Hello from Microsoft: KB3002657 breaks ntlmssp on Windows 2003

    I consider it necessary to warn our community about a wonderful patch number KB3002657 , released by Microsoft as part of the March patch patch. After installation on CD, the ability to authenticate through NTLMSSP falls off tightly. Because of this, there are many interesting side effects:
    • It doesn’t start on smb balls over \\ ip, but \\ FQDN works
    • Does not start terminals on Windows 7 \ 2008 through third-party rdp clients
    • Eventlog does not commit anything by default
    • Domain authentication in 1C and other services that do not know how to Kerberos falls off
    • Authorization in the trusted domain has broken (reports the Ersh habrayuzer )


    Solution (by simplix ):
    Computer Configuration >> Windows Settings >> Local Polices >> Security Options >> Network Security: LAN Manager authentication level -> Send LM & NTLM responses


    Enabling audit of everything and everything in the domain controller policy reveals the following errors:

    Type: failure audit, Code: 537
    Login failure:
    Reason: Login error
    User: username
    Domain: DOMAIN
    Login type: 3
    Login process: NtLmSsp Verification
    package: NTLM
    Workstation: WORKSTATION
    Status code: 0xC000006D Substitution
    code: 0x0
    Caller name user: - Caller's domain: - Caller login code: - Caller process code: - Intermediate services: - Source network address: 10.1.0.44 Source
    port: 0


    After removing KB3002657 from all domain controllers, the problems were resolved.

    Links from foreign mates in misfortune:



    Also popular now: