March 2015 Patch Tuesday included a number of updates from Microsoft. Unfortunately, it also included the following…
Who needs authentication to work, anyway?
The servers on my network installed this update last Saturday night, and I spent several hours the next day trying to figure out what was going on. First, I started getting complaints from a few remote users that they were getting password prompts in Outlook. I then discovered that I couldn’t log in to our Exchange server from my Windows 7 PC (I eventually was able to by logging in remotely to our DC, then using Remote Desktop from there to get into it). More problems started popping up: no one could get into our custom-built intranet website hosted on IIS6. Again, a password prompt – but even correct credentials didn’t work. I also discovered that logging in using NETBIOS domain name was failling (ie. DOMAINNAME\username didn’t work, whereas username@domainname did). Strangely enough, Windows XP clients didn’t really seem to be having issues, but our Windows 7 clients were.
This made for an interesting Monday morning, needless to say. Knowing that this was likely an issue with a recent update, I did a little research and soon came across the culprit – KB3002657.
UPDATE March 17, 2015 – Microsoft has re-released this update and fixed the issues with authentication. They recommend installing this patch on Windows 2003 servers whether the previous update is installed or not.
Previously Recommended Fixes
Uninstall it from all your servers, and block it from re-installing on WSUS if you are using that.
As well, some people have mentioned that performing the following steps can also resolve the issue (but I just chose the easier route – uninstall)…
Modify the following GPO and apply to all your computers:
Computer Configuration > Windows Settings > Local Polices > Security Options > Network Security: LAN Manager authentication level
Set to “Send LM & NTLM responses”