Problem with NTLM2 on multihomed host

I have set in Local Security Policy:
"Set NTLM2 response only/refuse LM & NTLM" on my all machines.
All machines are stand-alone, no active directory domain,
and no old NT (or samba server) domain exist.

Never I have problem to connect two machines where every machine has one
network card.
Problem is to connect with this NTLM2 setting to multihomed host with two
network cards.
After entering right Hostname\User + password in network logon dialog,
multihomed host denies it,
there is displayed message that username+password are not valid.

In opposite direction (SMB connection from multihomed host -> host with one
network card) is all OK.

Amazing is that if on both machines I allow NetBios then connection to
multihomed host is OK.

It seems that "Set NTLM2 response only/refuse LM & NTLM" is not usable for
connection to multihomed hosts,
but allowing NetBios is not good for security reasons.

I had tried connections from WXP(one network card) -> W2K3 (two network
cards),
also vice versa and also W2K3(one card) -> W2K3 (two network cards)

result was the same.

Is any way to solve this problem ?

Is SP1 or newer installed ? There is a similar problem in SP1 fix-list.
What happens when you write IP Address of the other computer in UNC path and
logon.



"Peter Skvarka" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have set in Local Security Policy:
> "Set NTLM2 response only/refuse LM & NTLM" on my all machines.
> All machines are stand-alone, no active directory domain,
> and no old NT (or samba server) domain exist.
>
> Never I have problem to connect two machines where every machine has one
> network card.
> Problem is to connect with this NTLM2 setting to multihomed host with two
> network cards.
> After entering right Hostname\User + password in network logon dialog,
> multihomed host denies it,
> there is displayed message that username+password are not valid.
>
> In opposite direction (SMB connection from multihomed host -> host with
> one network card) is all OK.
>
> Amazing is that if on both machines I allow NetBios then connection to
> multihomed host is OK.
>
> It seems that "Set NTLM2 response only/refuse LM & NTLM" is not usable for
> connection to multihomed hosts,
> but allowing NetBios is not good for security reasons.
>
> I had tried connections from WXP(one network card) -> W2K3 (two network
> cards),
> also vice versa and also W2K3(one card) -> W2K3 (two network cards)
>
> result was the same.
>
> Is any way to solve this problem ?
>
>

When I try to logon from single homed to multihomed host by this way:

10.0.0.1\username
******

it wrotes:
"Logon unsuccessful
Windows is unable to logon.
Be sure that your user name and
password are correct"

.... I am 100% sure that yes :-)

and in command prompt:

c:\bat>net use \\10.0.0.1\share /user:10.0.0.1\username
The password or user name is invalid for \\10.0.0.1\share.

Enter the password for '10.0.0.1\programmer' to connect to '10.0.0.1':
System error 1326 has occurred.

Logon failure: unknown user name or bad password.
----
In this case client was W2K3+SP1 (one network card)
server was WXP+SP2 (two network cards)
On both machies is set NTLM2 and refues LM/NTLM and on both is
also switched off NetBIOS in TCP/IP->advanced->WINS properties->disable
NetBIOS.
SMB connections in opposite direction (WXP->W2K3) are OK.

Peter


"Osman SHENER" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Is SP1 or newer installed ? There is a similar problem in SP1 fix-list.
> What happens when you write IP Address of the other computer in UNC path
> and logon.
>
>
>
> "Peter Skvarka" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I have set in Local Security Policy:
>> "Set NTLM2 response only/refuse LM & NTLM" on my all machines.
>> All machines are stand-alone, no active directory domain,
>> and no old NT (or samba server) domain exist.
>>
>> Never I have problem to connect two machines where every machine has one
>> network card.
>> Problem is to connect with this NTLM2 setting to multihomed host with two
>> network cards.
>> After entering right Hostname\User + password in network logon dialog,
>> multihomed host denies it,
>> there is displayed message that username+password are not valid.
>>
>> In opposite direction (SMB connection from multihomed host -> host with
>> one network card) is all OK.
>>
>> Amazing is that if on both machines I allow NetBios then connection to
>> multihomed host is OK.
>>
>> It seems that "Set NTLM2 response only/refuse LM & NTLM" is not usable
>> for connection to multihomed hosts,
>> but allowing NetBios is not good for security reasons.
>>
>> I had tried connections from WXP(one network card) -> W2K3 (two network
>> cards),
>> also vice versa and also W2K3(one card) -> W2K3 (two network cards)
>>
>> result was the same.
>>
>> Is any way to solve this problem ?
>>
>>
>
>