[jcifs] JCIFS authentication: errorCode=The parameter is incorrect.

André Warnier aw at ice-sa.com
Mon Sep 20 12:31:36 MDT 2010 

mbeedell wrote:
> I am using jCifs HTTP authentication module.  It has been working OK in the
> target environment for some time.  The jCIFS version was 1.2.1.
> 
...
> 
> Users connect from a Windows Server 2007 Enterprise Terminal Server user
> instance with Internet Explorer 8.  The web site has been specified as a
> Trusted Site.  Nothing has changed on the Terminal Servers or domain
> controller.
> 
> A user on a Windows 2003 Server, interestingly, performs SSO without issue.
> 
Hi.

I respond to this as a former user of the JCIFS HTTP filter, having since switched to 
Jespa.  I am not one of the jCIFS developers.

First, I believe that you should read the blue message that is at the top of the jCIFS 
HTTP filter page.  I believe that this message has been there for several years, yet there 
are constantly people keeping asking the same questions.  As a result, the original 
developers of that filter are so tired of answering the same questions ever again, that 
they mostly just ignore them nowadays.

Personally, I believe that your problem originates in what you write above : the win2007 
servers, by defaut, will require user workstations to use the NTLMv2 authentication 
mechanism, which the jCIFS HTTP filter does not, and cannot support.
The users on the win2003 servers still do fine, because in that case, the server only 
requires NTLMv1.

NTLMv2 has been the default for all Windows servers and workstations for a while now, and 
newer versions will probably *only* support NTLMv2.

So basically, you do not have a choice: the jCIFS HTTP filter will not work anymore in an 
increasing number of cases, and it will never be upgraded to work with NTLMv2.
What you decide to switch to, as an authentication method, is up to you.  There are 
probably other solutions available than Jespa.
But if you have used the jCIFS filter so far, Jespa is an almost plugin replacement.
As a user, I can tell you that for my corporate customers, it works flawlessly.

Anyway, take this as friendly advice : do not spend more time looking for a solution with 
the jCIFS HTTP filter, because in reality there isn't any.  The earlier you accept this 
and find another mechanism, the less time you will lose in the end.

More information about the jCIFS mailing list