1 Reply Latest reply: Jul 6, 2010 2:54 AM by 843810 RSS

    Java Client throws exception – while sending NTLMV2 Response from WIN7 to W

      We have written a Java client which connects to a webservices application using NTLM authentication against Windows 2008 R2 Server (using IIS7). This program works fine when running from Windows XP, Linux but failing when running from Windows 7.
      Error encountered is: java.io.IOException: Authentication failure.
      Here is what we have written to connect to HTTPS with credential using SSLContext as mentioned below.

      SSLContext sc = SSLContext.getInstance( "SSL" );
      sc.init( null, trustAllCerts, new java.security.SecureRandom() );
      HttpsURLConnection.setDefaultSSLSocketFactory( sc.getSocketFactory() );
      ( ( HttpsURLConnection )( m_oHttpURLConnection ) ).setHostnameVerifier( this );
      URL url = new URL("https://testsite...");
      HttpsURLConnection m_oHttpURLConnection = (HttpsURLConnection) url.openConnection();
      Following properties are set to HttpsURLConnection:
      RequestMethod : GET
      InstanceFollowRedirects : true
      AllowUserInteraction : true
      UseCaches : false
      DoOutput : true
      DoInput : true

      After setting all the above parameters the following code is used to set credentials data and connect to site

      Authenticator.setDefault(new MyAuthenticator ());


      After connection is successful request XML is sent to server and expecting a response from the server. So when the below line is called exception is thrown.


      Exception :
      java.io.IOException: Authentication failure
           at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1173)
           at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)
           at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
      After changing LAN Manager Authentication level setting of Windows 7 from “Send NTLMv2 response only” to “Send LM & NTLM – use NTLMv2 session security if negotiated”, application is working fine.
      Local Security Settings àSecurity SettingsàLocal Policies à Security Optionsà Network security: LAN Manager Authentication level
      By default in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only , Lowering the security level at the client end is bit risk and typically is not recommended.