The excellent article over at Oakland Software discusses the number of troubles one has trying to authenticate with NTLMv2, especially when the setting “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers“ is applied on the server.

As the article cites, commons-httpclient does not support NLTMv2. On HTTPCLIENT-579, a contributor names Konstantin supplied an LGPL patch for negotitating NTLMv2. Unfortunately the patch didn’t seem to work with the “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers“ setting. I’ve submitted a path for Konstantin’s work that provides such support. If this is of interest to you, checkout the bug above, and my patch. Keep in mind it’s obviously bound under the same licence as Konstantin’s work.