Sie sehen die Flagge von Österreich


Sie sehen die Flagge von Deutschland


Sie sehen die Flagge der Schweiz


Sie sehen die Flagge von Ungarn


Sie sehen die Flagge der Slowakei


Sie sehen die Flagge von Tschechien


Sie sehen die englische Flagge


Sie sehen die englische Flagge EN

Setting up BMD Web Windows Authentication

In BMD NTCS, the BMD NTCS users must be linked to their respective operating system user and single login must be activated: 


The web server has to be in the domain. 

In case that the web server is separated by a DMZ firewall, the following ports to the domain controllers need to be enabled:  

  • 88 TCP/UDP – Kerberos
  • 389 TCP/UDP – LDAP 
  • 636 TCP – LDAP SSL
  • 135 TCP – RPC Endpoint Mapper
  • 53 TCP/UDP – DNS
  • 123 TCP/UDP – NTP 
  • 445 TCP/UDP – CIFS/SMB
  • 3268 TCP – LDAP Global Catalog
  • 3269 TCP – LDAP Global Catalog SSL
  • 49152 -65535/TCP - RPC dynamic High Ports (LSA, SAM, Netlogon, FRS)


Please refer to: 

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
    DCTcpipPort (REG_DWORD) 
    Value data: 49256 (This value needs to be specified in decimal format)
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
    Value data: 49257 (This value needs to be specified in decimal format)

Subsequently, we assume that the BMD Web application is already fully set up and operating smoothly. 


Please refer to:


Via server manager:

Manage - Add roles and Features - Web Server (IIS) - Role Services - Security - Windows Authentication


In the IIS Manager in the application under Authentication


Disable anonymous authentication

Enable Windows authentication


After logging out of a BMD Web session, you are immediately linked back to the login page. If Windows authentication is enabled, the mechanism will log you back in immediately. 



There is a new parameter in the BMD Web settings where you can enter a logout URL in order to avoid this issue. 


  • Internet Explorer and Edge should now already work "out of the box". 
  • For Firefox, you have to search for "network.automatic" in about:config. 
    Either add the respective URL to "network.automatic-ntlm-auth.trusted-uris" or set "network.automatic-ntlm-auth.allow-non-fqdn" to true and do not fill in "network.automatic-ntlm-auth.trusted-uris".
  • Chrome (and its branches like Opera & Vivaldi) access the IE settings. 
    In case that it still does not work in Chrome, you may have to remove the "Negotiate" provider. 


  • In Edge and Firefox, Windows authentication does not work in private mode. 
    However, in Internet Explorer and Chrome it does. 
  • If the client, from which the web page is launched, is not part of the domain, a query window opens demanding user + password. 
    → After entering the domain credentials you are permitted access. 


In case that the system does not assign the URL to BMD Web correctly, please proceed as follows:


  • Add the URL of BMD Web to "Trusted sites" in Internet Explorer.
  • Set user authentication to "Automatic logon with current user name and password".



Setting Up BMD Web Applications

BMD Systemhaus GesmbH

Sierninger Straße 190

A-4400 Steyr

+43 50 883 or 0043 7252 883

Follow us

Follow us on Facebook
Follow us on Xing
Follow us on LinkedIn
Follow us on YouTube
Follow us on Kununu
Follow us on Instagram