cancel
Showing results for 
Search instead for 
Did you mean: 

Cross-Domain NTLM Authentication returns 401

Occasional Visitor

Cross-Domain NTLM Authentication returns 401

This might be a specific issue and I will try to explain it as efficiently as possible.

 

We have a REST API service set up on IIS 10 on a Windows 2016 server registered in DOMAIN-1. The providers are set to use NTLM and Negotiate. If I set the Authorization in SOAPUI to use NTLM and the credentials of a domain user in DOMAIN-1, authentication works. However, if I use credentials of a user in DOMAIN-2, I get a 401.

 

The kicker is here: browsing to the endpoint using any browser works, as well as switching off Authorization from SOAPUI and configuring Burp Suite to act as a local proxy and NTLMv2 and DOMAIN-2 user credentials to connect to the endpoint. The problem seems specific to the NTLM auth method being used in SOAPUI, perhaps related to httpclient 4.1.1?

 

Finally, I have access to the server and examined event logs related to the success and failed logins. The failed logs have a substatus of "0xC000006A", possibly meaning "user name is correct but the password is wrong". It is for sure not a typo.

 

I also tried to examine the NTLM challenges and responses using wireshark but I cannot understand why only the DOMAIN-1 users are working using SOAPUI.

 

Pre-emptive auth is unchecked.

 

In my research I have seen some issues with httpclient 4.1.1 - could it be related to this?

Thanks.