MS Windows Telnet Client Not able to connect to Telnet Server

Background

On a MS Windows 2012 box, added Microsoft’s Telnet Service.

But unable to connect using Microsoft’s own Telnet Client.

 

Error Message

The error message is displayed below.

Image

AccessDenied

Textual


#LABDOMAIN☻▬LABDOMAIN☺HRDB♦▲LABDOMAIN.com♥.HRDB.LABDOMAIN.com▲LABDOMAIN.co!s)rsPP☺
Access Denied: Specified user is not a member of TelnetClients group.
Server administrator must add this user to the above group.

Telnet Server has closed the connection

Connection to host lost.

Corrective Action

Add accounts to Local TelnetClients Group

Command Line

Syntax


net localgroup TelnetClients [ADAccount] /add

Sample


net localgroup TelnetClients LABDOMAIN\dadeniji /add

 

Review Local Group

Computer Management

ComputerManagement

 

Command Line

NetLocalGroupTelnetClients

Telnet Client – Error

Again when trying to connect using MS Telnet as in…


telnet localhost

not prompted for username/password, as application relies on the current user’s context.

Workaround

Putty

Already have Putty from http://www.putty.org/.

And, so launched it and used that instead.

putty

 

Putty Session

Working Putty Session…

PuttySession

Microsoft – Telnet – Turn Off NTLM

By default the Microsoft Telnet Client Utility uses NTLM.  Somehow it is not working for us.

BTW, again, NTLM again passes the current user’s security context.

To discourage that auto-authentication, we can disable NTLM and force the server to request explicit user credentials ( username & password).

Here are the steps:

  1. Start Telnet Session
  2. Disable NTLM
  3. Review NTLM
  4. Connect to Telnet Server

Start Telnet Session


telnet.client

 

Unset NTLM

Disable NTLM for the current session.


unset NTLM

Output:
unsetNTLM

Review NTLM


display

Output:
DisplayTelnetSessionSettings

Connect


connect telnet-server


Authenticate

Authenticate by entering username & password

TelnetLogin

Connected

Thankfully, we connected.

TelnetSessionConnected

Summary

Again once we added our AD Account to the Local TelnetClients group and opted for a Telnet client that allows us to specify user credentials we are good.

On our first successful connection, we used Putty.

On our second success, we went back and used MS Telnet, but disabled NTLM and opted to enter explicit user credentials.

 

Later Work

It is possible that we are having problems with NTLM because Microsoft has been playing down NTLM for a while now.

It is being replaced with Kerberos, because NTLM is susceptible to replay attempts.

 

References

  1. Grant Access to a Telnet Server
  2. Error Message: Access Denied – Specified user is not a member of the TelnetClients group
  3. Telnet Client Command Reference

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s