The POST Method Does Not Work If You Are Using Kerberos Authentication (308074)


The information in this article applies to:

  • Microsoft Internet Explorer 5.5 for Windows 2000 SP 1
  • Microsoft Internet Explorer 5.5 for Windows 2000 SP 2
  • Microsoft Internet Explorer 5.01 for Windows 2000 SP 1
  • Microsoft Internet Explorer 5.01 for Windows 2000 SP 2
  • Microsoft Internet Explorer version 6 for Windows 2000
  • Microsoft Internet Explorer version 6 for Windows XP
This article was previously published under Q308074
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

If a Web page uses the POST method to post data to a Web server by using Kerberos (or Integrated Windows) authentication, the operation may not work.

WORKAROUND

To work around this problem in Microsoft Windows 2000, upgrade to Internet Explorer 6. Internet Explorer 6 for Windows 2000 does not respond to a negotiation challenge. Instead, it defaults to Windows NT Challenge/Response (NTLM) authentication. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

299838 Unable to Negotiate Kerberos Authentication After Upgrading to Internet Explorer 6

If you are experiencing this problem in Microsoft Windows XP, or if you are already running Internet Explorer 6 in Windows 2000, follow these steps to turn off Integrated Windows authentication:
  1. In Internet Explorer, click Internet Options on the Tools menu.
  2. On the Advanced tab, click to clear the Enable Integrated Windows Authentication (requires restart) check box under Security.
  3. Click OK, and then restart Internet Explorer.

Information for Administrators

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Administrators can disable Integrated Windows authentication by setting the EnableNegotiate DWORD value to 0 in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Note that Internet Explorer 6 for Windows 98, Internet Explorer 6 for Windows 98 Second Edition, Internet Explorer 6 for Windows Millennium Edition, and Internet Explorer 6 for Windows NT 4.0 do not respond to a negotiation challenge. By default, these versions of Internet Explorer use NTLM authentication, even if the Enable Integrated Windows Authentication (requires restart) check box is selected. This feature is not available in these versions of Windows.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about Integrated Windows authentication with Internet Information Services 5.0, click the following article number to view the article in the Microsoft Knowledge Base:

215383 How to configure IIS to support both the Kerberos protocol and the NTLM protocol for network authentication

Modification Type:MinorLast Reviewed:9/15/2006
Keywords:kbenv kbprb KB308074
©2004 Microsoft Corporation. All rights reserved.