Random "Internet Explorer Cannot display the Web page" on Windows 2008 server, IE 7 and Tomcat 6

> Travaglini, Joseph <Joseph.Travaglini <at> FMR.com> writes:
>
>>
>> Windows 2008 Server does not have an NTLMv1 implementation, whereas
>> JCIFS does not have support for NTLMv2.
>>
>> That is, you cannot use JCIFS with Windows 2008/Windows 7.
>>
>
>
>
> If it is issue with NTLMV2, why this error page is random. It should not
> work
> at all.
>
>
>

> Travaglini, Joseph <Joseph.Travaglini <at> FMR.com> writes:
>
>> Windows 2008 Server does not have an NTLMv1 implementation, whereas
>> JCIFS does not have support for NTLMv2.
>>
>> That is, you cannot use JCIFS with Windows 2008/Windows 7.
>>
>
>
>
> If it is issue with NTLMV2, why this error page is random. It should not work
> at all.
>
>
>

> Windows 2008 Server does not have an NTLMv1 implementation, whereas
> JCIFS does not have support for NTLMv2.
>
> That is, you cannot use JCIFS with Windows 2008/Windows 7.
>
> -----Original Message-----
> From: jcifs-bounces@...
> [mailto:jcifs-bounces@...] On Behalf Of pardesh
> Sent: Monday, November 02, 2009 10:18 AM
> To: jcifs@...
> Subject: [jcifs] Random "Internet Explorer Cannot display the Web page"
> onWindows 2008 server, IE 7 and Tomcat 6
>
> Hi,
>
> We are using JCIFS library (jcifs 1.2.19) for ntlm authentication. I can
>
> see "Internet Explorer Cannot display the Web page" error page randomly
> on
> Tomcat 6, IE 7, Windows 2008 server. There is no heavy traffic/requests
> as i
> was the only one accesing this server for testing.
>
> I can see the request is authenticated and redirected to the requested
> URL,
> where it is showing the error page. reload the page works.
>
> As this is random and occuring once for every 5 new authentcation
> requests.
>
> Our Earlier relaease is for windows xp, tomcat 5.5 and the same code for
>
> authentication used to work fine.
>
> Does anyone has any idea why it is behaving this way? Your
> thoughts/inputs are
> highly appreciated as it is my biggest issue now for moving to
> prodcution.
>
> Thanks,
> Pardesh
>
>
>
>
>
>
>
>
>
>

> Windows 2008 Server does not have an NTLMv1 implementation, whereas
> JCIFS does not have support for NTLMv2.
>
> That is, you cannot use JCIFS with Windows 2008/Windows 7.
>
> -----Original Message-----
> From: jcifs-bounces@...
> [mailto:jcifs-bounces@...] On Behalf Of pardesh
> Sent: Monday, November 02, 2009 10:18 AM
> To: jcifs@...
> Subject: [jcifs] Random "Internet Explorer Cannot display the Web

> as i
> was the only one accesing this server for testing.
>
> I can see the request is authenticated and redirected to the requested
> URL,
> where it is showing the error page. reload the page works.
>
> As this is random and occuring once for every 5 new authentcation
> requests.
>
> Our Earlier relaease is for windows xp, tomcat 5.5 and the same code

>
> authentication used to work fine.
>
> Does anyone has any idea why it is behaving this way? Your
> thoughts/inputs are
> highly appreciated as it is my biggest issue now for moving to
> prodcution.
>
> Thanks,
> Pardesh
>
>
>
>
>
>
>
>
>
>

> Windows 2008 Server does not have an NTLMv1 implementation, whereas
> JCIFS does not have support for NTLMv2.
>
> That is, you cannot use JCIFS with Windows 2008/Windows 7.
>
> -----Original Message-----
> From: jcifs-bounces@...
> [mailto:jcifs-bounces@...] On Behalf Of pardesh
> Sent: Monday, November 02, 2009 10:18 AM
> To: jcifs@...
> Subject: [jcifs] Random "Internet Explorer Cannot display the Web

> as i
> was the only one accesing this server for testing.
>
> I can see the request is authenticated and redirected to the requested
> URL,
> where it is showing the error page. reload the page works.
>
> As this is random and occuring once for every 5 new authentcation
> requests.
>
> Our Earlier relaease is for windows xp, tomcat 5.5 and the same code

>
> authentication used to work fine.
>
> Does anyone has any idea why it is behaving this way? Your
> thoughts/inputs are
> highly appreciated as it is my biggest issue now for moving to
> prodcution.
>
> Thanks,
> Pardesh
>
>
>
>
>
>
>
>
>
>

>
> Your response is totally false.
>
> All versions of Windows fully support both NTLMv1 and NTLMv2. Windows
> 2008 and Windows 7 just use NTLMv2 by default.
>
> JCIFS fully supports both NTLMv1 and NTLMv2 as a client. As a server
> it does not support NTLM or any other authentication protocol at all
> (although there is hack that allows it to validate NTLMv1 hashes as a
> server that is in the process of being removed from the JCIFS
> package).
>
> Mike

