locked
Authentication problem for mounting a shared folder with no clock on client. RRS feed

  • Question

  • We have a Windows CE device (our own) that connects to network shares, but des not have a Real-Time Clock. We have had a problem connecting to shares on some XPSP3 and Windows Server 2003 systems, but not on Windows 7 or Windows Server 2008 systems. Using Wireshark, we determines that in the NTLMv2 SSP Authentication exchange, the Win7 systems are not sending the timestamp in the challenge, but Win7 is.

    Is there a way to configure whether these XP systems send the timestamp or not?  Or a means to ignore the time discrepency between client and server?


    Robert Lloyd Cognex Corporation

    Robert Lloyd Cognex Corporation
    Wednesday, October 12, 2011 8:13 PM

All replies

  • What do you mean no real-time clock ? no clock time settings on that CE device ?

    I don’t think the timestamp could be ignored during the NTLM authentication process.

    Maybe you can try to force to use NTLMv1 protocol on these XP and 2008 hosts by modifying the value of register value “LmCompatibilityLevel  ” under path “HKLM\SYSTEM\CurrentControlSet\Control\Lsa”

     

    http://technet.microsoft.com/en-us/library/cc960646.aspx

    Thursday, October 13, 2011 7:17 AM
  • Thanks for responding.

    1) Our CE device has no hardware clock, so when it powers up, internally it is still 2007.  We don't use the desktop - we have our own custom UI which doesn't ever expose the clock, so this was never an issue before.

    2) We've tried to use the LmCompatibilityLevel setting - this mainly relates to XP as a client - as a server it will respond in the negotiated protocol, which, with CE 5.0 with all the latest patches, is NTLMv2.


    Robert Lloyd Cognex Corporation

    Thursday, October 13, 2011 3:28 PM