Unable to negotiate Kerberos authentication after upgrading to Internet Explorer 6 (299838)
The information in this article applies to:
- Microsoft Internet Explorer 6.0, when used with:
- the operating system: Microsoft Windows 2000
This article was previously published under Q299838 SYMPTOMS
After you upgrade to Internet Explorer 6 or Internet Explorer 6 Service Pack 1 (SP1), Internet Explorer cannot negotiate Kerberos authentication with a Web server that supports Kerberos (for example, Microsoft Internet Information Services version 5.0).CAUSE
This issue can occur because Internet Explorer 6 or later for Windows 2000 does not respond to a negotiate challenge and defaults to NTLM, or Windows NT Challenge/Response, authentication by default.RESOLUTION
To resolve this issue, enable Internet Explorer 6 to respond to a negotiate challenge and perform Kerberos authentication: - In Internet Explorer, click Internet Options on the Tools menu.
- Click the Advanced tab, click to select the Enable Integrated Windows Authentication (requires restart) check box in the Security section, and then click OK.
- Restart Internet Explorer.
Administrators can enable Integrated Windows Authentication by setting the EnableNegotiate DWORD value to 1 in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings Note Internet Explorer 6, when used with Microsoft Windows 98, Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition, and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and default to NTLM (or Windows NT Challenge/Response) authentication even if the Enable Integrated Windows Authentication (requires restart) check box is selected because Kerberos authentication is not available on these operating systems. STATUSThis behavior is by design.
Modification Type: | Minor | Last Reviewed: | 9/15/2006 |
---|
Keywords: | kbinterop kbnetwork kbprb KB299838 |
---|
|