IMPORTANT: This article contains information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you understand how to restore
the registry if a problem occurs. For information about how to back up, restore, and edit the
registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
WORKAROUND
To work around this problem in Microsoft Windows 2000, upgrade to Internet Explorer 6. Internet Explorer 6 for Windows 2000 does not respond to a negotiation challenge. Instead, it defaults to Windows NT Challenge/Response (NTLM) authentication. For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
299838 Unable to Negotiate Kerberos Authentication After Upgrading to Internet Explorer 6
If you are experiencing this problem in Microsoft Windows XP, or if you are already running Internet Explorer 6 in Windows 2000, follow these steps to turn off Integrated Windows authentication:
- In Internet Explorer, click Internet Options on the Tools menu.
- On the Advanced tab, click to clear the Enable Integrated Windows Authentication (requires restart) check box under Security.
- Click OK, and then restart Internet Explorer.
Information for Administrators
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk.
Administrators can disable Integrated Windows authentication by setting the
EnableNegotiate DWORD value to 0 in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Note that Internet Explorer 6 for Windows 98, Internet Explorer 6 for Windows 98 Second Edition, Internet Explorer 6 for Windows Millennium Edition, and Internet Explorer 6 for Windows NT 4.0 do not respond to a negotiation challenge. By default, these versions of Internet Explorer use NTLM authentication, even if the
Enable Integrated Windows Authentication (requires restart) check box is selected. This feature is not available in these versions of Windows.