Wyse Thin OS - NTLM authentication
We have an issue with our thin client logon's that appeared on Friday. Out Wyse C10LE's use NTLM authentication to connect to our Server 2k8 R2 RDS farm. This is configured using the wnos.ini file that is downloaded from a FTP server specified by DHCP option 161. All was fine until Friday when logins stopped working. Our environment was a Srv 2003 DC environment until the middle of last week when 2 new Srv 2008 R2 DC's were built and introduced on the NW. The 2003 DCs are still in situe for the time being. Having done a lot of reading up on this it would appear that MS have increased the security surrounding NTLM and have locked this down in 2008. I have set the following settings in the DC GPO to attempt to resolve this:
Network security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable Auditing for all accounts
Network security: Restrict NTLM: Audit Incoming NTLM Traffic = Enable All
Network security: Restrict NTLM: Incoming NTLM Traffic = Allow All
Network security: Restrict NTLM: NTLM authentication in this domain = Disable
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers = Allow All
I still have the issue with logons and for the time being have bypassed this method of athentication all together with users being presented with the Server login.
Does anyone have any suggestions how to resolve this? I am using WTOS V7 across the thin client base, but on my test unit have upgraded this to WTOS V7 MR1. I believe MR1 supports NLA kerboros authentication. Does anyone know how to configure this as an alternative?
Let me guess... Wyse has not resolved this issue for you and has no intentions to do so? I logged a case with them about a year ago as well and talked to a guy on the phone who was going to look into it and get it resolved. After a few weeks I logged into my Wyse account and noticed the ticket was closed with no explanation or resolution. It is making us rethink our next thin client purchase if Wyse support is going to be like that.