On a MS Windows 2012 box, added Microsoft’s Telnet Service.
But unable to connect using Microsoft’s own Telnet Client.
The error message is displayed below.
#LABDOMAIN☻▬LABDOMAIN☺HRDB♦▲LABDOMAIN.com♥.HRDB.LABDOMAIN.com▲LABDOMAIN.co!s)rsPP☺ Access Denied: Specified user is not a member of TelnetClients group. Server administrator must add this user to the above group. Telnet Server has closed the connection Connection to host lost.
Add accounts to Local TelnetClients Group
net localgroup TelnetClients [ADAccount] /add
net localgroup TelnetClients LABDOMAIN\dadeniji /add
Review Local Group
Telnet Client – Error
Again when trying to connect using MS Telnet as in…
not prompted for username/password, as application relies on the current user’s context.
Already have Putty from http://www.putty.org/.
And, so launched it and used that instead.
Working Putty Session…
Microsoft – Telnet – Turn Off NTLM
By default the Microsoft Telnet Client Utility uses NTLM. Somehow it is not working for us.
BTW, again, NTLM again passes the current user’s security context.
To discourage that auto-authentication, we can disable NTLM and force the server to request explicit user credentials ( username & password).
Here are the steps:
- Start Telnet Session
- Disable NTLM
- Review NTLM
- Connect to Telnet Server
Start Telnet Session
Disable NTLM for the current session.
Authenticate by entering username & password
Thankfully, we connected.
Again once we added our AD Account to the Local TelnetClients group and opted for a Telnet client that allows us to specify user credentials we are good.
On our first successful connection, we used Putty.
On our second success, we went back and used MS Telnet, but disabled NTLM and opted to enter explicit user credentials.
It is possible that we are having problems with NTLM because Microsoft has been playing down NTLM for a while now.
It is being replaced with Kerberos, because NTLM is susceptible to replay attempts.