> Michael B Allen <ioplex <at> gmail.com> writes:
>
>>
>> Your response is totally false.
>>
>> All versions of Windows fully support both NTLMv1 and NTLMv2. Windows
>> 2008 and Windows 7 just use NTLMv2 by default.
>>
>> JCIFS fully supports both NTLMv1 and NTLMv2 as a client. As a server
>> it does not support NTLM or any other authentication protocol at all
>> (although there is hack that allows it to validate NTLMv1 hashes as a
>> server that is in the process of being removed from the JCIFS
>> package).
>>
>> Mike
>
> Mike,
>
> What might be the cause for this random error page? Is the transport socket
> being closed occasinally causing this issue?

> Michael B Allen <ioplex <at> gmail.com> writes:
>
>> Your response is totally false.
>>
>> All versions of Windows fully support both NTLMv1 and NTLMv2. Windows
>> 2008 and Windows 7 just use NTLMv2 by default.
>>
>> JCIFS fully supports both NTLMv1 and NTLMv2 as a client. As a server
>> it does not support NTLM or any other authentication protocol at all
>> (although there is hack that allows it to validate NTLMv1 hashes as a
>> server that is in the process of being removed from the JCIFS
>> package).
>>
>> Mike
>
> Mike,
>
> What might be the cause for this random error page? Is the transport socket
> being closed occasinally causing this issue?
>

> pardesh wrote:
>>
>> Michael B Allen <ioplex <at> gmail.com> writes:
>>
>>> Your response is totally false.
>>>
>>> All versions of Windows fully support both NTLMv1 and NTLMv2. Windows
>>> 2008 and Windows 7 just use NTLMv2 by default.
>>>
>>> JCIFS fully supports both NTLMv1 and NTLMv2 as a client. As a server
>>> it does not support NTLM or any other authentication protocol at all
>>> (although there is hack that allows it to validate NTLMv1 hashes as a
>>> server that is in the process of being removed from the JCIFS
>>> package).
>>>
>>> Mike
>>
>> Mike,
>>
>> What might be the cause for this random error page? Is the transport
>> socket being closed occasinally causing this issue?
>>
>
> Pardesh, and Joseph, and Venuganan (?),
>
> I am not the authority in this subject.  Michael is the authority.  But he
> is probably so tired of answering these same kinds of questions all the
> time, since a long time, that I am trying to help him out here.
>
> The point is :
>
> there is
>
> - the jCIFS package : that is a Java client package, which (as far as I
> understand it) allows one to write Java program that will talk to MS file
> servers etc.. through the SMB protocol, to share files, copy them etc... In
> the process, *as a client*, that package is also able to authenticate itself
> vis-a-vis these MS servers.
> That package works, is supported, continues to be developed, can be used
> with MS servers requiring all kinds of NTLM client authentication.
>
> and then there is (a very different thing)
>
> - a "hack" that existed at some point, which is a Java servlet filter called
> "jCIFS NTLM HTTP* something, which basically *is not developed and not
> supported anymore*.  That module, in limited circumstances and for NTLMv1
> authentication only, at some point in the past was kind of a solution which,
> for browsers accessing a webapp, was "faking" a MS authentication server,
> and allowed to retrieve the MS Domain user-id under which the browser's
> workstation was logged in, and pass it to Tomcat as a user-id.
>
> I have used that module myself in the past, up to the point about 2 years
> ago, when I started to experience some problems with it.
> The problems had to do with the fact that NTLMv2 is becoming the standard in
> Windows networks authentication, and that this servlet filter *does not
> support NTLMv2 and can not support it*.  It can not support it, because
> NTLMv2 was specifically designed to forbid the kind of "man in the middle"
> trick that this servlet filter used.
> (In other words, that servlet exploited a weakness of NTLMv1, which NTLMv2
> corrected.)
> All recent versions of Windows (workstations and servers) default to NTLMv2.
> So, if in your network there is one Vista station, or one Windows 2003 or
> higher domain controller, the default for them is to be set to accept only
> NTLMv2, and you will (occasionally or all the time) have problems with this
> servlet.  These problems will manifest themselves as failures to
> authenticate, broken connections or whatever.  But nobody is going to help
> analyse or fix these problems.
>
> So, you are welcome to keep losing your time with this servlet filter, and
> it may still work in some limited cases (like if you have only Windows XP
> stations and Win2K servers, and all are using NTLMv1), but in the end you
> will be faced with the fact that it does not work anymore nowadays in a
> general sense, and that nobody is going to fix it.
>
> So, my recommendation to all of you, is to look for some other software
> which does the same thing and works with NTLMv2.
> Jespa, indicated on the page, is one product that works.
>
> Jespa is free to test, and remains free for up to 25 domain users.
>
>