic View).

2.       Double-click Administrative Tools, and then Local Security Policy.


o    Through the Run dialog box:

1.       From the Start menu, select Run... .

2.       In the Open...  field, enter: secpol.msc

3.       Click OK.

The Local Security Policy console will appear.

2.       Find "Network Security: LAN Manager authentication level", which is located in Security Settings, Local Policies, Security Options.

3.       Set the LAN Manager authentication level to NTLMv2 response only/refuse LM and NTLM.


or you can change the server settings, following the Microsoft KB:

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question