Friday, December 4, 2009

Vista-XP File and Printer Sharing Compatibility

If you have recently installed window 7 or windows vista, you might have a networking problem with your previous windows servers. Here is the problem that I have.

I have a window XP running as a server at home, with password protected login capability. Everything works fines until I upgrade one of my systems to Window 7 (you might see the same problem if you are running Windows Vista). Then, I cannot logon to this XP server. It said the username/password is incorrect. The cause is the default networking of Windows 7 and Windows Vista do not work well with Windows XP. More specifically, it is the problem of what Microsoft called NTLM.

Standing for NT LAN Manager, NTLM is a Microsoft authentication protocol. It is used to verify who you are when you logon to a Microsoft-based machine. Various versions of NTLM are used as follows:


Window NT Challenge/Response (NTLM version 1 or NTLM 1)

Windows NT

LAN Manager (LM) Challenge Response:

Windows 95, 98, and 98SE

NTLM 2

Windows NT since SP4, Windows 2000, or later


Now that we know the cause of the problem. Let's fix it. Clearly, the solution is to activate NTLMv2. This is done by changing registry.

Solution: You will need to do to Here are the steps:
1. Start Registry Editor (Regedit.exe).
2. Look for the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
3. On the Edit menu, click Add Value, and then add the following registry value
  • Value Name: LMCompatibility
  • Data Type: REG_DWORD
  • Value: 1 (for client; e.g., Vista or 7), 3 (for server; e.g., XP)
  • The description of the meaning of the values are given at the end of the post (read it if you are interested).
  • Note: A client machine is the one you are using. You are using this computer to logon to the server. The value must be set to 1. As for the server, you can set the value to be either 1 or 3.
4. Quit Registry Editor.

Meaning of the value for LMCompatibility. Client refers to your client computer, while domain controller refers to your server.
  • Level 0 - Send LM and NTLM response; never use NTLM 2 session security.
  • Level 1 - Use NTLM 2 session security if negotiated.
  • Level 2 - Send NTLM response only.
  • Level 3 - Send NTLM 2 response only.
  • Level 4 - Domain controllers refuse LM responses.
  • Level 5 - Domain controllers refuse LM and NTLM responses (accept only NTLM 2).
To read more visit:
[1] "How to enable NTLM 2 authentication", Microsoft Knowledge Base Article 239869, http://support.microsoft.com/kb/239869
[2] "NTLM", Wikipedia, http://en.wikipedia.org/wiki/NTL