This discussion is archived
1 Reply Latest reply: Jul 6, 2010 12:54 AM by 843810 RSS

Java Client throws exception – while sending NTLMV2 Response from WIN7 to W

843810 Newbie
Currently Being Moderated
We have written a Java client which connects to a webservices application using NTLM authentication against Windows 2008 R2 Server (using IIS7). This program works fine when running from Windows XP, Linux but failing when running from Windows 7.
Error encountered is: java.io.IOException: Authentication failure.
Here is what we have written to connect to HTTPS with credential using SSLContext as mentioned below.

SSLContext sc = SSLContext.getInstance( "SSL" );
sc.init( null, trustAllCerts, new java.security.SecureRandom() );
HttpsURLConnection.setDefaultSSLSocketFactory( sc.getSocketFactory() );
( ( HttpsURLConnection )( m_oHttpURLConnection ) ).setHostnameVerifier( this );
URL url = new URL("https://testsite...");
HttpsURLConnection m_oHttpURLConnection = (HttpsURLConnection) url.openConnection();
Following properties are set to HttpsURLConnection:
RequestMethod : GET
InstanceFollowRedirects : true
AllowUserInteraction : true
UseCaches : false
DoOutput : true
DoInput : true

After setting all the above parameters the following code is used to set credentials data and connect to site

Authenticator.setDefault(new MyAuthenticator ());

m_oHttpURLConnection.connect();

After connection is successful request XML is sent to server and expecting a response from the server. So when the below line is called exception is thrown.

m_oHttpURLConnection.getResponseCode();

Exception :
java.io.IOException: Authentication failure
     at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1173)
     at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
After changing LAN Manager Authentication level setting of Windows 7 from “Send NTLMv2 response only” to “Send LM & NTLM – use NTLMv2 session security if negotiated”, application is working fine.
Local Security Settings àSecurity SettingsàLocal Policies à Security Optionsà Network security: LAN Manager Authentication level
By default in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send NTLMv2 response only , Lowering the security level at the client end is bit risk and typically is not recommended.