Thursday, February 14, 2008

IE NT NTML Auto-Authentication

I ran into a problem where my personal computer seemed to be triggering a 3-password failure lockout on a client's domain. I was locked out probably 20 times in a 3 - day period. Honestly, I am not that idiotic to type in a password incorrectly 60 times!

It took me awhile to track it down to my personal laptop, but eventually I shut it down for awhile and had no problems. Almost as soon as I started it back up, I was getting locked out.

I had cleared out all mapped drives and all of the Client's printers from my computer. The issue occurred even though I was not trying to log onto any of the domain server. It appeared that all I had to do was start Internet Explorer.

It is sort of weird, because I have been at the client for a long time and never had this problem (at least to this extent). I also had not changed my password on the domain for several weeks.

So, after seeming to track it down to IE, I decided to try to clear out my NTML passwords.

Unfortunately, how to do this is not very well documented and it was sort of hard to find even on the Internet. A bunch of people gave really stupid ways to trick IE into acting like and individual password was cleared out, but certainly not how to just blow them all away.

Finally, I found that where this information is stored is an encrypted text file located in a folder in:

C:\Documents and Settings\Eric Shepard\Application Data\Microsoft\Credentials

I deleted the folders in the Credential folder.

I do not know how the whole challenge / response works for IE's NTML Auto-Autentication, but it appears that my encrypted file must have been corrupted in such a way that IE was trying to logon to the Domain at least times with an incorrect password before passing the prompt back to me.

Deleting the text file seems to have fixed my problem. At least I hope so. I thought I had it nailed several times over the past few days.

So, if you are ever having a similar problem, be my guest to try this same method.

No comments:

Post a Comment