Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot post data to a non-NTLM-authenticated Web site


View products that this article applies to.

Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry

↑ Back to the top


Symptoms

You cannot post any data to non-NTLM authenticated Web sites.

↑ Back to the top


Cause

This issue can occur after you visit an NTLM authenticated folder.

Note Microsoft Internet Explorer requires NTLM authentication for all visits after you visit one NTLM authenticated folder.

↑ Back to the top


Resolution

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue from the client side, use Registry Editor (Regedt32.exe) to add a value to the following registry key:
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/
Note The above registry key is one path; it has been wrapped for readability.

Add the following registry value:
Value Name: DisableNTLMPreAuth
Data Type: REG_DWORD
Value: 1
 

↑ Back to the top


More Information

NTLM Pre-authentication is an optimization, it allows Internet Explorer to send the initial NTLM handshake proactively if the same server has already challenged Internet Explorer for NTLM authentication in the present browsing session. NTLM Pre-authentication is performed in every new TCP connection established with the server.

When a POST request is being sent in a new TCP connection, Internet Explorer will perform NTLM Pre-authentication and exclude the POST request payload and content length, because they aren't required to complete NTLM authentication successfully. At this point, if the server doesn’t challenge Internet Explorer for authentication but instead expects the POST request payload to be delivered, the underlying web application may not work as expected.

When the server challenges Internet Explorer for authentication, disabling NTLM Pre-authentication won't affect the Internet Explorer’s ability to authenticate with NTLM.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: kb, kbbillprodsweep, kbprb, kbnetwork

↑ Back to the top

Article Info
Article ID : 251404
Revision : 7
Created on : 2/28/2020
Published on : 2/28/2020
Exists online : False
Views : 1171